System Freezes for ~2 minutes... then resumes

My computer (Win98, 700mhz pentium, 128mb ram) has been randomly freezing.

It has occurred when i click a quicklaunch icon, the start button, or double-clicking an icon on the desktop. When it happens from pressing a quicklaunch icon the icon stays 'depressed' as if the cursor is over it and it was just pressed.

The freezes last for 2-3 minutes at which point not even the clock will update! Sometimes it results in the Blue Screen of Death, but usually just resumes whatever it was doing when it happened (for instance if launching MSIE from the QuickLaunch, it will resume opening a new browser). While frozen, i can move the cursor but have no other input devices working (no mouse buttons, keyboard, etc)

I have ran ad-aware and that has not helped.

There seems to be no time pattern... it can happen minutes after booting up or i can surf all day and not have a problem until hours later.

Any suggestions... THANKS!

 

Something is stealing the processor time, let's eliminate a possible virus.
RAV Online Scan
Click where it says 'scan without subscribing click here'. Please post the log on here

 

Sorry for the late reply but i've been testing a new video driver as well simply cleaning out the dust from my case.... both to no avail.

I ran the above anti-virus and apparently i have some nasties. What is the best way to clean it up (will the auto-clean future at the above link work?). Here's the log:

Scan started at 7/6/04 7:54:20 PM

Scanning memory...
c:\infamous_downloader.exe - TrojanDownloader:Win32/Small -> Infected
c:\0021-bdl94126.EXE->[wise.8] - TrojanDownloader:Win32/VB.CA -> Infected
c:\0021-bdl94126.EXE->[wise.9] - Trojan:Win32/Revop.C -> Infected
c:\WINDOWS\infamous.exe - PWS:Win32/Briss -> Infected
c:\WINDOWS\TEMP\_update.dat - TrojanSpy/Win32.Agent.L -> Infected
c:\WINDOWS\TEMP\ICD1.tmp\VMInstaller.exe - TrojanDownloader:Win32/Rahitor -> Infected
c:\WINDOWS\TEMP\THI42E0.TMP\twaintec.cab->twaintec.dll - Trojan:Win32/Spy.BiSpy.C -> Infected
c:\RECYCLED\DC3032.EXE - PWS:Win32/Agent -> Infected

Scanned
============================
Objects: 32883
Directories: 2495
Archives: 1467
Size(Kb): 11373
Infected files: 8

Found
============================
Viruses found: 8
Suspicious files: 0
Disinfected files: 0
Mail files: 371


THANKS!!

 

The auto clean at the site should work.
But, you have Win98, you could Restart in Dos Mode, and do these commands, this will delete those files.
smartdrv
deltree c:\infamo~1.exe
deltree c:\0021*.exe
deltree c:\recycled
deltree c:\windows\infamous.exe
deltree c:\windows\temp
deltree c:\windows\tempor~1
Type a Y that you want to delete, check for typos at this time.
When done, reboot.
It wouldn't hurt to do another scan to be sure.
When done, please use HijackThis to create a log and post it on here. The link for this is below.

 

OK, just deleted everything, reran the anit-virus with auto-clean which found nothing, re-searched the system again for the above files and they're not found...

STILL HANGING

Next step?

 

A new hijackthis log would be a good idea at this point.

A few other 98 cleanup things you may or may not be aware of - probably not the whole cause here but can certainly cause 98 to act strangely. do in this order:

- delete all files from c:\ with a name pattern filennnn.chk where nnnn is any number so file0001.chk, file0357.chk, etc. There may be none or there may be hundreds. They are created if you do a scandisk and opt to save if the scan finds problems. Useless files.

- delete all files from any temp folders, wherever located.

- delete all temporary internet files.

- empty your recycle bin.

Boot to DOS and from the command prompt
- scanreg /fix
- scanreg /opt
- scandisk /nosave /surface[/b] and opt to fix any errors without saving anything.

Boot to normal windows again and
- scandisk (the DOS version won't have fixed any possible long file name problems since it can't understand them)
- defrag

 

A new development/information....

Not sure if this is a direct connection or not (as it seems a bit far fetched) but the 'hang/freeze' appears to happen whenever i close any browsers and then try to launch a new program (either from the quicklaunch bar or desktop icon). It's as if closing the last browser on a screen causes the computer to go thru some process that hogs the resources.

When the computer hangs, i can still click on a desktop icon and it will be recognized as 'selected', but if i double click on it nothing happens for 1-4 minutes until the computer 'catches up' and then anything that i clicked during the hang period launches.

So at least now i have figured out some of the randomness and easily test potential solutions.

Anybody seen this type of behavior before, it's VERY frustrating (especially since it also happens with the START button, so therefore it's a pain to shut down the computer as i always have to wait for it to run its course)

 

Would you post a HijackThis log? This can show a lot of things going on, however, it is a tool. It does not know bad or good, it only shows what it finds.
Those files that were detected by RAV online, they were installing stuff and and attaching things to your browser. The do not call them Trojan Downloader for nothing.
Download HJT, unzip into it's own folder. Click on Scan, when it is done, the Scan button changes to Save Log. It will then open in Notepad, copy and paste it onto here. Then advice will be given as to what to do.
The link to HijackThis is below this sentence.

