Taskbar freezing after connecting to internet

  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I have read the other threads relating but nothing helped. I'm on Windows XP Home Edition. The taskbar doesn't freeze when Windows start. It's when I connect to the internet. Once I connect, the taskbar freezes and I can't really do anything. I can open AIM and maybe Yahoo. That's about it. I used to be able to open up Opera, but that freezes, same with IE and SlimBrowser. Freeze time lasts from 1 minute-1+hours. It lets loose on its own. It's really starting to get on my nerves. I don't know how long it has been happening(yeah that long lol).
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Highjackthis really helps to narrow down what's happening in your system. If you don't already have it, download and install it and follow the instructions and post your log.

http://www.tomcoyote.org/hjt/

Have you run any spyware removal tools like Adaware, Spybot, CWShreader, etc...?
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I always run Ad-Aware and SpySweeper so it shouldn't be adware/spyware. Maybe it's 'cause I only have 128mb of RAM? But I don't know why it only started happening whenever it did. I was fine in the beginning. HiJackThis.. I have that program but was afraid to use it. I'll check that site out.

Here's the log.

Logfile of HijackThis v1.97.7
Scan saved at 1:59:27 AM, on 9/5/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\SM1BG.EXE
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: C:\WINDOWS\lbbho.dll - {D048ACF8-5F23-4CDB-AB09-519510234B29} - C:\WINDOWS\lbbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://w4s.work4sure.com/c/ge/w4sgeen8.exe
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, the key here is that it "only happens when you connect to the internet" RAM could be an issue (you should definitely add another stick when you can. Your pushing it a bit with only 128MB, however, you'd probably notice this with more than just the internet if that was the issue.

The fact that's it's onl when you connect tells me that you may have a backdoor trojan of some sort that's connecting to it's servers whenever you are connected to the internet.

Another thing you can do while connected to the internet is go to a command prompt and type: netstat -n

This will show you a list of any connections that are open on your computer. Anything that is Established is going to be a connection you have open and active with that server. Most are simply going to be the websites you have open and some may be connections with messaging services like AIM. You can do a whois search at nic.com for the IP's listed in netstat (enter the IP but elliminate the port) to see who owns it. Let us know if you see anything suspicious.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Thank you for that site. I'll go see now.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

I'm reviewing your log now. I'll get back to you in a bit.

// as an aside you really should get rid of Napster -- but that's your choice. I won't get into the whole file sharing argument here.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Yeah I should get rid of it. I'm not even using that. Anyway, I ran the IPs at that site and I got back NetEnterprise and America Online. This last IP though was listed differently. Here...


Request: 206.132.214.10
connected to whois.arin.net [69.25.34.143:43] ...
connected to rwhois.gblx.net [208.50.31.162:4321] ...
%rwhois V-1.5:003fff:00 rwhois.gblx.net (by Network Solutions, Inc. V-1.5.7.3)
network:Class-Name:network
network:ID:8337.206.132.214.0/24
network:Auth-Area:net.206.132.192.0-18
network:Network-Name:3769.3769.NEPT
network:IP-Network:206.132.214.0/24
network:Organization;I:3769.NEPT
network:Tech-Contact;I:4123.3769.NEPT
network:Admin-Contact;I:4123.3769.NEPT
network:Created:20040422
network:Updated:20040423
network:Updated-By:ipadmin@gblx.net

%ok

Just found out that this is Global Crossing. NetEnterprise and Global Crossing don't look/sound familiar to me. lol
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

That belongs to Global Crossing:
http://www.gblx.net/xml/index.xml

I'm writing up some instructions to get rid of an adware browser helper object you have. In the meantime, if you are not using Napster, uninstall it, and run your log again and repost it. Let's see how much (if anything) that cleans up.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Actually, I just found an easier set of instructions. Let's get rid of that browser helper object lbbho.dll

Follow the instructions here.
http://www.pestpatrol.com/pestinfo/r/relatedlinks.asp

Note, when you remove browser helper objects, the program they may be associated with may not work as expected or at all. In this case, I'm betting it's probably related to Napster.

After removing that, run the log again and repost.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

And while you're uninstalling things, go to add/remove software in control panel and uninstall weatherbug. That's another one with adware/spyware. (the uninstall is usually enough to clean that one up)
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Before I rebooted, I unistalled Napster and ran Ad-Aware. It found something called SpywareNuker and 3 tracking cookies. So, now the computer is rebooted and *sigh* the taskbar frozen again. I'm surprised Opera opened this time. I'll try following the instructions on that site. I ran Bazooka Spyware once and it found that file. I tried following the directions on removing whatever that was associated with it through regedit, but I probably missed something.

Edit- Weatherbug isn't in the Add/Remove Programs.

Edit2- Seeing as how I can't access the Start Menu, is there another way I can get to the 'run' process?
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Okay lets see if we can fix you up.lol
what were going to do is Registry entry
to put the TaskBar back to original config.

First you have to go (this is the easiest way for you)
Kelly's Korner (site has helped me out in a fix, 1000x)
with people's pc's ,just to get them threw the day,or
fixed it for good(hopefully thats what's going to happen
to you.

http://www.kellys-korner-xp.com/xp_tweaks.htm

then when you get there ,you have 6 choices !
but were only going to install the registry entry
that i think you need. start scrolling down.

#99 is Restore the Task Bar to Default Settings

#117 is Restore Taskbar and Start Menu

#164 is Restore Taskbar to Default Functionality

#243 is Allow Changes Being Made to Taskbar

#264 is Restore Missing Tabs to Task Manager

#298 is Taskbar Repair Tool Plus! (this is are ACE in the hole)


I would go with # 164 first ,then #99 (if #164 does not work)

If that doesn't do it (I think it will ) time for #298..lol it's 48 kb so it's tiny...and I no that will work.

If you start seeing stuff on that page that you might want
to try,after you have fixed your problem..you have to be carefull
about adding alot of REG, entry's..people get into canx. one thing out with another..

good luck .
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

That might be tough. You can try the keyboard shortcut WindowsKey + R
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Next time you run hijackthis, "check" the following:

R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
O9 - Extra button: WeatherBug (HKCU)
O16 - DPF: {2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} (MiniBugTransporterX Class) - http://download.weatherbug.com/minibug/ ... porter.cab?

Then click fix checked


Then rerun and repost the log
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

My Lord, haha. I'll post the log first, then I'll try what MOC said.

Edit- Ticked what you told me to ticked. New log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe
C:\Program Files\Opera7\opera.exe
C:\WINDOWS\regedit.exe
C:\WINDOWS\notepad.exe

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

ATNO/TW wrote:
That might be tough. You can try the keyboard shortcut WindowsKey + R


Actually *duh -- if your task bar only freezes when you connect to the internet, don't connect to the internet and try it. Otherwise try it in safe mode.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Just out of curiosity, turn off your XP firewall and see if that makes a difference.
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

Download this real quick also,it has found stuff countless times
that Ad-Aware SE,SpyBot,Hijackthis,and virus scanners have not.

I love it . lol

Bazooka Spyware Scanner
http://www.kephyr.com/spywarescanner/


it has weekly updates,,and the size is small


PS. to ATNO/TW, I'am not trying to step on your feet
or anything like that ..I just want to help...lol
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

lol It's been turned off and I was having the problem. I tried turning it on to see if it would help, but it's still the same. And Moc, I already have it. ;)
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

Well, the reason that I asked is that your Application Layer Gateway service was running in the logs you posted.
C:\WINDOWS\System32\alg.exe

http://www.neuber.com/taskmanager/process/alg.exe.html

It can be spyware, but where it's located in the system32 folder is where it should be. So it's probably not spyware.

But that's why I asked about the firewall. If you are not using XP firewall or using internet connection sharing, then go to your services snapin and stop that service and see what it does (control panel | administration | services) If that takes care of it, then go back and make sure that service is set to manual or diasabled and not automatic.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

MOC wrote:

PS. to ATNO/TW, I'am not trying to step on your feet
or anything like that ..I just want to help...lol


Hey, that's what we expect and hope for around here. Different ideas and levels of experience make for good solutions. Besides, I am quite certain that I don't know all the answers and there have been countless times when I offered advice that's way off. Don't ever feel you need to apologize for offering help.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Would that be the SSDP Discovery Service? No right? I remember reading somewhere to disable that, but errr... yeah didn't work.

