XP freezing

JustCallMeBob · 02-03-2006, 06:19 PM

Please tell me more about the error. Exactly when does it pop up. After you perform a specific action? Or does it just pop up randomly? In that case try and see if you did something special the second it pops up.
And another thing, what does it look like, is it a little window with a stopsign cross whatever, error text and the option to press okay. Or does it appear in a error report window? You have probably seen the error report window before if your using xp. In the lower right corner it offers you either to send the error report to microsoft or not to send it. And does the error message offer any tecnical information as well. Do you eg see a "More details" link or any similar? I know i have defined your error mesage above, but im looking for the kind of info that makes you go "now what the h... is that" if there is any.

It would be helpful if there were some more specific information pointing to where the error lies, but for now ill return to what i know, and please allow me to think out loud as im just airing my ideas here, and i dont know the cause.

We need to have the main job of spyware (assuming it got something to do with this) clear (ive just gotten this on my mind). The point with those programs is to monitor you simply. What webpages you visit, what kind of words you search for on google and so on, and then send that information back to the source server in the background so they can bother you strictly speaking.

First notice that the error message points to a remote site. A remote site is hosted by a remote server. Its reasonable to belive that this error occurs as a result of an internet connection attempt, if im not mistaken. You also see "on callback". I think thats essential for understanding the problem (mark i say understanding, not solving). And i believe that the callback is refering to the Three way handshake.

The three way handshake is performed by the TCP protocol when you are trying to establish a connection to a server on internet (which hosts the webpage you wanna wiev). It doesnt matter whether you know its happening or not, after all its your computer that connects, the software connects. The Three way handshake goes like this, you send a connection request to the server which includes instructions concerning which port you wanna connect to on the remote server. Second handshake: The server says "All right!", acknowledges you and puts you in a queue. Third handshake: you return an acknowledgement and the connection is opened. Now that was a little tecnical so i put in "All right" to ease it up haha!

It is my belief thinking out loud that "callback" refers to the second handshake. Im not quite certain what the error message means with voice though. This is my theory:

I believe you have gotten some kind of badly coded spyware on your machine, a buggy on ie. Spyware/adware is often badly coded. I said i once lost my internet connection due to spyware, actually i lost it because i didnt remove it properly the first time, so i needed to run som other commands to kill it. As Twist86 said, it could mess up your registry. In other words spyware needs to be handled correctly, AdAware should do that but might not always do. I recommend you run SpySweeper as well, my experience tells me its more thorough than AdAware (AdAware might have improved lately of course). So what i think is that this spyware program is trying to connect to its motherserver, but a bug somehow ends the process on the second handshake. Windows catches the TCP/IP failure and reports it as a error. Bugged spyware could probably freeze your system. But how is the error and freeze connected? Do they come right after each other, is there a long time in between? Well it got holes, but however. The error message i believe states clearly that were talking about some kind of failed connection. So run Spysweeper, or another program to try and cover stuff AdAware has missed. Different programs often have different spyware fingerprints.

Hovewer im not convinced concerning what exactly triggers the error message. If the second handshake didnt go through, the Time-to-live (TTL) part of the IP packet should time out normally, and return something like "Sorry we were unable to connect to the requested page". Besides if you can use internet yourself its clearly working, which means the TCP/IP protocol is healthy. As said by Twist86, it might be a registry problem.

Heres something constructive, to decide whether this is a internet connection issue or a internal problem on your machine, i want you to unplug internet. Draw out all plugs, if your using WLAN turn it off, not just log off your network. How do you connect to the internet? Is it an always on connection (like cable), or do you need to dial up? If its an always it might explain some things. Its very convenient but less secure, it means the moment windows has finished loading you are connected to the internet, and all kinds of activities can happen in the background. But now isolate yourself from the internet. If the error still occurs, you can take this reply and flush it down. On the other hand if the error stops just like that, its most likely a internet connection issue.

And heres the solution that usually work, if you have a kid in your neighbourhood, with pale skin and huge glasses that looks kinda locked in, you should talk to him and he can probably fix it.

