W2k laptop acting strange

laptop unstable and even restarting itself 2 times in last 2 days.

I have run adaware and S&D

here is log:

Logfile of HijackThis v1.97.7
Scan saved at 2:33:42 PM, on 3/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\ibmpmsvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\INSIGHT\TOOLS\aiclient.exe
C:\WINNT\System32\Ati2evxx.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\GhostStartService.exe
C:\Program Files\NavNT\rtvscan.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\PROGRA~1\NORTON~2\SPEEDD~1\nopdb.exe
C:\Program Files\Venturi2\Client\ventc.exe
C:\Program Files\UMS\DMI\bin\Win32sl.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SymTray.exe
C:\WINNT\system32\tp4serv.exe
C:\WINNT\system32\PRPCUI.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\system32\atiptaxx.exe
C:\WINNT\LTSMMSG.exe
C:\WINNT\system32\dla\tfswctrl.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\WINNT\AGRSMMSG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
C:\Program Files\Venturi2\Configurator\ventcfg.exe
C:\WINNT\system32\ntvdm.exe
C:\Program Files\Nortel Networks\Extranet_serv.exe
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Lotus\Sametime Client\Connect.exe
C:\Program Files\Lotus\Sametime Client\activmon.srv
C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://plastics.home.ge.com/MainPage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by GE Plastics
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http-proxy.gep.ge.com:80
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\P021759\Application Data\Mozilla\Profiles\default\qk042qtd.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\P021759\Application Data\Mozilla\Profiles\default\qk042qtd.slt\prefs.js)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll
O4 - HKLM\..\Run: [TrackPointSrv] "tp4serv.exe"
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [PRPCMonitor] "PRPCUI.exe"
O4 - HKLM\..\Run: [dllInit ibmasstw.dll] "C:\Program Files\UMS\utils\DLLINIT.EXE" ibmasstw.dll
O4 - HKLM\..\Run: [vptray] "C:\Program Files\NavNT\vptray.exe"
O4 - HKLM\..\Run: [Sametime Connect] "C:\PROGRA~1\Lotus\SAMETI~1\Connect.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [LTSMMSG] "LTSMMSG.exe"
O4 - HKLM\..\Run: [dla] "C:\WINNT\system32\dla\tfswctrl.exe"
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPHOTKEY] "C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe"
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [AGRSMMSG] "AGRSMMSG.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] "C:\Program Files\Common Files\Symantec Shared\Symtray.exe " SetReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCDRealtime] C:\WINNT\realtime.exe
O4 - HKCU\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe"
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - Global Startup: CleanSweep Smart Sweep-Internet Sweep.lnk = C:\Program Files\Norton SystemWorks\Norton CleanSweep\csinsmnt.exe
O4 - Global Startup: Venturi 2.lnk = C:\Program Files\Venturi2\Configurator\ventcfg.exe
O9 - Extra 'Tools' menuitem: Launch Copernic Agent (HKLM)
O9 - Extra button: Copernic Agent (HKLM)
O10 - Broken Internet access because of LSP provider 'vlsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .zip: C:\PROGRA~1\PKWARE\PKZIPP\nppkzip.dll
O15 - Trusted Zone: http://gein2.gep.ge.com
O16 - DPF: Cendant Mobility - https://eras.cendantmobility.com/Cendant/RelEmp.cab
O16 - DPF: PlaceWare Console: PWS-CC2K-4-2-0-0-A-m7t8o4 - http://pwn.ops.placeware.com/etc/pwf/gep/lib/cc-full.cab
O16 - DPF: Sametime Meeting Applet - http://gepmeeting01c.ge.com/stsrc.nsf/c94ddb0fce3e84ec052567290071b210/$FILE/STMeetingApplet.cab
O16 - DPF: Sametime Meeting Room Client ST25DEV7 - http://indiagecismeeting01c.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: Sametime Meeting Room Client ST25DEV9 - http://gepmeeting01.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: Sametime Meeting Room Client ST30EMS - http://gepmeeting01.ge.com/sametime/stmeetingroomclient/STMeetingRoomClient.cab
O16 - DPF: WebIntelligence Applet - http://webiamericas.gep.ge.com/wi/classes/WIPanel264.cab
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - https://www-3.ibm.com/pc/support/access/sdccommon/download/tgctlins.cab
O16 - DPF: {01516EAA-CC39-4477-9500-87CB12F72AFD} (Livelink Explorer Activator) - http://inet45.gep.ge.com:82/Livelinksupport/webexp/llexpld.cab
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://gepquickplace01.ge.com/qp2.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {24CEC0BF-C8BC-4BCB-B804-226326B319EF} (JNILoader Control) - http://gepmeeting01.ge.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeupdate/content/opuc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20020713/qtinstall.info.apple.com/samantha/us/win/QuickTimeInstaller.exe
O16 - DPF: {4BEE3896-4820-48D1-85EA-5A9A9ECD3D95} (OPUCatalog Class) - http://www.officeupdate.com/productupdates/content/opuc.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.microsoft.com/productupdates/content/opuc.cab
O16 - DPF: {68EA624F-619A-11D6-99CF-006094235084} (IbmEgathDetectCtl Class) - https://www-3.ibm.com/pc/support/access/sdccommon/download/IbmEgathDetect.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-306.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {956AC257-2D37-11D2-A434-00105A07281A} (AppShareUI) - http://gepmeeting01.ge.com/STConf.nsf/AB63FEF7BFC06856852566B4004F5495/$FILE/AppShare.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37868.2817013889
O16 - DPF: {A4E84B61-1174-4309-87F0-E795A64158CC} (JNILoader Control) - http://gepmeeting01.ge.com/sametime/stmeetingroomclient/STJNILoader.cab
O16 - DPF: {BB47CA33-8B4D-11D0-9511-00C04FD9152D} (ExteriorSurround Object) - http://autos.msn.com/components/ocx/exterior/Outside.cab
O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://johndeere.view22.com/app/View22RTE.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805/v1503/www.contentwatch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://www.pcpowerscan.com/download/setup/pcpowerscan.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://johndeere-cce.webex.com/client/latest/webex/ieatgpc.cab
O16 - DPF: {E598AC61-4C6F-4F4D-877F-FAC49CA91FA3} (acpRunner Class) - file://C:\Program Files\Support.com\bin\IBMAccessSupport\common\install\AcpControl.cab
O16 - DPF: {F9B3E1F4-3F66-11D3-AD61-0090275A7262} (ZABOClientControl Class) - http://webiamericas.gep.ge.com/wi/ActiveX/ZABOIEEN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3FFAEE33-FA15-4632-B111-4AB09978E7D2}: NameServer = 3.77.140.20,3.77.125.8
O17 - HKLM\System\CCS\Services\Tcpip\..\{C1F4DA21-4EDA-40C2-A6F7-BF7BEBD8F2DE}: NameServer = 3.77.140.20,3.77.125.8 3.77.140.20,3.77.125.8 3.77.140.20,3.77.125.8 3.77.140.20,3.77.125.8
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = gep.ge.com,ge.com,e2k.ad.ge.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = gep.ge.com,ge.com,e2k.ad.ge.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = gep.ge.com,ge.com,e2k.ad.ge.com