Quote:
If you are not using XP firewall or using internet connection sharing, then go to your services snapin and stop that service and see what it does


What service? :-x So sorry I'm being a pain..
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

You're not being a pain. You just have a problem that should be fixable.

The service you should stop (If you are not using internet connection sharing -- you don't even need this unless your computer is a "server" for other computers on your home network) is Internet Connection Sharing. Stop the service and change it to manual in properties.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I guess I really don't need to do that. *sigh* This prob is seriously a pain in the neck.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

tazmayneo wrote:
I guess I really don't need to do that. *sigh* This prob is seriously a pain in the neck.


*lol it's not the worst problem I've ever seen. My first assignment at my job was when they pulled a computer out of a closet because nobody could get it to do anything... Took me about 8 hours to restore it to a working state and another 4 or 5 hours to tweak it.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

This three line in the log looks suspicious (or however you spell that! lol) to me:

O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

What do you think ATNO?
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

labrego wrote:
This three line in the log looks suspicious (or however you spell that! lol) to me:

O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

What do you think ATNO?


I'm still working on the first two . I can't tell what those are associated with.

The last BHO is a good one though.

You can check that one here:
http://www.spywaredata.com/spyware/bho. ... t_page=600

For the novices BHO = browser helper object and some are necessary and not spyware.

The first two do concern me a bit and I can't find much info on them.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I found this about Updater.exe. It would be my guess that updater1.exe is related.
http://ask-leo.com/updaterexe_.html

This is the only thing I could find about loader.dll. It's another hijack this log. The person helping out wasn't sure about it either.
http://www.mytechsupport.ca/support/top ... IC_ID=3716
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Quote:
The last BHO is a good one though.

You can check that one here:
http://www.spywaredata.com/spyware/bho. ... t_page=600

Kontiki Inc, download express... a lot of info out there regading spyware. I have to read some of them. I'll be back :wink:
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

hmm, don't know for sure, but this is what I found:

Gamespot's "Download Manager" Hides Spyware, DRM
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

JrzyCrim wrote:
I found this about Updater.exe. It would be my guess that updater1.exe is related.
http://ask-leo.com/updaterexe_.html

This is the only thing I could find about loader.dll. It's another hijack this log. The person helping out wasn't sure about it either.
http://www.mytechsupport.ca/support/top ... IC_ID=3716


It sound strange and suspicious, there's no information out there about it and the name says nothing, I agree with you it has to be the problem or part of it.

//EDIT: tazmayneo, try to rename the two files, C:\WINDOWS\loader.dll and C:\WINDOWS\updater1.exe and restart windows to see how it work
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Both are not in the Windows folder.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Try this:

Go to folder options > veiw and uncheck 'hide protected operating system files'. Click OK and then see if you can find those files.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Still no files.

I just found a file called lbbho, configuration settings or something. I should delete that right?
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Yes, run hijack this and fix these entries:


O2 - BHO: C:\WINDOWS\lbbho.dll - {D048ACF8-5F23-4CDB-AB09-519510234B29} - C:\WINDOWS\lbbho.dll
O4 - HKCU\..\Run: [updater.dll] C:\WINDOWS\updater1.exe
O4 - HKCU\..\Run: [loader.dll] C:\WINDOWS\loader.dll

Also, did you follow the instructions in the sight ATNO provided for removing the browser helper object lbbho.dll?
http://www.pestpatrol.com/pestinfo/r/relatedlinks.asp
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Yep, I did. But I could not find this HKEY_CLASSES_ROOT\software\microsoft\windows\currentversion\explorer\browser helper objects\{efd84954-6b46-42f4-81f3-94ce9a77052d}. It stopped at microsoft. The sub-folders for microsoft are MasterAggregatorForIPP, MediaPlayer, Multimedia, and Windows Media Tool.