Phew, didnt mean for it to be this long, i ... just ... couldnt stop!

suprasteve · 02-03-2006, 08:14 PM

umm, so what exactly are you asking? How to speed it up more?

**Buzz1927** · 02-03-2006, 08:16 PM

Please download Hijackthis from here.
Run Hijackthis and select "Do a system scan and save logfile".
Then post the log here, I'd be happy to look at it for you.

NC99999 · 02-05-2006, 02:36 PM

Wow! Thanks for the in-dept analysis!

Now, when my system freezes, my mouse and keyboard freezes. I can't do anything so I manually shut down my system and reboot. I'll then go into control panel/maint.&perf./event folder(?), where it lists errors under system. It seems like whenever (or most of the time) i go into control panel, it's freezing up on me too. But, I don't get a pop up at all.

I tried downloading and running Spysweeper (froze up on me 3 times during the process) but can't really afford the $30 to subscribe! (i'm a student) I did run it about 15 min. after i ran AdAware, and it picked up another 20 files or so. I then downloaded and ran Spybot a little later, it picked up a couple of files, restarted, and it froze up again!

I am connected through high speed sympatico, and use a router (LAN). My wife's computer is hooked up to the same router, and she has no problems with freeze ups. I tried to hook us up on a network, but i don't think i did it right! I guess that another story! lol This leads me to believe that it's not the connection.

Thanks again for your reply!
NC

NC99999 · 02-05-2006, 03:42 PM

"umm, so what exactly are you asking? How to speed it up more?"

If possisble, i'd like to fix my system so id doesn't freeze up anymore.

"Run Hijackthis and select "Do a system scan and save logfile".
Then post the log here, I'd be happy to look at it for you."

I've posted the second half of the notepad that popped up after the scan. I hope this is what you wanted.
Thanks!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

elmarcorulz · 02-05-2006, 04:19 PM

Quote:

I've posted the second half of the notepad that popped up after the scan. I hope this is what you wanted.
Thanks!

Post all of it.

NC99999 · 02-05-2006, 06:15 PM

"Post all of it."

Here ya go:

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\sistray.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sympatico.ca
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe"
O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe"
O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.co...x/HMAtchmt.ocx
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe
O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

**Buzz1927** · 02-05-2006, 07:26 PM

The log's clean. It's a long shot, but you got some of the symptons, so it's worth a try.

Download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, reboot back into normal mode,

Post back if that helps.

JustCallMeBob · 02-05-2006, 09:37 PM

To clear some up, i might have been impresice, i didnt mean YOUR internet connection didnt work, i meant that assuming spyware was the cause, it were trying to connect in the background, but failed. Buzz seems to be pretty good at these logs so ill let him do the talking for now, hmmm.

NC99999 · 02-05-2006, 10:05 PM

"Post back if that helps."

I followed your instructions, and my system is still freezing up on me. I tried to access the log, but it froze up on me twice trying to get in.

"To clear some up, i might have been impresice, i didnt mean YOUR internet connection didnt work, i meant that assuming spyware was the cause, it were trying to connect in the background, but failed. Buzz seems to be pretty good at these logs so ill let him do the talking for now, hmmm."

Ah, i see. I'm kinda hesitant to disconnect from the internet in case i mess something up and can't connect afterwards, for some reason. I can have a tendancy to do these kinds of things! lol

02-03-2006, 08:16 PM	#13 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,927	Please download Hijackthis from here. Run Hijackthis and select "Do a system scan and save logfile". Then post the log here, I'd be happy to look at it for you. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

02-05-2006, 07:26 PM	#18 (permalink)
Buzz1927 Digaredd Join Date: May 2005 Location: Melbourne AU Posts: 6,927	The log's clean. It's a long shot, but you got some of the symptons, so it's worth a try. Download AproposFix from here: http://swandog46.geekstogo.com/aproposfix.exe Save it to your desktop but do NOT run it yet. Then reboot your computer in Safe Mode by doing the following: 1) Restart your computer 2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3) Instead of Windows loading as normal, a menu should appear 4) Select the first option, to run Windows in Safe Mode. Once in Safe Mode, double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts. When the tool is finished, reboot back into normal mode, Post back if that helps. __________________ The Grim Reaper - Son of Glyndwr "To Hell or Connacht" may you burn in Hell tonight!