 

Thanks for the replies thus far.

I'm currently in the middle of a virus scan (which has been going on for hours!). I'm going to let it run thru the nite, hopefully it will be done in the a.m., and tomorrow i'll d/l and run the hijackthis and post the log here.

Thanks again for the help.

 

Here is the HijackThis log:

Logfile of HijackThis v1.97.7
Scan saved at 8:58:25 AM, on 7/9/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\DESKTOP\ACTSCRIPT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search03.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search03.html
N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://mail.yahoo.com/?.redir=ymmapi10 "); (C:\Program Files\Netscape\Users\default\prefs.js)
O1 - Hosts: 192.157.173.23 kosh
O1 - Hosts: 192.157.170.45 yamato
O1 - Hosts: 192.157.170.20 hummy
O1 - Hosts: 192.157.170.23 voyager
O1 - Hosts: 192.157.170.49 stargazer
O1 - Hosts: 192.157.170.63 sleepy
O1 - Hosts: 192.157.170.64 sneezy
O1 - Hosts: 192.157.170.65 dopey
O1 - Hosts: 192.157.170.66 grumpy
O1 - Hosts: 192.157.170.67 happy
O1 - Hosts: 192.157.170.71 tallgeese
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - User Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .aif: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://stapleschat.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38113.6067708333
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

Thanks for your insight.

 

I do see a couple of things to be removed.
Close all browsers and have Windows Explorer closed, then remove the following items.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search03.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search03.html
O1 - Hosts: 192.157.173.23 kosh
O1 - Hosts: 192.157.170.45 yamato
O1 - Hosts: 192.157.170.20 hummy
O1 - Hosts: 192.157.170.23 voyager
O1 - Hosts: 192.157.170.49 stargazer
O1 - Hosts: 192.157.170.63 sleepy
O1 - Hosts: 192.157.170.64 sneezy
O1 - Hosts: 192.157.170.65 dopey
O1 - Hosts: 192.157.170.66 grumpy
O1 - Hosts: 192.157.170.67 happy
O1 - Hosts: 192.157.170.71 tallgeese
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

I am curious about the above item. It is calling up the wrong file, unless you did some customizing of the program that handles the System Tray. This area is where the clock and the little icons are in the lower right corner.
The correct entry should be Systray.Exe or C:\Windows\Systray.Exe. It may be a good idea to delete C:\WINDOWS\SYSTEM\A.EXE.

The following items are optional for removal. It does updates for your scanner software, this does not need to be running. If you do decide to leave it, remove one of the entries, otherwise it will be starting up twice.

O4 - Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe
O4 - User Startup: Check for TWS Updates.lnk = C:\Jts\WiseUpdt.exe


BTW, to get the correct entry for that line after removal, paste the following as it is into Notepad. Turn off Word Wrap, make sure the line with the brackets is on one line. Put the cursor at the end of the last line and press Enter. Then Save As with the name "Systray.Reg ", with the quotes included. Then double click the file you just created, you will be prompted if you want to merge this information into the registry, yes. Then you will get a confirmation if it was successful.

REGEDIT4

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SystemTray "= "SysTray.Exe "

 

Thanks for the above advice.

Unfortunately i'm still hanging/freezing.

Here is the updated log so you can see if i did everything correctly:

Logfile of HijackThis v1.97.7
Scan saved at 10:01:33 AM, on 7/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\DESKTOP\ACTSCRIPT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://mail.yahoo.com/?.redir=ymmapi10 "); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Dell Home (HKCU)
O12 - Plugin for .aif: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://stapleschat.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {0D6451B3-FDDA-11D3-BFEC-00D0B725EB0B} (Yahoo! Vision) - http://download.yahoo.com/dl/fv/yv.cab
O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38113.6067708333
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/controls/Sasser/20/SassCln.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

thereuare - I know it isn't high glamor stuff but did you do the things from post #6?

Back a year or so when we were still running 9X clients (about 1000 of them where I work) that routine seemed to clear up about half or more of the strange, one-off issues with the 9X PCs. For the others, it only made them run a little faster and cleaner and gave a good starting place for further investigations.

I'd also suggest the free FileMon utility from http://www.sysinternals.com/win9x/98utilities.shtml so you can have a better chance of figuring out exactly what is hogging all your resources for the 'freeze time'.

 

Yes, i did all the things about, but appreciate your remindere as i'm willing to try just about anything at this point

I've spend the last 4 hours this morning working on this and haven't accomplished anything.

I've even restored a prior registry with no improvement.

 

Is norton still installed ?
if so why is there no 04's for it ?

If you would please download the newer version of hjackthis to , post a new log

 

I disabled Norton as i thought that may be a source of my trouble (it wasn't).

I downloaded FileMon but don't really understand what i'm looking at (i understand it shows what's running on my system, but i don't know what should be running and/or what is normal... but it seemed to be VERY active). I tried to copy some entries that occurred while i was in the middle of a hang, but couldn't find out how to copy the data in order to post here (it seems as if i can only open the log file within the program, no?)

