For the last week everytime I connect to the internet my Start Bar seems to freeze up then eventually all the icons on it disappear. I have to use alt+tab to switch between screens. I have run Trend's Housecall virus program and it does not show a virus. I did download IMesh last week and during the setup process it froze up and I cancelled the process. I really hope someone can help. My system resources seem to be at around 50% when I am connected to the internet and about 70-80% when not connected.

Sounds like you have picked up some spyware. I believe IMESH is known for depositing such items. What are the programs running in the background and at start-up?

Hi momof4 - here is an easy way to give us the information that Maxx asked for. Go here (http://www.spywareinfo.com/files/startuplist.zip) and download and run Startup List. It will generate a log file. Copy the log and paste it back into this thread

StartupList report, 1/19/2003, 7:55:58 PM
StartupList version: 1.51
Started from : C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE
Detected: Windows ME (Win9x 4.90.3000)
Detected: Internet Explorer v6.00 (6.00.2600.0000)
* Using default options
==================================================

Running processes:

C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\3CMLNKW.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\MDM.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\AHEAD\INCD\INCD.EXE
C:\WINDOWS\SYSTEM\HPOOPM07.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMONNAME\TOOLBAR\WINNET.EXE
C:\PROGRAM FILES\HOTBAR\BIN\4.1.8.0\HBINST.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPODEV07.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOEVM07.EXE
C:\PROGRAM FILES\HEWLETT-PACKARD\HP OFFICEJET G SERIES\BIN\HPOSTS07.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\FASTLANE\ARUPLD32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\EARTHLINK TOTALACCESS\MAILCLNT.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\UNZIPPED\STARTUPLIST[1]\STARTUPLIST.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\WINDOWS\Start Menu\Programs\StartUp]
HPAiODevice.lnk = C:\Program Files\Hewlett-Packard\HP OfficeJet G Series\bin\hpodev07.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

ScanRegistry = c:\windows\scanregw.exe /autorun
SystemTray = SysTray.Exe
InCD = C:\Program Files\ahead\InCD\InCD.exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
HPAIO_PrintFolderMgr = C:\WINDOWS\SYSTEM\hpoopm07.exe
TaskMonitor = c:\windows\taskmon.exe
winnet = C:\PROGRA~1\COMMON~2\TOOLBAR\winnet.exe
MSConfigReminder = C:\WINDOWS\SYSTEM\msconfig.exe /reminder
Zenet = rundll32.exe C:\PROGRA~1\COMMON~2\TOOLBAR\CNBabe.dll,DllStartup
Hotbar = C:\PROGRAM FILES\HOTBAR\BIN\4.1.8.0\HBINST.EXE /Upgrade

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run Services

StillImageMonitor = C:\WINDOWS\SYSTEM\STIMON.EXE
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
3Cmlink = c:\windows\SYSTEM\3cmlnkW.exe
*StateMgr = C:\WINDOWS\System\Restore\StateMgr.exe
SchedulingAgent = mstask.exe
Machine Debug Manager = C:\WINDOWS\SYSTEM\MDM.EXE

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

IM = C:\PROGRAM FILES\EARTHLINKIM\aim.exe -cnetwait.odl
E6TaskPanel = "C:\PROGRAM FILES\EARTHLINK TOTALACCESS\TASKPANL.EXE" -noauth

--------------------------------------------------

C:\WINDOWS\WININIT.BAK listing:
(Created 16/1/2003, 11:18:40)

[rename]
NUL=c:\windows\TEMP\_iu14D2N.tmp

--------------------------------------------------

C:\AUTOEXEC.BAT listing:

SET windir=C:\WINDOWS
SET winbootdir=C:\WINDOWS
SET COMSPEC=C:\WINDOWS\COMMAND.COM
SET PROMPT=$p$g
SET TEMP=C:\windows\TEMP
SET TMP=c:\windows\TEMP
SET CLASSPATH=C:\EasyPhoto\PhotoDeluxe 2.0\AdobeConnectables
SET PATH=C:\BITWARE\;c:\windows;c:\windows\COMMAND;C:\ PRESTO~1\PAGEMGR\;c:\windows;c:\windows\COMMAND;C: \PRESTO~1\PAGEMGR\;C:\PROGRA~1\SYMANTEC\PCANYW~1;C :\VRS1641;C:\WINDOWS\TWAIN_32\SCANPORT;C:\WINDOWS\ TWAIN\SCANPORT

--------------------------------------------------

C:\WINDOWS\WINSTART.BAT listing:

C:\WINDOWS\tmpcpyis.bat

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\SYSTEM\VEG32.DLL - {7DD896A9-7AEB-430F-955B-CD125604FDCB}
(no name) - C:\WINDOWS\SYSTEM\FONE.DLL - {000000F1-34E3-4633-87C6-1AA7A44296DA}
(no name) - C:\PROGRAM FILES\XUPITER\XTUPDATE.DLL - {2662BDD7-05D6-408F-B241-FF98FACE6054}
BabeIE - C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNBABE.DLL - {00000000-0000-0000-0000-000000000000}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Tune-up Application Start.job
Automatic Full Backup.job
Automatic Differential Backup.job
trena's backup.job
Maintenance-ScanDisk.job
PCHealth Scheduler for Data Collection.job
Maintenance-Defragment programs.job
Maintenance-Disk cleanup.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\FLASH\FLASH.OCX
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[MrSIDI Control]
InProcServer32 = C:\PROGRA~1\LIZARD~1\LIZARD~1.2\MRSIDI.OCX
CODEBASE = http://www.ancestry.com/search/io/mrsidi.cab

[TestX Class]
InProcServer32 = C:\WINDOWS\SYSTEM\PTESTX.DLL
CODEBASE = http://www.printmaster.com/Plugin/3DGreetings/PlayerX.CAB

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM\MACROMED\DIRECTOR\SWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

[HouseCall Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\XSCAN53.OCX
CODEBASE = http://a840.g.akamai.net/7/840/537/2002121801/housecall.antivirus.com/housecall/xscan53.cab

[CSS Web Installer Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\CSSWEB.DLL
CODEBASE = http://www.commandondemand.com/commercial/cod/cabs/cssweb.cab

[BrowseFolderPopup Class]
InProcServer32 = C:\WINDOWS\MCBIN\SHARED\MGBRWFLD.DLL
CODEBASE = http://download.mcafee.com/molbin/Shared/MGBrwFld.cab

[{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}]
CODEBASE = http://www.mp3-center.org/free_mp3.exe

[sys Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PCPITSTOP.DLL
CODEBASE = http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB

[AV Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PAV.DLL
CODEBASE = http://www.pcpitstop.com/antivirus/PCPAV.CAB

[PWMediaSendControl Class]
InProcServer32 = C:\WINDOWS\DOWNLOADED PROGRAM FILES\PWACTIVEXIMGCTL.DLL
CODEBASE = http://216.249.25.152/code/PWActiveXImgCtl.CAB

[Helper Class]
InProcServer32 = C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNHELPER.DLL
CODEBASE = http://www.commonname.com/english/toolbar/cnbabeb3.cab

--------------------------------------------------

Enumerating Winsock LSP files:

Protocol #1: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
Protocol #2: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
Protocol #3: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL
Protocol #10: C:\PROGRAM FILES\COMMONNAME\TOOLBAR\CNMIB.DLL

--------------------------------------------------
End of report, 7,696 bytes
Report generated in 0.668 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Hi momof4

D/load and run Spybot Search & Destroy (http://beam.to/spybotsd) to get rid of some junk you have on your PC, like the CommonName and Hotbar stuff.

I want to thank you so so much. I downloaded the SpyBot program and did not realize there were so many things in there to clean up. I ran the program and cleaned up the "junk". My toolbar is back now and have have gone back to 94% system resources. You are an angel. I have been trying to figure this one out for over a week. I just can't thank you enough.:D

momof4,

Most of the spyware and "browser enhancements" that appeared in your start-up list, come on-board through installing software billed as freeware. There are many, many good applications on the net that are free and without any strings attached. However...there are just as many freebies loaded with garbage software and spyware. They lead to the type of trouble you had here as well as compromise your security. Before downloading and installing these "free" aplications, you should check around to see if they are contaminated with this spyware or not. You can do this by coming to forums such as this and asking around or you can check the software against lists published on the net, that will tell you if the stuff is clean or not.

Here is one you can try in the future:

http://www.spychecker.com/

Glad you got things fixed.....happy puting. :)

Another database here:

http://www.tom-cat.com/spybase/index.html

You're very welcome, momof4.

I ran the program and cleaned up the "junk" Sorry about the wording.......I was trying to get my response out to you ASAP, as I saw you were browsing the forum, and I couldn't come up with better terminology for it.

You are an angel
Thank you.........AnnMarie and I are tag team angels http://216.40.249.192/mysmilies/otn/angels/angel.gif

:D