Please help problem-ridden computer$%!!&*

Discussion in 'Malware Help (A Specialist Will Reply)' started by Dani, Jun 8, 2005.

  1. Dani

    Dani Private E-2

    I apologize in advance if none of my problems are related to this particular forum, but you'll forgive me, I'm sure, as it has literally taken my machine TWO HOURS to get me to this point. I am devastated at the problems I'm experiencing, as my work and education are suffering as a result of my mind-numbingly slow, unresponsive, unpredictable computer. Oddly, I don't have AS MUCH trouble with AOL as I do with People PC(impossible to load pages), but tonite Aol is behaving very badly as well, and I have a Hijack log waiting in case anyone would be kind enough to take a look.
    It started three weeks ago, when I got a popup from a questionable site(ist svc stuff) and at the same time was removing files to make room on the puter, so I'm not sure which if either is to blame. I have run every antispyware/virus I can find(all found something but still my system is inoperable-Norton alone took 98 hours!!! to scan), including CWShredder. Am now trying out AVGFree, as I heard it's not as slow as Norton. It found 1 trojan none of the others did, so I'm wondering if there are some viruses left, but not sure. Also, both times I've reinstalled Norton, it comes up with an error message when I'm trying to uninstall, saying a file is corrupted and uninstallation will not continue. Does that mean I'm supposed to reinstall in order to uninstall?
    Also, I'm looking for a VXD patch-I tried one that apparently couldn't find a CAB file(22), but once every 5 restarts or so I get a error message on the blue screen about VXD errors. Finally, my mouse gets sluggish sometimes, my clock has slowed on 3 occasions, and there is a delay in scrolling/opening windows both on and off line. If anyone can help, I'd truly appreciate it.
    Dani
    PS System resources reads 66% free on 32 MB system, with 429 mb available
     
    Dani, Jun 8, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the directions below for installing, running, and posting HJT logs. Then post your log as an attachment.

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, Jun 8, 2005
    #2
  3. Dani

    Dani Private E-2

    I apologize if I'm doing this wrong. I am new and have enough trouble getting to any site as it is(took over 3 hours to get here again! Seems to be a problem loading individual pages-once I'm settled into one, computer almost acts normal!) Anyway, I've tried to attach a log file, please let me know if it's successful. I also meant to note that while I've uninstalled 2 windows updates(worked for a minute or two), I do still have q823559,840315, & 890175 on my computer. Believe me, I don't want to bother you with things you don't want to know-I think you guys are amazing for doing what you do for people-I just don't want to leave anything out. Also, if you do get the hijack log, I have no idea why netpenny is listed in the first line, as I don't use them anymore. Again only mentioning in case you find relevance. Thanks for your time and patience.
    Dani
     

    Attached Files:

    Dani, Jun 9, 2005
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Do you use PeoplePC or not? There is at least one item there from them that is a known problem.
    Look at bartshel.exe in the below link:
    http://www.answersthatwork.com/Tasklist_pages/tasklist_b.htm

    Do you use PeoplePC's tools bars? Do you want them to be your default start and search pages?

    Do you know what the below is for:
    O4 - Startup: recwatch.exe


    You have a very old system that looks like it was upgraded to Windows 98 from Windows 3.1. And you may be running on an antique for a PC.
     
    Last edited: Jun 9, 2005
    chaslang, Jun 9, 2005
    #4
  5. Dani

    Dani Private E-2

    I did upgrade from 95 to 98. What gets me is I have an even older 95 machine(only probs no usb, too outdated for web courses etc) that searches the internet like it's on crack, but this one I'm using seemed fine until fairly recently and I fear it's something I've done. Anyway, going to check out that link now--thanks SO MUCH for help. Almost forgot, yes I am subscribed to People PC, but it seems much worse than AOL which I'm also holding onto for now as a result of these probs.
     
    Dani, Jun 9, 2005
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Yes but do you use and want the People PC stuff?

    You did not answer my other question!
     
    chaslang, Jun 9, 2005
    #6
  7. Dani

    Dani Private E-2

    Sorry about that. Yes I do want People PC and whatever's supposed to go with it to be my home page. However, when I log onto it now, AOL insists on loading their AIM toolbar, etc and I don't know how this happened. I looked up bartshel-can I just delete it or is there a way for me to disable on my own? Sorry for not knowing-don't want to mess up! Also, no I don't know what recwatch is-will look into it asap. Thanks so much!
     
    Dani, Jun 10, 2005
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Your problem with AOL and People PC is not an issue for the Spyware Forum. Try the Software Forum or call People PC. There is probably an option to disable this somewhere.

    You may not be able to just delete bartshel. It appears to be loaded indirectly from another process. Again speak to People PC on what is really needed. Quite often none of what these ISP's load on your systems is required. However some users find it difficult to setup connections on there own. This is also not a Spyware Forum related issue.

    We need to figure out what recwatch is. It could also be part of People PC.

    Let's start with what we know we need to do. You must use only one antivirus application. So you need to choose the one you prefer and uninstall the other. Since you are having problems already uninstalling Norton, yes you may need to reinstall it to fix it. What version is it? Personally I would use AVG over Norton.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).

    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.netpenny.net/default.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O13 - WWW. Prefix: http://
    O16 - DPF: {4248083C-9656-11D2-8B7F-00105A17847A} - http://downloads.mplayer.com/MplayerStub.exe
    O16 - DPF: Win32 Classes - file://C:\WINDOWS\Java\classes\win32ie4.cab

    After clicking Fix, exit HJT.
    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Jun 10, 2005
    #8
  9. Dani

    Dani Private E-2

    Greetings. Thanks for detailed instructions. I found that recwatch.exe is affiliated with a free registry cleaner I recently downloaded and used, that I kept because it seemed useful in some way. If not, let me know. Next step is to reinstall and delete Norton as all the times I ran never found anything anyway> Will keep AVG as you recommended and run new log file after fixing. I hope you will personally review it. Thanks also for pointing me to other forums-will follow all directions to best of my ability. Oh, I mentioned the ISP discrepancies here bc I heard some viruses etc cause window sizes & other things to change suddenly which seems to be the case. Example: when I type an address in People PC bar, the window comes up smaller than before. Feel free to chalk this up to useless information and I will post that issue in recommended forum. Hope to chat again soon. Thanks again.
     
    Dani, Jun 10, 2005
    #9
  10. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    For your registry cleaner, I assume your are referring to:
    O4 - HKCU\..\Run: [Registry Cleaner] "C:\PROGRAM FILES\REGISTRY CLEANER TRIAL\REGCLEAN.EXE"

    I would uninstall this and see if recwatch goes away. Also there is no reason for a registry cleaner to always be loaded at startup unless it is doing more than just registry cleaning. Normally registry cleaners should only be run it they are needed. Which program is it?

    I really do not know anything about PeoplePC other than the info I have seen from other people who have used it in this forum. General opinion was "not very good".
     
    chaslang, Jun 10, 2005
    #10

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds