0

Hi,
I have 4 computers networked using a Netgear router. My ISP is Verizon DSL. Three of the computers are XP, but the one I use for work is Windows 98. I use VPN and my company prefers we use a non-XP machine for security reasons. Well, all was fine until Friday night. I cannot get a browser to run - I usually use Netscape 7.2, but also have IE. However, I can still run Yahoo IM, and get to shared directories on other machines in my house. I cannot download updates for NAV, Adaware, Spybot, etc. I suspected my browser was hijacked, so I opened the hosts file. But, it did not exist. There was a file called hosts.sam which didn't have anything suspicious in it. The only other thing I notice is that my machine is now extremely sluggish. Even printing out my hijackthis.log file took a few minutes. This is seriously upsetting my long week-end plans. :( Any advice or recommendations are appreciated. Below is my hijackthis log. Note: This is not the same machine that I posted about a couple days ago - that is my friend's. Thanks again, -Mattisjo

Logfile of HijackThis v1.99.1
Scan saved at 1:30:49 PM, on 5/29/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\DEFWATCH.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\RTVSCN95.EXE
D:\PROGRAM FILES\SYMANTEC_DESKTOP_FIREWALL\NISSERV.EXE
D:\PROGRAM FILES\SYMANTEC_DESKTOP_FIREWALL\IAMAPP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\SYSTEM\ATIPTAXX.EXE
C:\WINDOWS\SYSTEM\HPHA1MON.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MUSICMATCH\MUSICMATCH JUKEBOX\MM_TRAY.EXE
C:\PROGRAM FILES\COMMON FILES\ADAPTEC SHARED\CREATECD\CREATECD50.EXE
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WND.EXE
C:\WINDOWS\SYSTEM\LVCOMS.EXE
C:\PROGRAM FILES\NETZIP CLASSIC\NZFPROP.EXE
C:\WINDOWS\SYSTEM\HPHIPM07.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\VPTRAY.EXE
D:\PROGRAM FILES\HEWLETT-PACKARD\HP SHARE-TO-WEB\HPGS2WNF.EXE
C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE
D:\PROGRAM FILES\LINKSYS\WMP11 CONFIG UTILITY\WMP11CFG.EXE
D:\PROGRAM FILES\SONY\SONYTRAY.EXE
D:\SMARTDSK\FLASH\SDSTAT.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\WUCRTUPD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HJT\HIJACKTHIS.EXE

F1 - win.ini: run=hpfsched
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [WinampAgent] "C:\PROGRAM FILES\WINAMP\WINAMPa.exe"
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [HPHA1MON] C:\WINDOWS\SYSTEM\HPHA1MON.EXE
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
O4 - HKLM\..\Run: [NetZIPFolders] C:\Program Files\Netzip Classic\nzfprop.exe /startup
O4 - HKLM\..\Run: [mdac_runonce] C:\WINDOWS\SYSTEM\runonce.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [vptray] C:\Program Files\Norton AntiVirus\vptray.exe
O4 - HKLM\..\RunServices: [defwatch] C:\Program Files\Norton AntiVirus\defwatch.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKLM\..\RunServices: [rtvscn95] C:\Program Files\Norton AntiVirus\rtvscn95.exe
O4 - HKCU\..\Run: [ATI Launchpad] "C:\PROGRAM FILES\ATI MULTIMEDIA\MAIN\LAUNCHPD.EXE"
O4 - Startup: Wireless PCI Card Configuration Utility.lnk = D:\Program Files\Linksys\WMP11 Config Utility\WMP11Cfg.exe
O4 - Startup: Image Transfer.lnk = D:\Program Files\Sony\SonyTray.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: FlashPath Monitor.lnk = D:\SMARTDSK\FLASH\sdstat.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZN
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {C68F9105-04FD-4B48-B6CC-2A076F711C35} (HpodPCFileCtrl2 Class) - file://E:\MEMDISC\ALBUM_A\VIEW\PLUGIN\HPODPCFC.CAB

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by DMR
0

I use VPN and my company prefers we use a non-XP machine for security reasons.

For security reasons they want you to use Windows 98?? Now there's a twist... :eek:

I cannot get a browser to run... However, I can still run Yahoo IM, and get to shared directories on other machines in my house.

All three of those functions utilize different ports and protocols, so it's quite possible for one to be "broken" but not the others. However, the fact that you can browse your LAN and use IM means that your network/Internet connectivity isn't totally b0rked.

I cannot download updates for NAV, Adaware, Spybot, etc. I suspected my browser was hijacked, so I opened the hosts file. But, it did not exist. There was a file called hosts.sam

Good thought on your part, but no, Windows 98 does not, by default, have a hosts file. The ".sam" in the hosts.sam filename is short for "sample"; the file is an example/template that you can use to make your own hosts file.

... my machine is now extremely sluggish... Below is my hijackthis log.

I see no indication of malicious infections in that log.

- What exact errors do you experience when you try to browse web sites?

- Can you reach any websites in your browsers?

- You are running a Symantec firewall program. Before doing any other troubleshooting, you need to disable the firewall completely to eliminate the possiblility that the fualt lies with that program.

- Had you downloaded/installed any software or software updates around the time this first occurred?

- You are using a Linksys wireless card in that computer. Have you tried networking the computer to the router via a (wired) Ethernet cable?

0

Hi,
My problem is solved! :)

- You are running a Symantec firewall program. Before doing any other troubleshooting, you need to disable the firewall completely to eliminate the possiblility that the fault lies with that program.

The firewall was the problem. It must've been in a wedged state though,
because I had checked it a couple times, and it appeared to be disabled.
(The enable button was displayed on the main page). I had to uninstall
it completely. And I had a problem doing that, because it was in use in
the background. I killed a few processes, including nisserv.exe and was
able to finish the uninstall. After a reboot, everything worked fine. :D

I did reinstall Symantec Desktop Firewall after making sure everything
was working. Since little support exists for Windows 98, it is necessary
to have both an anti-virus and firewall installed.

Thanks for your reply. This is the best tech forum around.

0

Great; glad we could help you get it fixed so quickly. :)

The firewall was the problem. It must've been in a wedged state though...

Yes, you're probably right about that; it definitely does happen sometimes.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.