Jump to content


Photo

very slow computer & won't restart properly


  • Please log in to reply
5 replies to this topic

#1 lynne

lynne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 09 June 2004 - 02:18 AM

Hi,
My computer is VERY slow in opening windows and documents, and sometimes even simple desktop icons. Simple functions often stall or don't respond.
Also, when I try to shut down or restart, I get a message saying "Program not responding" so then I have to click "end task".
Also, ad-aware keeps indentifying two problems that I always remove, but they always reappear after a reboot. And "removing" them always resets my Start Page to msn.com.

I am new here. I have read the FAQ and followed the advice (no purple monkey - lol) - but am still having the problems I hust mentioned. I am running Microsoft Windows Me on a GenuineIntel Pentium® III processor with 64MB RAM. I have donwloaded and run Spybot S&D and CWShredder and they are no longer finding any problems. I have also done the basics of running scandisk and regularly (twice a week) defrag.

The two problems found by ad-aware (that it keeps finding after each reboot) are listed as:

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

Possible browser hijack attempt : .Default\Software\Microsoft\Internet Explorer\MainStart Pageabout:blank

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "about:blank"
Rootkey : HKEY_USERS
Object : .Default\Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "about:blank"

------------
I notice in the forums here that some people with problems are advised to run a HouseCall scan.
I cannot seem to run HouseCall properly because as soon as it begins to perform a scan, it vanishes and produces a pop-up saying "Housecall has found and cleaned a malware"... called P_PARTIE.A or something else and it asks me to reboot to remove the trojan. After each reboot the problem with HouseCall persists. I also tried the Panda Active Scan, which took a few hours and removed most of my anti-spyware programs, so I have just downloaded them all again and checked for updates, so I should be up-to-date.

Here is my Hijackthis log. I would really appreciate any help, please and thanks.
Lynne.

Logfile of HijackThis v1.97.7
Scan saved at 2:04:54 PM, on 6/9/2004
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\ICSMGR.EXE
C:\WINDOWS\SYSTEM\MSHOSTS.EXE
C:\WINDOWS\SYSTEM\MSROOT.EXE
C:\WINDOWS\DESKTOP\ANTI-VIRUS STUFF\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.cbn.net.id:8080
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [ICSMGR] ICSMGR.EXE
O4 - HKLM\..\Run: [RPC] C:\WINDOWS\SYSTEM\MShosts.exe
O4 - HKLM\..\Run: [IMClass] C:\WINDOWS\SYSTEM\MSROOT.EXE
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [System Soap Pro] C:\PROGRAM FILES\SYSTEM SOAP PRO\SOAP.exe min
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...7890.0929050926
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O17 - HKLM\System\CCS\Services\VxD\MSTCP: Domain = cbn.net.id
O17 - HKLM\System\CCS\Services\VxD\MSTCP: SearchList = cbn.net.id
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 202.158.3.7,202.158.3.6

#2 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 09 June 2004 - 06:22 AM

Hi,
MSHOSTS.EXE = Troj/Atrar-B :alarm:
Print out the above article for reference as you'll need to check your Registry entries.

As for the "About:Blank" [see here]
Just add it to the "Ignore List"

Reconfigure Windows Explorer to show Hidden Files:
Open the Windows Explorer Folder Options - View [tab]:

Scroll down to the "Files and Folders" section.
Select: "Display the contents of system folders".

Scroll down to the "Hidden Files and Folders" section.
Select: "Show hidden files and folders", Ok the prompt
Uncheck: "Hide file extensions for known file types"
Uncheck: "Hide protected operating system files" Ok the Prompt, click Apply

Next:

Close all open windows, except for HijackThis place a check in each of the following:
Then click "Fix checked".

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [RPC] C:\WINDOWS\SYSTEM\MShosts.exe
O4 - HKLM\..\Run: [IMClass] C:\WINDOWS\SYSTEM\MSROOT.EXE


Then reboot, on restart, restart in Safe Mode (see "How To" below)

Open Windows Explorer locate and delete the following:

C:\WINDOWS\SYSTEM\MSHOSTS.EXE <--this file
C:\WINDOWS\SYSTEM\MSROOT.EXE <--this file

Restart normally and then ...follow the above (article) instructions. Including any other files and changing any other passwords, etc.

