Taskbar freezing after connecting to internet

I have read the other threads relating but nothing helped. I'm on Windows XP Home Edition. The taskbar doesn't freeze when Windows start. It's when I connect to the internet. Once I connect, the taskbar freezes and I can't really do anything. I can open AIM and maybe Yahoo. That's about it. I used to be able to open up Opera, but that freezes, same with IE and SlimBrowser. Freeze time lasts from 1 minute-1+hours. It lets loose on its own. It's really starting to get on my nerves. I don't know how long it has been happening(yeah that long lol).

Highjackthis really helps to narrow down what's happening in your system. If you don't already have it, download and install it and follow the instructions and post your log.

http://www.tomcoyote.org/hjt/

Have you run any spyware removal tools like Adaware, Spybot, CWShreader, etc...?

I always run Ad-Aware and SpySweeper so it shouldn't be adware/spyware. Maybe it's 'cause I only have 128mb of RAM? But I don't know why it only started happening whenever it did. I was fine in the beginning. HiJackThis.. I have that program but was afraid to use it. I'll check that site out.

Here's the log.

Logfile of HijackThis v1.97.7
Scan saved at 1:59:27 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {D048ACF8-5F23-4CDB-AB09-519510234B29} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62

Well, the key here is that it "only happens when you connect to the internet" RAM could be an issue (you should definitely add another stick when you can. Your pushing it a bit with only 128MB, however, you'd probably notice this with more than just the internet if that was the issue.

The fact that's it's onl when you connect tells me that you may have a backdoor trojan of some sort that's connecting to it's servers whenever you are connected to the internet.

Another thing you can do while connected to the internet is go to a command prompt and type: netstat -n

This will show you a list of any connections that are open on your computer. Anything that is Established is going to be a connection you have open and active with that server. Most are simply going to be the websites you have open and some may be connections with messaging services like AIM. You can do a whois search at nic.com for the IP's listed in netstat (enter the IP but elliminate the port) to see who owns it. Let us know if you see anything suspicious.

Thank you for that site. I'll go see now.

I'm reviewing your log now. I'll get back to you in a bit.

// as an aside you really should get rid of Napster -- but that's your choice. I won't get into the whole file sharing argument here.

Yeah I should get rid of it. I'm not even using that. Anyway, I ran the IPs at that site and I got back NetEnterprise and America Online. This last IP though was listed differently. Here...


Request: 206.132.214.10
connected to whois.arin.net [69.25.34.143:43] ...
connected to rwhois.gblx.net [208.50.31.162:4321] ...
%rwhois V-1.5:003fff:00 rwhois.gblx.net (by Network Solutions, Inc. V-1.5.7.3)
network:Class-Name:network
network:ID:8337.206.132.214.0/24
network:Auth-Area:net.206.132.192.0-18
network:Network-Name:3769.3769.NEPT
network:IP-Network:206.132.214.0/24
network:Organization;I:3769.NEPT
network:Tech-Contact;I:4123.3769.NEPT
network:Admin-Contact;I:4123.3769.NEPT
network:Created:20040422
network:Updated:20040423
network:Updated-By:ipadmin@gblx.net

%ok

Just found out that this is Global Crossing. NetEnterprise and Global Crossing don't look/sound familiar to me. lol

That belongs to Global Crossing:
http://www.gblx.net/xml/index.xml

I'm writing up some instructions to get rid of an adware browser helper object you have. In the meantime, if you are not using Napster, uninstall it, and run your log again and repost it. Let's see how much (if anything) that cleans up.

Actually, I just found an easier set of instructions. Let's get rid of that browser helper object lbbho.dll

Follow the instructions here.
http://www.pestpatrol.com/pestinfo/r/relatedlinks.asp

Note, when you remove browser helper objects, the program they may be associated with may not work as expected or at all. In this case, I'm betting it's probably related to Napster.

After removing that, run the log again and repost.

And while you're uninstalling things, go to add/remove software in control panel and uninstall weatherbug. That's another one with adware/spyware. (the uninstall is usually enough to clean that one up)

Before I rebooted, I unistalled Napster and ran Ad-Aware. It found something called SpywareNuker and 3 tracking cookies. So, now the computer is rebooted and *sigh* the taskbar frozen again. I'm surprised Opera opened this time. I'll try following the instructions on that site. I ran Bazooka Spyware once and it found that file. I tried following the directions on removing whatever that was associated with it through regedit, but I probably missed something.

Edit- Weatherbug isn't in the Add/Remove Programs.

Edit2- Seeing as how I can't access the Start Menu, is there another way I can get to the 'run' process?

Okay lets see if we can fix you up.lol
what were going to do is Registry entry
to put the TaskBar back to original config.

First you have to go (this is the easiest way for you)
Kelly's Korner (site has helped me out in a fix, 1000x)
with people's pc's ,just to get them threw the day,or
fixed it for good(hopefully thats what's going to happen
to you.

http://www.kellys-korner-xp.com/xp_tweaks.htm

then when you get there ,you have 6 choices !
but were only going to install the registry entry
that i think you need. start scrolling down.

#99 is Restore the Task Bar to Default Settings

#117 is Restore Taskbar and Start Menu

#164 is Restore Taskbar to Default Functionality

#243 is Allow Changes Being Made to Taskbar

#264 is Restore Missing Tabs to Task Manager

#298 is Taskbar Repair Tool Plus! (this is are ACE in the hole)


I would go with # 164 first ,then #99 (if #164 does not work)

If that doesn't do it (I think it will ) time for #298..lol it's 48 kb so it's tiny...and I no that will work.

If you start seeing stuff on that page that you might want
to try,after you have fixed your problem..you have to be carefull
about adding alot of REG, entry's..people get into canx. one thing out with another..

good luck .

That might be tough. You can try the keyboard shortcut WindowsKey + R

Next time you run hijackthis, "check" the following:

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?

Then click fix checked


Then rerun and repost the log

My Lord, haha. I'll post the log first, then I'll try what MOC said.

Edit- Ticked what you told me to ticked. New log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe
C:\Program Files\Opera7\opera.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\notepad.exe

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62