Taskbar freezing after connecting to internet

  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I have read the other threads relating but nothing helped. I'm on Windows XP Home Edition. The taskbar doesn't freeze when Windows start. It's when I connect to the internet. Once I connect, the taskbar freezes and I can't really do anything. I can open AIM and maybe Yahoo. That's about it. I used to be able to open up Opera, but that freezes, same with IE and SlimBrowser. Freeze time lasts from 1 minute-1+hours. It lets loose on its own. It's really starting to get on my nerves. I don't know how long it has been happening(yeah that long lol).
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Highjackthis really helps to narrow down what's happening in your system. If you don't already have it, download and install it and follow the instructions and post your log.

http://www.tomcoyote.org/hjt/

Have you run any spyware removal tools like Adaware, Spybot, CWShreader, etc...?
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I always run Ad-Aware and SpySweeper so it shouldn't be adware/spyware. Maybe it's 'cause I only have 128mb of RAM? But I don't know why it only started happening whenever it did. I was fine in the beginning. HiJackThis.. I have that program but was afraid to use it. I'll check that site out.

Here's the log.

Logfile of HijackThis v1.97.7
Scan saved at 1:59:27 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {D048ACF8-5F23-4CDB-AB09-519510234B29} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, the key here is that it "only happens when you connect to the internet" RAM could be an issue (you should definitely add another stick when you can. Your pushing it a bit with only 128MB, however, you'd probably notice this with more than just the internet if that was the issue.

The fact that's it's onl when you connect tells me that you may have a backdoor trojan of some sort that's connecting to it's servers whenever you are connected to the internet.

Another thing you can do while connected to the internet is go to a command prompt and type: netstat -n

This will show you a list of any connections that are open on your computer. Anything that is Established is going to be a connection you have open and active with that server. Most are simply going to be the websites you have open and some may be connections with messaging services like AIM. You can do a whois search at nic.com for the IP's listed in netstat (enter the IP but elliminate the port) to see who owns it. Let us know if you see anything suspicious.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Thank you for that site. I'll go see now.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

I'm reviewing your log now. I'll get back to you in a bit.

// as an aside you really should get rid of Napster -- but that's your choice. I won't get into the whole file sharing argument here.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Yeah I should get rid of it. I'm not even using that. Anyway, I ran the IPs at that site and I got back NetEnterprise and America Online. This last IP though was listed differently. Here...


Request: 206.132.214.10
connected to whois.arin.net [69.25.34.143:43] ...
connected to rwhois.gblx.net [208.50.31.162:4321] ...
%rwhois V-1.5:003fff:00 rwhois.gblx.net (by Network Solutions, Inc. V-1.5.7.3)
network:Class-Name:network
network:ID:8337.206.132.214.0/24
network:Auth-Area:net.206.132.192.0-18
network:Network-Name:3769.3769.NEPT
network:IP-Network:206.132.214.0/24
network:Organization;I:3769.NEPT
network:Tech-Contact;I:4123.3769.NEPT
network:Admin-Contact;I:4123.3769.NEPT
network:Created:20040422
network:Updated:20040423
network:Updated-By:ipadmin@gblx.net

%ok

Just found out that this is Global Crossing. NetEnterprise and Global Crossing don't look/sound familiar to me. lol
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

That belongs to Global Crossing:
http://www.gblx.net/xml/index.xml

I'm writing up some instructions to get rid of an adware browser helper object you have. In the meantime, if you are not using Napster, uninstall it, and run your log again and repost it. Let's see how much (if anything) that cleans up.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Actually, I just found an easier set of instructions. Let's get rid of that browser helper object lbbho.dll

Follow the instructions here.
http://www.pestpatrol.com/pestinfo/r/relatedlinks.asp

Note, when you remove browser helper objects, the program they may be associated with may not work as expected or at all. In this case, I'm betting it's probably related to Napster.

After removing that, run the log again and repost.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

And while you're uninstalling things, go to add/remove software in control panel and uninstall weatherbug. That's another one with adware/spyware. (the uninstall is usually enough to clean that one up)
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Before I rebooted, I unistalled Napster and ran Ad-Aware. It found something called SpywareNuker and 3 tracking cookies. So, now the computer is rebooted and *sigh* the taskbar frozen again. I'm surprised Opera opened this time. I'll try following the instructions on that site. I ran Bazooka Spyware once and it found that file. I tried following the directions on removing whatever that was associated with it through regedit, but I probably missed something.

Edit- Weatherbug isn't in the Add/Remove Programs.

Edit2- Seeing as how I can't access the Start Menu, is there another way I can get to the 'run' process?
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Okay lets see if we can fix you up.lol
what were going to do is Registry entry
to put the TaskBar back to original config.

First you have to go (this is the easiest way for you)
Kelly's Korner (site has helped me out in a fix, 1000x)
with people's pc's ,just to get them threw the day,or
fixed it for good(hopefully thats what's going to happen
to you.

http://www.kellys-korner-xp.com/xp_tweaks.htm

then when you get there ,you have 6 choices !
but were only going to install the registry entry
that i think you need. start scrolling down.