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

02-03-2006, 06:19 PM	#11 (permalink)
JustCallMeBob Bronze Member Join Date: Jan 2006 Location: 127.0.0.1 Posts: 69	Please tell me more about the error. Exactly when does it pop up. After you perform a specific action? Or does it just pop up randomly? In that case try and see if you did something special the second it pops up. And another thing, what does it look like, is it a little window with a stopsign cross whatever, error text and the option to press okay. Or does it appear in a error report window? You have probably seen the error report window before if your using xp. In the lower right corner it offers you either to send the error report to microsoft or not to send it. And does the error message offer any tecnical information as well. Do you eg see a "More details" link or any similar? I know i have defined your error mesage above, but im looking for the kind of info that makes you go "now what the h... is that" if there is any. It would be helpful if there were some more specific information pointing to where the error lies, but for now ill return to what i know, and please allow me to think out loud as im just airing my ideas here, and i dont know the cause. We need to have the main job of spyware (assuming it got something to do with this) clear (ive just gotten this on my mind). The point with those programs is to monitor you simply. What webpages you visit, what kind of words you search for on google and so on, and then send that information back to the source server in the background so they can bother you strictly speaking. First notice that the error message points to a remote site. A remote site is hosted by a remote server. Its reasonable to belive that this error occurs as a result of an internet connection attempt, if im not mistaken. You also see "on callback". I think thats essential for understanding the problem (mark i say understanding, not solving). And i believe that the callback is refering to the Three way handshake. The three way handshake is performed by the TCP protocol when you are trying to establish a connection to a server on internet (which hosts the webpage you wanna wiev). It doesnt matter whether you know its happening or not, after all its your computer that connects, the software connects. The Three way handshake goes like this, you send a connection request to the server which includes instructions concerning which port you wanna connect to on the remote server. Second handshake: The server says "All right!", acknowledges you and puts you in a queue. Third handshake: you return an acknowledgement and the connection is opened. Now that was a little tecnical so i put in "All right" to ease it up haha! It is my belief thinking out loud that "callback" refers to the second handshake. Im not quite certain what the error message means with voice though. This is my theory: I believe you have gotten some kind of badly coded spyware on your machine, a buggy on ie. Spyware/adware is often badly coded. I said i once lost my internet connection due to spyware, actually i lost it because i didnt remove it properly the first time, so i needed to run som other commands to kill it. As Twist86 said, it could mess up your registry. In other words spyware needs to be handled correctly, AdAware should do that but might not always do. I recommend you run SpySweeper as well, my experience tells me its more thorough than AdAware (AdAware might have improved lately of course). So what i think is that this spyware program is trying to connect to its motherserver, but a bug somehow ends the process on the second handshake. Windows catches the TCP/IP failure and reports it as a error. Bugged spyware could probably freeze your system. But how is the error and freeze connected? Do they come right after each other, is there a long time in between? Well it got holes, but however. The error message i believe states clearly that were talking about some kind of failed connection. So run Spysweeper, or another program to try and cover stuff AdAware has missed. Different programs often have different spyware fingerprints. Hovewer im not convinced concerning what exactly triggers the error message. If the second handshake didnt go through, the Time-to-live (TTL) part of the IP packet should time out normally, and return something like "Sorry we were unable to connect to the requested page". Besides if you can use internet yourself its clearly working, which means the TCP/IP protocol is healthy. As said by Twist86, it might be a registry problem. Heres something constructive, to decide whether this is a internet connection issue or a internal problem on your machine, i want you to unplug internet. Draw out all plugs, if your using WLAN turn it off, not just log off your network. How do you connect to the internet? Is it an always on connection (like cable), or do you need to dial up? If its an always it might explain some things. Its very convenient but less secure, it means the moment windows has finished loading you are connected to the internet, and all kinds of activities can happen in the background. But now isolate yourself from the internet. If the error still occurs, you can take this reply and flush it down. On the other hand if the error stops just like that, its most likely a internet connection issue. And heres the solution that usually work, if you have a kid in your neighbourhood, with pale skin and huge glasses that looks kinda locked in, you should talk to him and he can probably fix it. Phew, didnt mean for it to be this long, i ... just ... couldnt stop!