I'll try running HiJackThis and getting rid of those.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I suspect some other spyware removal tools you may have used left remnants of these things. After running hijack this, reboot, rescan and post a new log,
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Alright, I deleted those files. Although the first one didn't show up. The computer started up fine and connecting to the internet was fine. But the taskbar is still frozen. Here's the new log.

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\DiskeeperLite\DKService.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\soundman.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Documents and Settings\Maybelline Cabrera\My Documents\HiJackThis\HijackThis.exe

O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1629.0\en-us\msntb.dll
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\PROGRA~1\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe"
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [3Degrees] C:\Program Files\threedegrees\threedegrees.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/c ... /tt2_x.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shoc ... tor/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v47 ... ckwerx.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2003 ... scan53.cab
O16 - DPF: {785EA525-5066-495F-ADF6-3B8316515DEF} (Collapse Control) - http://mirror.worldwinner.com/games/v46 ... llapse.cab
O16 - DPF: {78A730D4-0DF3-4B65-8DD2-BFCD433CEE30} - http://www.surfsecret.com/inst/CDRBInstaller.exe
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.com/client/isetup.cab
O16 - DPF: {94299420-321F-4FF9-A247-62A23EBB640B} (WordMojo Control) - http://mirror.worldwinner.com/games/v45 ... rdmojo.cab
O16 - DPF: {9DD6A49C-CF35-4544-BF13-34DF413BCF7A} ({9DD6A49C-CF35-4544-BF13-34DF413BCF7A}) - http://195.39.204.19/codebase/Stealthnet.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/C ... 2902546296
O16 - DPF: {A8658086-E6AC-4957-BC8E-7D54A7E8A78E} (SassCln Object) - http://www.microsoft.com/security/contr ... assCln.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/sh ... wflash.cab
O16 - DPF: {F5820AD3-9B20-423E-B2AA-7AF2B4055746} (CRegistryDownload Class) - http://www.paltalk.com/prod/RegDload.CAB
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D287FC85-B8BB-4446-B3FF-C7D2E3657C16}: NameServer = 202.88.64.61 202.88.64.62
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Launch task manager and end this process: sistray.EXE

run hijack this again and fix this item:
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE

Reboot and see if the problem still exists.

Found this: http://www.lafn.org/webconnect/mentor/startup/EZB.HTM

It's also a legitimate program:

Quote:
System Tray utility which gets installed by the drivers of the latter day SiS VGA cards. The utility itself is not of much use in our opinion.


It's not really necessary if it is the latter so either way it should be safe to remove this.

More info related to sistray.exe which suggests it could be related to the Prova Virus: http://www.windowsstartup.com/wso/brows ... 00&end=225
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Deleted. Started fine, connected fine, taskbar frozen. I'm about to pull my hair out.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

What type of graphics card do you have? I'm curious about what sistray.exe was actually doing on your system.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

This is where you're going to have to tell me where to go to find that information 'cause I have no clue.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

tazmayneo wrote:
Deleted. Started fine, connected fine, taskbar frozen. I'm about to pull my hair out.


*patience little grasshopper, sooner or later we'll find what's causing you this trouble* :wink:

- Right click on your desktop and select properties
- Select Settings tab and click on advanced button
- In the next window select Adapter tab
- There you'll find Adapter Type in the upper left of that window
- Post Adpter Information here too

//EDIT: lol, me too, I was too busy looking at my spelling :lol:
Well, now he has two differents ways to get that information :wink:
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

tazmayneo wrote:
This is where you're going to have to tell me where to go to find that information 'cause I have no clue.


Goto start > run, enter this:

msinfo32.exe

When System info pops up, go to components > Display. On the right side see what's listed beside Name at the top.

*lol I missed your post labrego :)
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

AG315E-32 is what it says.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

tazmayneo, can you check your event log (Control Panel - Administrative Tools - Event Viewer - System Log) to see if there's is a recent error logged there? Look for something new or a repetitive error
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

that is a SIS vga card. So that wasn't the problem. No harm done there...