#99 is Restore the Task Bar to Default Settings

#117 is Restore Taskbar and Start Menu

#164 is Restore Taskbar to Default Functionality

#243 is Allow Changes Being Made to Taskbar

#264 is Restore Missing Tabs to Task Manager

#298 is Taskbar Repair Tool Plus! (this is are ACE in the hole)


I would go with # 164 first ,then #99 (if #164 does not work)

If that doesn't do it (I think it will ) time for #298..lol it's 48 kb so it's tiny...and I no that will work.

If you start seeing stuff on that page that you might want
to try,after you have fixed your problem..you have to be carefull
about adding alot of REG, entry's..people get into canx. one thing out with another..

good luck .
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

That might be tough. You can try the keyboard shortcut WindowsKey + R
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Next time you run hijackthis, "check" the following:

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?

Then click fix checked


Then rerun and repost the log
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

My Lord, haha. I'll post the log first, then I'll try what MOC said.

Edit- Ticked what you told me to ticked. New log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe
C:\Program Files\Opera7\opera.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\notepad.exe

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

ATNO/TW wrote:
That might be tough. You can try the keyboard shortcut WindowsKey + R


Actually *duh -- if your task bar only freezes when you connect to the internet, don't connect to the internet and try it. Otherwise try it in safe mode.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Just out of curiosity, turn off your XP firewall and see if that makes a difference.
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Download this real quick also,it has found stuff countless times
that Ad-Aware SE,SpyBot,Hijackthis,and virus scanners have not.

I love it . lol

Bazooka Spyware Scanner
http://www.kephyr.com/spywarescanner/


it has weekly updates,,and the size is small


PS. to ATNO/TW, I'am not trying to step on your feet
or anything like that ..I just want to help...lol
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

lol It's been turned off and I was having the problem. I tried turning it on to see if it would help, but it's still the same. And Moc, I already have it. ;)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, the reason that I asked is that your Application Layer Gateway service was running in the logs you posted.
C:\WINDOWS\System32\alg.exe

http://www.neuber.com/taskmanager/process/alg.exe.html

It can be spyware, but where it's located in the system32 folder is where it should be. So it's probably not spyware.

But that's why I asked about the firewall. If you are not using XP firewall or using internet connection sharing, then go to your services snapin and stop that service and see what it does (control panel | administration | services) If that takes care of it, then go back and make sure that service is set to manual or diasabled and not automatic.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

MOC wrote:

PS. to ATNO/TW, I'am not trying to step on your feet
or anything like that ..I just want to help...lol


Hey, that's what we expect and hope for around here. Different ideas and levels of experience make for good solutions. Besides, I am quite certain that I don't know all the answers and there have been countless times when I offered advice that's way off. Don't ever feel you need to apologize for offering help.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Would that be the SSDP Discovery Service? No right? I remember reading somewhere to disable that, but errr... yeah didn't work.

Quote:
If you are not using XP firewall or using internet connection sharing, then go to your services snapin and stop that service and see what it does


What service? :-x So sorry I'm being a pain..
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

You're not being a pain. You just have a problem that should be fixable.

The service you should stop (If you are not using internet connection sharing -- you don't even need this unless your computer is a "server" for other computers on your home network) is Internet Connection Sharing. Stop the service and change it to manual in properties.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I guess I really don't need to do that. *sigh* This prob is seriously a pain in the neck.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

tazmayneo wrote:
I guess I really don't need to do that. *sigh* This prob is seriously a pain in the neck.


*lol it's not the worst problem I've ever seen. My first assignment at my job was when they pulled a computer out of a closet because nobody could get it to do anything... Took me about 8 hours to restore it to a working state and another 4 or 5 hours to tweak it.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2854

Post 3+ Months Ago

This three line in the log looks suspicious (or however you spell that! lol) to me:

O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

What do you think ATNO?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23456
  • Loc: Woodbridge VA

Post 3+ Months Ago

labrego wrote:
This three line in the log looks suspicious (or however you spell that! lol) to me:

O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

What do you think ATNO?


I'm still working on the first two . I can't tell what those are associated with.

The last BHO is a good one though.

You can check that one here:
http://www.spywaredata.com/spyware/bho. ... t_page=600

For the novices BHO = browser helper object and some are necessary and not spyware.

The first two do concern me a bit and I can't find much info on them.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I found this about Updater.exe. It would be my guess that updater1.exe is related.
http://ask-leo.com/updaterexe_.html

This is the only thing I could find about loader.dll. It's another hijack this log. The person helping out wasn't sure about it either.
http://www.mytechsupport.ca/support/top ... IC_ID=3716
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2854

Post 3+ Months Ago

Quote:
The last BHO is a good one though.

You can check that one here:
http://www.spywaredata.com/spyware/bho. ... t_page=600

Kontiki Inc, download express... a lot of info out there regading spyware. I have to read some of them. I'll be back :wink:
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2854

Post 3+ Months Ago

hmm, don't know for sure, but this is what I found:

Gamespot's "Download Manager" Hides Spyware, DRM
  • Anonymous
  • Bot
  • No Avatar
  • Posts: ?
  • Loc: Ozzuland
  • Status: Online

Post 3+ Months Ago

Post Information

  • Total Posts in this topic: 89 posts
  • Users browsing this forum: No registered users and 95 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2014. Ozzu® is a registered trademark of Unmelted, LLC.