Not Responding

I have WinXP and internet explorer 6

I goto web sites, click around and when new page begins to load, the explorer just... stops.. It gives me this "Program not responding "... Now, this happens with so many sites I goto not particularly just one... It didn't use to happen.. How do i fix this or find the source of prob?

 

Whenever Internet Explorer starts to act squirrely, the first thing to suspect is corrupt files in IE's cache and spyware.

To empty the cache, in IE, go to Tools>Internet Options>General tab and click the "Delete Files" button. Check the box to delete all offline content as well, click OK.

For spyware, if you haven't already, download, install, immediately update and then run Spybot and/or Ad-Aware. Read the help files to familiarize yourself with how they work. I recommend you use them both since each tends to find things the other misses. Let them clean up any spyware found.

 

I emptied the cache and used both spywares to remove everything... But it still has the problem..

 

Try running CWShredder from the link in my signature. If you're still having problems then, post a HijackThis log (available from the same link). Download it to a permanent folder on the drive (I create a new folder in C: named HijackThis), open and scan, then save log. Once saved it will open in notepad. Select all from the edit button, copy and paste the results here. Don't fix anything with it yet. Someone experienced with the logs will tell you what/how needs fixed.

 

We're having the same problems. We have run all the spyware programs you suggest etc. Still hangs up. We Cleared all cookies, all files, all history, all temp files etc. Still hangs up.

You suggest to get to a hijack program and run it by clicking a link.

Can't - when we click the suggested link the Windows BBS stops responding.

Would a reinstall of Internet Explorer be in order - if so - how.
This is a real problem - can't go beyond a step or two on the internet anymore. Has not been this way very long - just in the past week or so.

Thanks

 

Logfile of HijackThis v1.97.7
Scan saved at 12:54:32 AM, on 5/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\SpUpdate.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\WINDOWS\system32\usrsdpia.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SmartGet\SpAgent.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Mark\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {91F9A5B6-F7F3-4491-BE96-5A78EE0B825E} - (no file)
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpLauncher] C:\WINDOWS\System32\SpUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [usrsdpia] C:\WINDOWS\system32\usrsdpia.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Shortcut to CacheSentry.lnk = C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: Yahoo! GoStop - http://download.games.yahoo.com/games/clients/y/gst1_x.cab
O16 - DPF: {01F802A6-6A28-45BB-A9AA-A4EA8051DC7D} (Prjlulugame.lulugameExe) - http://www.lulugame.com/lulu2/game/Prjlulugame.CAB
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04E69B71-730F-4F8A-80B6-A7FB03317881} (SsPlugin10000372000057 Class) - http://file.smartshow.co.kr/codebase/SsMana10000372000057.cab
O16 - DPF: {0C4A9D28-66B5-4A70-B915-B6AEA5112472} (Icon02 Control) - http://www.bozy10.com/icon02.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr/wmpdownload/CDNExtX.cab
O16 - DPF: {66B30EA0-C033-4D4B-9F90-EA0AF07363AF} (BugsMediaPlayer Control) - http://so.bugs.co.kr/BugsOggPlay_11.CAB
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37967.6295023148
O16 - DPF: {AEFD1FBF-F311-4A6F-A360-B5BCC74BE3EE} (SpriteCtrl Class) - http://www.mysprite.com/sprite/bin/Sprite.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {CF362BDB-4EA2-11D5-AB47-000102913414} (SetGlb Control) - http://so.bugs.co.kr/SetGlb.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab
O16 - DPF: {D7635E4E-011D-4116-952A-F476C66B2448} - http://partner.webhelper.co.kr/codebase/lulugame/webhelper.cab
O16 - DPF: {ED1EEBEE-F0AA-474B-9829-61C482E72644} (PDBox25 Control) - http://www.pdbox.co.kr/filebox/ctrl_down/PDBox25.cab

 

jbarker,

You probably should have followed thru as suggested in this thread. Anyway, you should already have a copy of HijackThis. Please post a log on that thread instead of this one. It becomes confusing trying to help more than one in the same thread. If you can, run some online virus scans.


Nanashi,

Scan with HJT again, place a check next to these and fix.

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {91F9A5B6-F7F3-4491-BE96-5A78EE0B825E} - (no file)
O4 - HKCU\..\Run: [usrsdpia] C:\WINDOWS\system32\usrsdpia.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe

With task manager, end process on usrsdpia.exe. Then for now, rename the file to usrsdpia.old. You may need to show hidden files to find it.

Please run some online virus scans. eTrust in my signature.

RAV

Housecall

Reboot and post a new log.