Then I would suggest: :deal:
AVG 6.0 Anti Virus [freeware] http://www.grisoft.com/

After the above post a fresh log ...

Edited by WinHelp2002, 09 June 2004 - 06:28 AM.

Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#3 lynne

lynne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 09 June 2004 - 10:31 PM

Hi WinHelp2002 (or anyone other Experts reading this),

First, thanks for your prompt reply. Sorry about my late response - but I'm now posting from another computer at another location.

I had carefully followed all of your instructions and everything was going well and the computer began operating faster and shutting down/restarting without any hassles - until the final instruction - when I downloaded, installed and ran AVG 6.0 Anti Virus [freeware] http://www.grisoft.com/

The program found 342 infected files - just about all were infected with Win32.Parite A/B/C (I think mostly 'B'). AVG repaired/healed some of them but was unable to repair/heal many others, so I followed AVG's advice of moving them to the "virus vault" (a quarrantine, I presume) and restarted my computer. It then would not open Windows. A box appeared telling me "Error Loading Explorer.exe You must reinstall Windows".

So I tried restarting in 'Safe Mode' - and before it could get to Windows, a big red/yellow AVG screen appeared against a blue background, informing me that a virus has been found and asked me to heal, delete, yes or no, or something like that. None of these options worked. Each time, no matter which option I tried, up came the box saying "Error Loading Explorer.exe You must reinstall Windows".

Any advice on what I should do now? If I have to get Windows reinstalled, does that mean I will risk losing files on my C Drive? The only really important files I have are Word documents necessary for my work.

I'm no expert - but I'm guessing AVG maybe put something vital in its 'virus vault' - so that's maybe why I now can't open Windows.

Would greatly appreciate your advice. Thanks.
Lynne.

#4 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 10 June 2004 - 05:25 AM

Lynne,

A box appeared telling me "Error Loading Explorer.exe You must reinstall Windows".

Ouch! ... Win32/Parite.A, Win32.Parite.b, W32/Pate.b, Win32/Pinfi.A

W32.Pinfi
Appends itself to Explorer.exe to remain memory-resident.

Sounds like "Explorer.exe" was infected and AVG moved it to the "vault".

[Questions]
1) Do you have a WinME boot disk?
2) Do you have a WinME CD or do you have a (OEM) "restore CD"?
3) Do you know exactly where your "Word docs" are located?
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file

#5 lynne

lynne

    Member

  • New Member
  • Pip
  • 4 posts

Posted 10 June 2004 - 07:43 AM

Hi Mike,
Thanks very for replying again - I was worried I might be in a 'too hard basket'.

In answer to your questions - I personally don't have any the WinME boot disk, WinME CD or (OEM) "restore CD".

I know that my Word Docs are in 'my documents' and in various folders.

Although I don't have the boot disk/restore CD, there are a couple of computer tech guys at a company affiliated to the firm I work for. I've emailed them about my problem and will now email them again to ask if they can bring the disks that you mentioned.

Will keep you posted - and thanks again.
Lynne.

******************
no signature - but life is too short to cry over computers :techsupport:

#6 WinHelp2002

WinHelp2002

    Taking back the Internet

  • Global Moderator
  • PipPipPipPipPip
  • 5,365 posts

Posted 10 June 2004 - 08:59 AM

Hi,
You may be able to reinstall ME over itself ... however you may lose the contents of "My Documents", but you could copy them to a floppy, or move them to another folder. I'd do that before attempting a reinstall.

Requires a WinME bootdisk ( http://www.bootdisk.com/ )

Windows stores the needed files in:
C:\WINDOWS\OPTIONS\INSTALL
or
C:\WINDOWS\OPTIONS\SETUP
Depending on the previous install. So you'd need to boot from the floppy.
From "C:\>" (type and press Enter)

cd\windows\options\install
setup

[or]
cd\windows\options\setup
setup

The install will run from there ...

Let me know what you want to do before the above, if needed.
Mike
Former Microsoft MVP Posted Image 1999-2012
"There's no place like 127.0.0.1"
Posted Image
Blocking Malware, Parasites, Hijackers, Trojans, http://www.mvps.org/...p2002/hosts.htm with a HOSTS file




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button