Before I recommend anything drastic I do have another idea. Close your instant messenger programs one at a time and see if the problem remains. Aim, then check, close MSN and check again etc.

In fact, reboot and before going on line close one and then check and see if the problem goes away.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Most of the errors are coming from DCOM. One from atapi, one from serial, two from Service Control Manager.

And when I reboot, none of my Instant Messengers start up. I stopped doing it because of the problem.

Also, Yahoo and AIM seem to work fine when the taskbar is frozen, but MSN freezes.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Can you post the error messages here?
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

DCOM
Access denied attempting to launch a DCOM Server. The server is:
{00020906-0000-0000-C000-000000000046}
The user is Unavailable/Unavailable, SID=Unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.



DCOM got error "The service did not respond to the start or control request in a timely fashion. " attempting to start the service ccPwdSvc with arguments "" in order to run the server:
{DBA28A20-5CE1-4E8D-AD35-418B62269E54}

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The server {520CCA63-51A5-11D3-9144-00104BA11C5E} did not register with DCOM within the required timeout.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Service Control Manager
Timeout (30000 milliseconds) waiting for the Symantec Password Validation Service service to connect.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


The Diskeeper service terminated unexpectedly. It has done this 1 time(s).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


Access denied attempting to launch a DCOM Server. The server is:
{00020906-0000-0000-C000-000000000046}
The user is Unavailable/Unavailable, SID=Unavailable.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.


atapi

The device, \Device\Ide\IdePort1, did not respond within the timeout period.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

serial

While validating that \Device\Serial2 was really a serial port, the contents of the divisor latch register was identical to the interrupt enable and the receive registers. The device is assumed not to be a serial port and will be deleted.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Try ending this process and see if that helps:

MsgPlus.exe

Also, in the event viewer, look under application for anything that might relate.

If the event log doesn't turn up anything useful, then I would close all programs and enter this from start >Run:

sfc /scannow

Have your XP CD ready.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Alright for Applications, I've got Application Hang, Application Error, and Ci. There's a crapload, so if you want me to post the descriptions, it's going to take a while.

Edit- There's also VSS, EventSystem and MsiInstaller.

Quote:
Try ending this process and see if that helps:

MsgPlus.exe


Do you want me to end that before I connect to the internet? 'Cause right now, the taskbar let loose. It's been letting loose at different times.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

If most of them are related to the same applications, then just post a few.

did killing MsgPlus.exe help at all? You might try closing IE or whatever browser you are using and then kill that process and see if the problem persists,
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Seems that we can get something from there, I think we'll wait for the posting.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I'll reboot, end MsgPlus.exe, connect to the internet, and see if it freezes. Then I'll paste some of the descriptions.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Sounds like a plan. I'm determined to get this resolved one way or the other.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

ditto, same here
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Alright. I rebooted, ended MsgPlus.exe, connected to the internet. I tried to open SlimBrowser, but it seemed like it froze. And then several seconds later, it let up but SBrowser didn't open. So I opened Task Manager and ended sbrowser.exe, and it froze again. So I opened Opera and came here. As I was typing up the second sentence, the taskbar unfroze(pretty fast compared to before lol). So, I don't know if it's MsgPlus.exe or what.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Application Error

1000

Faulting application prizesurfer.exe, version 1.0.5.0, faulting module unknown, version 0.0.0.0, fault address 0x000c0100.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Application Hang

1002

Hanging application sbrowser.exe, version 3.8.3.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Ci

4124

Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc).

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

4126

Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

EventSystem

4609

The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

VSS

8193

Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance. hr = 0x80040206.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

MsiInstaller

11706

Product: Paint Shop Pro 7 ESD -- Error 1706.No valid source could be found for product Paint Shop Pro 7 ESD. The Windows Installer cannot continue.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

I think this is related,
Content index on c:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service
let me post you some instructions
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

If it's opening the search thing and going to change preferences, don't bother typing up instructions. lol I disabled it earlier.