Thanks
Jim

 

Hi smithsonga,

You have a lot of things running, but nothing that really jumps out to be malware.
Can you give us the error reports or look if there is anything in the Event logs that might help us find the culprit?

Regards,

Pieter

 

Thanks Pieter....here are some common errors in my event log...but they all seem to be network based (having issues there too).

I use a VPN to access work servers/email.

Ok, I went into my event log and found these errors recurring:

Error#5719 (this occured 3 times in one hour this morning)
No Windows NT or Windows 2000 Domain Controller is available for domain GEPHTV. The following error occurred:
There are currently no logon servers available to service the logon request. (GEPHTV is my work server...not local)

Error#7011 (this occured 6 times in one hour this morning)
Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.

Error #7031 (this occured 3 times in one hour this morning)
The Extranet Access Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: No action. (extranet is my Nortel VPN client)

I am also getting Warning #1007 regarding DHCP
Your computer has automatically configured the IP address for the Network Card with network address 444553544200. The IP address being used is 169.254.241.150.

I got one Warning #1006
Your computer was unable to automatically configure the IP parameters for the Network Card with the network address 0020E08B7196. The following error occurred during configuration: The parameter is incorrect.

I have an XP box and 98SE box on this network (not using VPN...personal machines) and they have recently been complaining about IP addresses conflicts. Not sure if that is related or how to solve.

This is probably not relevant to this forum, but wanted to reply.
Thanks
Jim

 

That does sound like a Network Card or Network setup problem yes.

Are you using one NIC for all the connections you mentioned?

Regards,

Pieter

 

I am using Motorola cable modem connected to Linksys wireless router. My laptop is using wireless, my two desktops are hardwired to the router.

Not sure of the brand of Network cards in each box.

Jim