 

Here's after all you told me to do

Logfile of HijackThis v1.97.7
Scan saved at 7:30:25 PM, on 5/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\WINDOWS\System32\SpUpdate.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\SmartGet\SpAgent.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Highjackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpLauncher] C:\WINDOWS\System32\SpUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [usrsdpia] C:\WINDOWS\system32\usrsdpia.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Startup: Shortcut to CacheSentry.lnk = C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04E69B71-730F-4F8A-80B6-A7FB03317881} (SsPlugin10000372000057 Class) - http://file.smartshow.co.kr/codebase/SsMana10000372000057.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr/wmpdownload/CDNExtX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37967.6295023148
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

 

Hmmm...RAV found nothing? I don't see that you ran Housecall or eTrust. I also see those run items are back. Scan with HJT again and fix these.

O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKCU\..\Run: [usrsdpia] C:\WINDOWS\system32\usrsdpia.exe
O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe


End task on this process again if there. usrsdpia.exe Search the drive for it and delete all you find. Make sure you have set to show hidden files and search them too. OH, and the one you renamed. Did it get recreated, or just re-renamed? Get rid of it too. Empty ALL temp folders. C:\Windows\Temp, C:\Documents and Settings\(all)usernames\Local Settings\temp and all temporary internet files from within each user's local settings folder. Delete everything from prefetch folder. C:\Windows\Prefetch Disable system restore and last, empty recycle bin. Reboot. Scan at Housecall then post another log. Please let us know if things have improved.

 

Did everything you told me to do
It's still having that problem...
What could possibly the problem arg... Uninstallling and reinstalling Internet Explorer wouldn't help would it?
It feels as if its cause something's hogging the resource, preventing pages from loading.. Please continue to help me

Oh by the way, the housecall virus check won't load so I only used RAV


Logfile of HijackThis v1.97.7
Scan saved at 6:50:19 PM, on 5/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\WINDOWS\System32\SpUpdate.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
C:\Program Files\SmartGet\SpAgent.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\mmc.exe
C:\PROGRA~1\Logitech\Video\AlbumDB2.exe
C:\PROGRA~1\Logitech\Video\FxSvr2.exe
C:\Highjackthis\HijackThis.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe "
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpLauncher] C:\WINDOWS\System32\SpUpdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: Shortcut to CacheSentry.lnk = C:\Documents and Settings\Mark Lee\Desktop\CacheSentry.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Download all by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: Download by Net Transport - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {04E69B71-730F-4F8A-80B6-A7FB03317881} (SsPlugin10000372000057 Class) - http://file.smartshow.co.kr/codebase/SsMana10000372000057.cab
O16 - DPF: {2C197E55-080B-42A4-BFD0-9595B3534CF4} (KVPplugin00 Control) - https://www.vpay.co.kr/KVPplugin01.cab
O16 - DPF: {48ECCD73-123C-4C25-A64C-76E8E8A30CAF} (XPayMPIOCX Control) - http://mpi.dacom.net/XPayMPI/Xecure_LiveUpdate_XPayMPIOCX.cab
O16 - DPF: {630B5ED1-D6B0-4D31-8AE2-7687DF72BA9D} (Extream Class) - http://wmpdownload.nefficient.co.kr/wmpdownload/CDNExtX.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37967.6295023148
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {BF22698D-3BED-4CB0-BA3A-64534FBC32B1} (SVWebPlayer Control) - http://www.seevideo.co.kr/pub/seevideo2002/SVWebPlayer.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D6016EE7-A8FF-11D1-B37E-A4759ECD7909} (AxPulse Class) - http://www.pulse3d.com/players/english/PulsePlayerAxWin.cab

 

Did you get an error message or anything? What exactly happens when you try to run the scan? Do you remember doing anything in particular just prior to this slowdown? New software install, new player, Updates to any software or Windows, anything?? You have alot of ActiveX controls installed by various media players. Try deleting all of them and running the scan again. Go to Tool>Internet Options>General Tab>click the settings button for TIF' then view objects. Select all and delete. It's safe to do as they will be reloaded as needed. On the security tab, custom level button, ActiveX settings should be prompt, disable, disable, enable, enable.

Open task manager to processes tab. CPU column should be visible for each process. Observe what is being used and by what processes. Are there any other running processes that look odd (random numbers and/or letters, other than the ones in your current log)?

 

Nanashi - you can't really uninstall IE from XP like you could with earlier OS versions.

 

Ok the housecall worked, I didn't have to do much.. I just retried one or two times and it loaded.. I guess that was internet problem. Found one trojan virus and got rid of it.

It's working a bit better now, this site that always showed "not responding" error is working now... But few of the other sites I goto, I still get it. I think its cause of some useless things running.. Is there a way to find out which ones I need or not? Cause even by looking at the task manager, I can't really see if they're needed or not

 

Slow XP

Hi, if your using AOL,thats your answer. I switched to cable, abd no more problems like that. Have you tried 'Last good startup? Restart your comp,when it starts over, lightly tap F8, a list will come up, highlight, Last known good configuration, you may loose some programs, depending on how far back it will go. GOOD LUCK

 

Yeah, I got rid of AOL (AIM), I think that helped a bit... but still the same prob...