Edit- Just wanted to say that even when that was enabled, I was still having problems.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Yes, I was just looking at the same thing:

see: http://forums.vnunet.com/thread.jsp?for ... age=171726
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Yup Lol

What's this prizesurfer.exe? do you have this installed?
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Not that I know of... that filename looks familiar though. I know I had that waaaaaaaaaay back, but deleted it.

I just got disconnected, and when it reconnected the taskbar froze. *Rolls eyes* So it ain't MsgPlus.exe. lol
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

tazmayneo wrote:
If it's opening the search thing and going to change preferences, don't bother typing up instructions. lol I disabled it earlier.

Edit- Just wanted to say that even when that was enabled, I was still having problems.


Are you talking about the Indexing Service? If not enter this in Start > Run: services.msc

scroll down to indexing service and stop that. Then right click on it, select properties and set that to disabled. It's an unnecessary resource hog in any case.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

tazmayneo wrote:
Not that I know of... that filename looks familiar though. I know I had that waaaaaaaaaay back, but deleted it.

I just got disconnected, and when it reconnected the taskbar froze. *Rolls eyes* So it ain't MsgPlus.exe. lol

I think maybe something is left, what's the date of this error?

//EDIT: ^ Follow Jim's instructions too, I was referinng to that in a later post
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Yep, that's the one I'm talking about. I disabled that several hours ago. lol

What's the date of what error?
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Sorry, lol

Faulting application prizesurfer.exe, version 1.0.5.0, faulting module unknown, version 0.0.0.0, fault address 0x000c0100.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

This one
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

1/26/2004
2/1
2/5

Before May... I also had this a76f1a2v6x.exe which screwed up my computer bad. I couldn't even use the computer because a crapload of its processes would run and drive the CPU Usage up. But I doubt that has anything to do with it.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I ran across a thread on another forum that suggested NAV could be the culprit. It was several months old however so I'm doubtful that's the case.

Labrego pointed this thread out to me:
http://www.ozzu.com/mswindows-forum/windows-taskbar-freezes-again-t22061.html

IF nothing comes of these ideas or prizesurfer.exe I vote that you try this:

Close all programs, type this from Start > Run: sfc /scannow.

Have your XP CD ready to insert.

If the problem still persists, you might try a repair install:
http://support.microsoft.com/default.as ... -us;315341

Use method 2.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

Or you may try to stop Norton's services, Norton is a memory hog, and you have only 128MB, try to stop their services and see what happen
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I'll try that when I get back. It's now 11:28am, and I've been awake since 4pm yesterday trying to figure this thing out. I've got a headache and I really wanna start pulling my hair out. Thanks for all the help. I'll let you guys know how it goes.

Edit- And that thread that you last posted about changing the properties for the internet connection, that was the first thing I tried, and it didn't work. lol
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

If windows is using a lot of virtual memory, which it will if you only have 128MB, then that might account for the problem. I wished I'd noticed the the fact that you only had 128mb. I came to this thread late and didn't see that. Was focusing on the hijack this log. The extra resources required to run a browser and related programs could account for it.

In fact:
tazmayneo wrote:
Alright. I rebooted, ended MsgPlus.exe, connected to the internet. I tried to open SlimBrowser, but it seemed like it froze. And then several seconds later, it let up but SBrowser didn't open. So I opened Task Manager and ended sbrowser.exe, and it froze again. So I opened Opera and came here. As I was typing up the second sentence, the taskbar unfroze(pretty fast compared to before lol). So, I don't know if it's MsgPlus.exe or what.


Seems like when you decrease the number of programs that are running the problem decreases. I'm assuming you were able to use slimbrowser before without problem. Have you started using more programs simultaneously just prior to this problem? Also, see if the hard drive is being accessed while the taskbar is frozen.

I'm going to take a break and grab a snack. Good luck with this.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

128MB is not enough to run NAV, I noticed that too when I ran across another forum thread saying NAV eats too much memory. And your problem seems more like a delayed response from the system than a complete freezing.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

JrzyCrim wrote:
I'm going to take a break and grab a snack. Good luck with this.