02-03-2006, 08:14 PM	#12 (permalink)
suprasteve Diamond Member Join Date: Oct 2005 Location: Atlanta Posts: 1,355	umm, so what exactly are you asking? How to speed it up more?

02-05-2006, 02:36 PM	#14 (permalink)
NC99999 New Member Join Date: Nov 2005 Posts: 10	Wow! Thanks for the in-dept analysis! Now, when my system freezes, my mouse and keyboard freezes. I can't do anything so I manually shut down my system and reboot. I'll then go into control panel/maint.&perf./event folder(?), where it lists errors under system. It seems like whenever (or most of the time) i go into control panel, it's freezing up on me too. But, I don't get a pop up at all. I tried downloading and running Spysweeper (froze up on me 3 times during the process) but can't really afford the $30 to subscribe! (i'm a student) I did run it about 15 min. after i ran AdAware, and it picked up another 20 files or so. I then downloaded and ran Spybot a little later, it picked up a couple of files, restarted, and it froze up again! I am connected through high speed sympatico, and use a router (LAN). My wife's computer is hooked up to the same router, and she has no problems with freeze ups. I tried to hook us up on a network, but i don't think i did it right! I guess that another story! lol This leads me to believe that it's not the connection. Thanks again for your reply! NC

02-05-2006, 03:42 PM	#15 (permalink)
NC99999 New Member Join Date: Nov 2005 Posts: 10	"umm, so what exactly are you asking? How to speed it up more?" If possisble, i'd like to fix my system so id doesn't freeze up anymore. "Run Hijackthis and select "Do a system scan and save logfile". Then post the log here, I'd be happy to look at it for you." I've posted the second half of the notepad that popped up after the scan. I hope this is what you wanted. Thanks! R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sympatico.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.co...x/HMAtchmt.ocx O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

02-05-2006, 06:15 PM	#17 (permalink)
NC99999 New Member Join Date: Nov 2005 Posts: 10	"Post all of it." Here ya go: Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\system32\sistray.EXE C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe C:\Program Files\Trend Micro\PC-cillin 2002\WebTrap.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\HijackThis\HijackThis.exe C:\WINDOWS\system32\wuauclt.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = sympatico.ca R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Sympatico R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.d ll O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb0 4.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\pccguide.exe" O4 - HKLM\..\Run: [PCCClient.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\PCCClient.exe" O4 - HKLM\..\Run: [Pop3trap.exe] "C:\Program Files\Trend Micro\PC-cillin 2002\Pop3trap.exe" O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay109.hotmail.msn.co...x/HMAtchmt.ocx O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: PC-cillin PersonalFirewall (PCCPFW) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\PCCPFW.exe O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\PC-cillin 2002\Tmntsrv.exe

02-05-2006, 09:37 PM	#19 (permalink)
JustCallMeBob Bronze Member Join Date: Jan 2006 Location: 127.0.0.1 Posts: 69	To clear some up, i might have been impresice, i didnt mean YOUR internet connection didnt work, i meant that assuming spyware was the cause, it were trying to connect in the background, but failed. Buzz seems to be pretty good at these logs so ill let him do the talking for now, hmmm.

02-05-2006, 10:05 PM	#20 (permalink)
NC99999 New Member Join Date: Nov 2005 Posts: 10	"Post back if that helps." I followed your instructions, and my system is still freezing up on me. I tried to access the log, but it froze up on me twice trying to get in. "To clear some up, i might have been impresice, i didnt mean YOUR internet connection didnt work, i meant that assuming spyware was the cause, it were trying to connect in the background, but failed. Buzz seems to be pretty good at these logs so ill let him do the talking for now, hmmm." Ah, i see. I'm kinda hesitant to disconnect from the internet in case i mess something up and can't connect afterwards, for some reason. I can have a tendancy to do these kinds of things! lol