I'm not sure if I wanna try that last restart haha... some programs I don't wanna lose

 

Hi Nanashi,

Did you dump the DPF's? Since a trojan was found, as I suspected, suggest you do a couple more scans with some dedicated trojan scanners. Trojanscan.com is an online scanner. Also run Stinger and/or The Cleaner.

Two freeware apps that will help identify what is running and necessary/unnecessary. Process Explorer and Service Contoller-XP. With process explorer open, when you get a not responding window, see if anything is using alot of the CPU. At that time also, click file and save (make sure nothing is highlighted or it will only save that process to the text rather than all of them). Copy and paste the contents of the saved text file here.

 

Ran stinger, and the cleaner
Whenever I tried Trojanscan, while loading it popped up that not responding window everytime I tried. This is the saved text file from the Process explorer at that time


Process PID CPU Description Company Name
System Idle Process 0 74
Interrupts n/a 2 Hardware Interrupts
DPCs n/a 1 Deferred Procedure Calls
System 4
smss.exe 632 Windows NT Session Manager Microsoft Corporation
csrss.exe 680 Client Server Runtime Process Microsoft Corporation
winlogon.exe 704 Windows NT Logon Application Microsoft Corporation
services.exe 748 1 Services and Controller app Microsoft Corporation
svchost.exe 940 Generic Host Process for Win32 Services Microsoft Corporation
winamp.exe 3184 Winamp Nullsoft
svchost.exe 1040 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1176 Generic Host Process for Win32 Services Microsoft Corporation
svchost.exe 1208 Generic Host Process for Win32 Services Microsoft Corporation
LEXBCES.EXE 1384 LexBce Service Lexmark International, Inc.
LEXPPS.EXE 1460 LEXPPS.EXE Lexmark International, Inc.
spoolsv.exe 1424 Spooler SubSystem App Microsoft Corporation
CTsvcCDA.EXE 1632 Creative Service for CDROM Access Creative Technology Ltd
nvsvc32.exe 1680
locator.exe 1740 Rpc Locator Microsoft Corporation
svchost.exe 1768 Generic Host Process for Win32 Services Microsoft Corporation
MsPMSPSv.exe 1872 WMDM PMSP Service Microsoft Corporation
msiexec.exe 2748 Windows® installer Microsoft Corporation
lsass.exe 760 LSA Shell (Export Version) Microsoft Corporation
explorer.exe 324 8 Windows Explorer Microsoft Corporation
ctfmon.exe 464 CTF Loader Microsoft Corporation
dlbkbmgr.exe 664 Dell AIO Printer A920Button Manager Dell Computer Corporation
dlbkbmon.exe 1108 Dell AIO Printer A920Button Monitor Dell Computer Corporation
SpUpdate.exe 832 SpUpdate MFC ?? ????
SpAgent.exe 2020 SpAgent MFC ?? ????
rundll32.exe 1012 Run a DLL as an App Microsoft Corporation
CacheSentry.exe 1184
IEXPLORE.EXE 2072 Internet Explorer Microsoft Corporation
dwwin.exe 3640 3 Microsoft Application Error Reporting Microsoft Corporation
AnyCapture.exe 2628 Any Capture Ver 3.09 Any-capture
IEXPLORE.EXE 3788 Internet Explorer Microsoft Corporation
AcroRd32.exe 4036 Adobe Reader 6.0 Adobe Systems Incorporated
msnmsgr.exe 2336 Messenger Microsoft Corporation
procexp.exe 3664 9 Sysinternals Process Explorer Sysinternals
EM_EXEC.EXE 1220 Logitech Events Handler Application Logitech Inc.
eeeipkfj.exe 1328
conime.exe 260 Console IME Microsoft Corporation
KazaaLite.kpp 240 2

Process: Procexp Pid: -2

Type Name

 

Nanashi

Repair IE

Black Viper will help you decide what to turn on and off in Services.

MikeLin's StartUpCPL puts a tab in your control panel to make it simple for you to decide what should load at boot. It is a lot easier to use than msconfig.

Is your XP firewall enabled? Do you have any other internet security, firewall or av? A quick scan of your log didn't show any running?

Johanna

 

Two problems. One major, one semi-major.

Major- eeeipkfj.exe 1328 Kill that process, search for and find ALL instances and delete, in safe mode if necessary.

Semi-major- KazaaLite.kpp 240 2 Eats up your bandwidth and CPU. If alot of files are in the shared folder, will prevent most applications, especially IE from running properly. Kill it when not d/l. Rename folder so it's not sharing everything when you open up to d/l. It will create a new folder which you can then move new stuff to old folder. Better yet, GET RID OF IT!

Haven't anylized further than that yet. Those two jumped out at me. Take care of them and see how you fare.

 

DUHHH on MY part!! I was so busy looking for bad stuff, I failed to look for GOOD stuff. Just read through Johanna's post and got smacked upside the head. NO ANTIVIRUS!! Suggest you click right here and take advantage of the free trial. Quickly!