Hey, why don't you invite me?? LOL
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

I'm sorry. We should toss down a few brews... :beerchug:
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

cheers! hic! :handsup:

EDIT: Don't worry tazmayneo, we wait for you, have a nice rest
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Some additional information:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.cab

I've seen this around before and the general consensus is to get rid of it:
http://forum.gladiator-antivirus.com/in ... opic=14639

Removal instructions are provided there as well.

If this entry is still present, fix it:
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - (no file)

Some more useful info: http://computercops.biz/postt7736.html
  • MOC
  • Proficient
  • Proficient
  • User avatar
  • Posts: 490
  • Loc: Ocean City , Maryland

Post 3+ Months Ago

How ya doing (i'am a ding bat ) I had no idea this was 6 pages ,lol
never saw it on the bottom.

http://torque.oncloud8.com/archives/000355.html

tell you how to get rid of that prizefighter

I didn't like that site to much ,,so here

http://www.2-spyware.com/file-prizesurfer-exe.html

http://www.liutilities.com/products/win ... izesurfer/

http://www.liutilities.com/products/win ... ry/rcsync/

http://www.pestpatrol.com/pestinfo/p/prizesurfer.asp

http://www.windowsstartup.com/wso/brows ... 75&end=200
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

MOC wrote:
How ya doing (i'am a ding bat ) I had no idea this was 6 pages ,lol
never saw it on the bottom.

http://torque.oncloud8.com/archives/000355.html

tell you how to get rid of that prizefighter


seems that or prizesurfer thing was only remanent of an old or bad uninstall, since there's no rcsync.exe or prizesurfer.exe process running in hijack log.

//EDIT: ding bat? naw, it's good to see more people trying to help :wink:

//EDIT2: nice findings Jim
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

It's not listed in his running processes so It's gone. That event log error was from last January.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

Quote:
It's not listed in his running processes so It's gone.


Her. :p

Quote:
128MB is not enough to run NAV, I noticed that too when I ran across another forum thread saying NAV eats too much memory. And your problem seems more like a delayed response from the system than a complete freezing.


Yeah, pretty much. I was thinking that for a long time, but then I was wondering "why only now?" It was running fine when the comp. shop fixed the virus or whatever it was. They even updated NAV(that's what they said anyway lol).

Quote:
If windows is using a lot of virtual memory, which it will if you only have 128MB, then that might account for the problem.


Yes, I was looking at the system information once and noticed that only 8mb was free! Boy am I in trouble. lol

Quote:
Have you started using more programs simultaneously just prior to this problem?


I don't think so. I've always ran the same programs. The only thing that's different is the amount of music I have on this computer. Maybe I'll try getting some more RAM. See if that helps the problem.

Btw, what's the difference between Physical Memory and Virtual Memory? I just checked System Information, and I have 12.57MB of physical memory available and 106MB of virtual memory available.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Sorry for the 'his' mistake. I always get into trouble with that one. :oops: It's a guy thing I guess...

Virtual memory is stored in a 'page file' on your hard drive. When your system is low on physical memory, windows will rely on virtual memory and this slows things down dramatically simply because accessing the hard drive is much slower than accessing RAM. I think in your case this is causing the bulk of your problems because windows has to constantly read and right to the page file.

In the interim, until you acquire more memory, I would suggest you go through this thread and fix the other items that were mentioned after you left. That should alleviate some of the problems. Also, you might want to visit this sight and 'tweak' some services. By disabling unnecessary services, you will free up valuable system resources.
http://www.blackviper.com/WinXP/servicecfg.htm

Good luck with everything and pleas feel free to post more questions or ask for help about anything. :)

If you think about it, check to see if your hard drive is being accessed when your task bar freezes. That would explain the problem because windows is busy doing that and doesn't have time for other things.
  • ATNO/TW
  • Super Moderator
  • Super Moderator
  • User avatar
  • Posts: 23473
  • Loc: Woodbridge VA

Post 3+ Months Ago

I'm sorry -- I am so slow. I just remember that I had this problem severely once and it was whenever I opened internet explorer browser (I'm on broadband and was at the time as well so I'm always connected). But I was getting this too where everything would freeze for a long time, sometimes the browser would crash and sometimes it was so bad I had to reboot. What I finally found out after probably close to a month of frustration with it was the Internet Explorer cache settings was set to store 1.6 GB of cached files.