Here is the updated hijack this log... may look substantially different than the prior one since i have done so much to my computer this morning, including restoring a back-up registry.

Hopefully you'll see something:

Logfile of HijackThis v1.98.0
Scan saved at 12:25:03 PM, on 7/10/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\DESKTOP\ACTSCRIPT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search03.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search03.html
N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://mail.yahoo.com/?.redir=ymmapi10 "); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE c:\windows\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {ED6BE740-03EA-11D5-A032-00B0D0B73003} - http://government.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .aif: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://stapleschat.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

THANKS!!

 

Hello

Does the a.exe still exist ?

fix this reboot the PC and delete the file
O4 - HKLM\..\Run: [systray] C:\WINDOWS\SYSTEM\A.EXE

When you fix these do they come back again ?
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.yyep.com/search/search03.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.yyep.com/search/search03.html


Also you should re-enable everything you have disabled with msconfig since the problems started so we can see whats up. then reboot before making the next hijackthis log

 

Those keys only came back because i restored a previous registry.

Here is the current log. Anything that has been prevented from running in the Start-Up tab of MSCONFIG has been stopped for awhile... long before this problem started occurring.

Thank you for the help thus far.

Logfile of HijackThis v1.98.0
Scan saved at 1:53:17 AM, on 7/11/04
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\DESKTOP\ACTSCRIPT\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/
N1 - Netscape 4: user_pref( "browser.startup.homepage ", "http://mail.yahoo.com/?.redir=ymmapi10 "); (C:\Program Files\Netscape\Users\default\prefs.js)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRAM FILES\YAHOO!\COMPANION\YCOMP5_0_2_4.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE c:\windows\SYSTEM\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE c:\windows\SYSTEM\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe -quiet
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Dell Home - {ED6BE740-03EA-11D5-A032-00B0D0B73003} - http://government.dellnet.com/ (file missing) (HKCU)
O12 - Plugin for .aif: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O12 - Plugin for .wav: C:\PROGRAM FILES\NETSCAPE\COMMUNICATOR\PROGRAM\PLUGINS\npaudio.dll
O16 - DPF: {8D37126F-C08C-11D4-A248-005056BF3741} (plug Class) - http://dist02.chargitdial.com/chargitplug.dll
O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - https://stapleschat.egain.net/wcsapp/weblib/Javascript/messaging/ie/SecMgr.cab
O16 - DPF: {AEAD8593-667F-11D3-82FA-005004185BB3} (Servicesoft VoiceControl) - http://12.18.140.235/java/nm.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0410.dll
O16 - DPF: {8714912E-380D-11D5-B8AA-00D0B78F3D48} (Yahoo! WebCam Upload Wrapper) - http://chat.yahoo.com/cab/yuplapp.cab
O16 - DPF: {AA59BA6E-B44F-4514-AB3C-0C1DD2306FC3} (MSN Money Charting) - http://fdl.msn.com/public/investor/v12/invinstl.exe
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://ftp.hp.com/pub/automatic/player/isetupML.cab
O16 - DPF: {EE5CA45C-BFAC-48E6-BE6C-3C607620FF43} (IMViewerControl Class) - http://companion.logitech.com/companion/logitech/ver1.3.1.2083/bin/imvid.cab
O16 - DPF: {544EB377-350A-4295-9BEB-EAB8392E09C6} (MSN Money Charting) - http://fdl.msn.com/public/investor/v13/invinstl.exe
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

 

All I can see to remove is nothing but dead weight.

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - (no file)
O9 - Extra button: Dell Home - {ED6BE740-03EA-11D5-A032-00B0D0B73003} - http://government.dellnet.com/ (file missing) (HKCU)

Well, the apparent virus and malware appears gone. That leaves one of three possibilities for this. One is corrupt system files, easily checked by going to Start\Run, type in SFC and press Enter. Then click on Start in the SFC window and let it scan your system files for corruption. Replace any files found as corrupt.
The second possibility I see as a problem may be video drivers.
The third possibility is that you use sound events whenever you do something like when you Maximize a window, mouse clicks, etc, and the WAV file(s) is/are corrupt. These are on by default with some installations of 98.

 

Thanks for the reply.

Unfortunately i have tried most of the above:
SFC- just ran and found no issues
Video Drivers- i have replaced these to no avail
Sound Events- didn't check, not sure how to do it

Worked on this with a buddy last nite and have some new info:
When not connected to the internet there seems to be no problem. I have an 'always on' connection via cable access, if i unplug the connection and boot i have no freeze issues.

As well, rundll32 always seems to be running during a freeze (if i CTRL+ALT+DEL during the freeze time). Nothing else abnormal seems to be running.

To repeat (since this thread is getting long): the problem arises anytime i launch a program in which there is no other window open in the taskbar. It's as if closing all windows creates an 'event' that causes the computer to go thru some process. If i close all windows and leave the computer, return 5 minutes later, i have no problem launching a new program (because evidently the computer has already 'run' thru the process that is triggered when all windows were closed).

Any further advice, or how to check the sound events, would be appreciated.

Thank you.