Programs opening, but...only for a second

Hi all,
I am having problems with my win 2000 computer. It seems certain programs are opening but only for a split second then they close by themselves. The programs that I am having problems with are, DOS programs, Norton AV 2004 and Task Manager. Any Ideas as I am close to a format. I have ran a virus scan and cwshredder and spybot to no avail. I have included the log to hijack this as it seems to prove useful in these cases. Any help on this matter would be gratefully taken. Thanks in advance guys...



Logfile of HijackThis v1.98.2
Scan saved at 17:13:32, on 14/09/2004
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.btbroadbandoffice.com/bbhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BT Business Broadband
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [PROMon.exe] PROMon.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb01.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Taskbar Service] taskbar.svc
O4 - HKLM\..\Run: [Backup Service] backup.svc
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Microsoft Update Machine] komwbyb.exe
O4 - HKLM\..\Run: [Windows Media Player Update] peofupy.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\RunServices: [Microsoft Update Machine] komwbyb.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] peofupy.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] komwbyb.exe
O4 - HKCU\..\Run: [Windows Media Player Update] peofupy.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] peofupy.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: BT - {2603EA2A-305B-4D3E-8F8F-E9CBD3411171} - http://www.bt.com (file missing) (HKCU)
O9 - Extra button: Homepage - {92E81058-55C6-4957-B2A4-3FFCA3F93A96} - http://www.btopenworld.com/default (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

 

I'm going to move you to the "Security" forum since this is definitely a "security" issue.

For now, print or save these instructions so you can view them in Safe Mode. Then restart in Safe Mode by pressing the f8 key promptly on startup and choosing from the startup menu.

Once in Safe Mode run HijackThis and check and "fix" the following entries:

O4 - HKLM\..\Run: [Taskbar Service] taskbar.svc
O4 - HKLM\..\Run: [Backup Service] backup.svc

O4 - HKLM\..\Run: [Microsoft Update Machine] komwbyb.exe
O4 - HKLM\..\Run: [Windows Media Player Update] peofupy.exe

O4 - HKLM\..\RunServices: [Microsoft Update Machine] komwbyb.exe
O4 - HKLM\..\RunServices: [Windows Media Player Update] peofupy.exe
O4 - HKCU\..\Run: [Microsoft Update Machine] komwbyb.exe
O4 - HKCU\..\Run: [Windows Media Player Update] peofupy.exe
O4 - HKCU\..\RunServices: [Windows Media Player Update] peofupy.exe

>> It's possible Nav has found and deleted most or all of these files. But you will need to confirm. Before doing a file search for each of "exes" above, go to Folder Options > View and check "show hidden files". Also temporarily remove the check for "hide protected system files".

Search for and delete all instances of the above "exes".

After completing this, reboot and do a full online scan at House Call or Panda. After they clean up, post a new HijackThis Scanlog.

HouseCall
Panda

 

Thanks Rollin` Rog. I removed the files you mentioned there and it seems to have solved the problem. I will do as you said and complete the online scans. Just one question though...What exactly caused this problem and what can I do to prevent this happening again as it's a bit of a pain. Again many thanks for your help on this matter.

 

It's rather hard to judge based on what I can see of the configuration. But one of the most common sources of similar infections occurs through the use of file sharing applications. Other than that your main mission should be to ensure that your security patches are up to date and your settings meet the minimum criteria described in this thread:

http://forums.techguy.org/showpost.php?p=1479174&postcount=1

Personally I think conservative usage habits combined with critical updates are the best defense, and the addtional programs described in the post would probably not have prevented that particular infection.

You should probably post another Scanlog after you complete any online scans and if the problem remains resolved I will so mark it.

You're most welcome for the help.