What was happening was everytime I'd request a new page, the browser would be scrambling through about 1.6 GB (cache was almost full). I also only have 128MB RAM in this machine. What I did was clear cache and change the cache limit to 10 MB. Then I went in and manually deleted all the temporary intenet files that were still left in Windows Explorer.

Problem solved. I can't say that's your problem, but it certainly wouldn't hurt to check. My problem was resolved immediately after doing this.

Sorry I didn't think of it yesterday.
  • LAbrego
  • brego from LA
  • Web Master
  • User avatar
  • Posts: 2856

Post 3+ Months Ago

*good point ATNO

This is what you do:

1. run Internet Explorer.
2. click 'Tools' menu then click 'Internet Options'.
3. ensure the 'General' tab is selected then click the 'Delete Files' button.
4. ensure the 'Delete All Offline Content' option is on, then click OK.
5. if you also want to get rid of your cookies, click the 'Delete Cookies'
button.
6. click settings button, manually write 10 in Amout of Disk Space to Use
7. Click ok button in both windows

You may still have a 'Content.IE5' sub-folder with a pile of files (some of
them may be invisible to Windows Explorer) lurking in those sub-folders.

To get rid of these remaining files:
1. manually delete the 'Content.IE5' sub-folder using Windows Explorer.
C:\Documents and Settings\User\Local Settings\Temporary Internet Files
Where user is the name of the user you use to login
2. if you can't see this files click 'Tools' then 'Folder Options' menu in Windows Explorer
3. Click on 'View' tab
4. Ensure 'Show Hidden Files and Folders' is ticked in 'Advanced Settings'
5. click ok

When you next launch Internet Explorer, it will rebuild the sub-folders, but this time they'll be empty.

Note While you can safely delete the entire contents of Temporary Internet Files, by doing so you'll delete all your cookies. With your cookies gone, the next time you visit any site requiring password entry or which normally stores information about you, you'll have to re-enter your password.
  • tazmayneo
  • Novice
  • Novice
  • tazmayneo
  • Posts: 31
  • Loc: Saipan

Post 3+ Months Ago

I disabled Norton to start when Windows start. First try, taskbar froze. Second try, it didn't freeze. And thank you for letting me know about the cache size thing. I went and checked and it was at 620MB. We'll see how it goes. Thank you all so much for your help.
  • tvmdc
  • Born
  • Born
  • tvmdc
  • Posts: 1

Post 3+ Months Ago

has anyone found the cause of the taskbar freeze problem?
I have exactly the same symptoms and have ruled out
viruses,memory defeciency.
I am going to try the Kelly 298 fix.
I would love to hear from anyone that has cured this on xp pro.

e-me at: tvmdc@ispwest.com
  • iron_gr
  • Born
  • Born
  • User avatar
  • Posts: 1
  • Loc: Greece

Post 3+ Months Ago

I had this annoying problem after the installation of SP2.
BUT I have tested a clean installation of win xp pro and sp2 and I didn't have that problem. So the problem is NOT sp2 but sth else, don't know what!

I went to google and searched the forums. I found this:
"The problem was actually a Microsoft service - IPv6. I uninstalled it and now everything is fine."

In fact he disabled the service not uninstall it. So did I and it's all fine now.
  • JrzyCrim
  • Mastermind
  • Mastermind
  • User avatar
  • Posts: 2062

Post 3+ Months Ago

Thank you for the post iron_gr and welcome to Ozzu. I'm sure someone will find that information useful. :)

Post Information

  • Total Posts in this topic: 89 posts
  • Users browsing this forum: No registered users and 27 guests
  • You cannot post new topics in this forum
  • You cannot reply to topics in this forum
  • You cannot edit your posts in this forum
  • You cannot delete your posts in this forum
  • You cannot post attachments in this forum
 
 

© 1998-2016. Ozzu® is a registered trademark of Unmelted, LLC.