Programs freeze [HijackThis log included]

Goodday all from downunder,
since last week I have this problem:
when using certain programs, they freeze. Other programs work just fine. In Internet Explorer, some URL's work fine, others freeze IE.
After bootup the system is totally normal. After I had a program freeze on me and I close it by means of Ctrl-Alt-Del the computer becomes very unstable and usually freezes up totally.
I run Spybot, Ad-Aware and Norton AV with their latest updated files every day. No suspicious returns there.
Attached I give you my HighjackThis log file, again latest version. Can somebody have a look at it, please and let me know if there is something suspicious that should'nt be there?

Logfile of HijackThis v1.99.0
Scan saved at 11:00:56, on 23/01/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPEAKING CLOCK\SPCLOCK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1183&ID2=113812289&ID3=1155112851186&ID4=1&ID5={0E091F04-3B0E-11D9-81E8-444553540000}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
R3 - Default URLSearchHook is missing
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Scanregistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [RamBooster] C:\PROGRAM FILES\RAMBOOSTER\RAMBOOSTER.EXE
O4 - Startup: SpClock.exe.lnk = C:\Program Files\Speaking Clock\SpClock.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRAMF\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin7.dll
O12 - Plugin for .tiff: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin7.dll
O12 - Plugin for .mp3: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\Content\include\XPPatchInstaller.CAB
O16 - DPF: {11111111-1111-1111-1111-511111113458} -
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.flexview.de/InstallationsAssistent.ocx

Thanks for your help
Axel

 

Go to Add/Remove Programs in the Control Panel, choose the 'NavHelper' entry, click 'Remove'

Scan again with HijackThis and place a check next to the following entries if present. Close ALL other windows and click fix.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.web--search.com/to.php?ID1=1183&ID2=113812289&ID3=1155112851186&ID4=1&ID5={0E091F04-3B0E-11D9-81E8-444553540000}
R3 - Default URLSearchHook is missing
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\PROGRAM FILES\NAVEXCEL SEARCH TOOLBAR\NAVEXCELBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - (no file)
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - (no file)
O16 - DPF: {11111111-1111-1111-1111-511111113458} -
O16 - DPF: {F0BC061F-DAF9-4533-8011-53BCB4C10307} (Installations Assistent) - http://install.flexview.de/InstallationsAssistent.ocx

Reboot to safe mode and open C:\Program Files. Delete the folder NAVEXCEL SEARCH TOOLBAR if present.
Open C:\Temp (if present), select all and delete.
Open C:\Windows\Temp, select all and delete.
Open C:\Windows\Applog, select all and delete.
Open the control panel, then internet options and delete the temporary internet files, checking the box for offline content.
Open My Computer and right click Local Disk C:, then choose disk cleanup. Check all boxes and click OK.
Uncheck the box to 'enable start menu' in msconfig and OK out. Reboot.

Back in Windows, run another HijackThis scan and post the log. Let us know if you are still experiencing problems with IE.

 

Hi Noahdfear,
first of all I thank you very much for your kind help.
I did everything you suggested. When in Safe Mode and opening My Computer, rightclicking Local Disk C: choosing disk cleanup, the system hangs. After Ctrl-Alt-Del I closed the (not responding) program and tried to open Clean Disk from the Start Menu. It hung again.
After testing the system after rebooting into Windows unfortunately nothing had changed. IE still hangs when using certain URL's. It also will only open my bank's Url first page but not the next one to log on.
I discovered that I did not have the directory 'NavHelper', however I have 'NavExcel' with a subdirectory 'NavHelper' and a subdirectory of it called 'v2.0.4c'. In it I have the following 4 files: NHelper.dll, NHelper.htm,
NHUninstaller.exe and NHUpdater.exe What are these?

Here is the newest HJT Log:
Logfile of HijackThis v1.99.0
Scan saved at 13:46:23, on 25/01/05
Platform: Windows 98 SE (Win9x 4.10.2222B)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZLCLIENT.EXE
C:\PROGRAM FILES\SPEAKING CLOCK\SPCLOCK.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\OOBE\BLANK.HTM
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Scanregistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe "
O4 - HKLM\..\RunServices: [TrueVector] C:\WINDOWS\SYSTEM\ZONELABS\VSMON.EXE -service
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - Startup: SpClock.exe.lnk = C:\Program Files\Speaking Clock\SpClock.exe
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .spop: C:\PROGRAMF\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .png: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin7.dll
O12 - Plugin for .tiff: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin7.dll
O12 - Plugin for .mp3: C:\PROGRAMF\INTERN~1\PLUGINS\npqtplugin5.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg.com/eps/activex/EPSControl_v1-32.cab
O16 - DPF: {3AF4DACE-36ED-42EF-9DFC-ADC34DA30CFF} (PatchInstaller.Installer) - file://G:\Content\include\XPPatchInstaller.CAB
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
I really appreciate your time and effort to help me out.
Thanks again
Axel

 

The NavExcel folder was the one to delete.

Try repairing IE. Go to Start\Programs\Accessories\System Tools\System Information Tool. In System Information Tool, go to the toolbar at Tools\Internet Explorer Repair Tool.

or http://support.microsoft.com/?scid=kb;en-us;194177&spid=2073&sid=186

Try running scandisk and defrag in safe mode, then disk cleanup again.

 

Hi Noahdfear,
sorry to answer so late. I had enormous trouble since last. IE repair tool only worked for 50%, then the system froze. I tried to uninstall and again the system hung half way through that. I could'nt get to the bulletin site any more, hence the delay. After running file checker it discovered 2 files corrupt:
telnet.exe and setupx.dll. The latter was fully restored, the former I don't know where to get from. Having said all of the above it appears the system works fine now, so I 'll leave it alone and watch!
Thanks again for your help.
Regards Axel

 

Good news Axle. Thanks for posting back.