Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Explorer VERY slow


  • This topic is locked This topic is locked
23 replies to this topic

#1 papercut

papercut

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 04 March 2009 - 03:21 AM

Hi,

I know my computer has a lot of problems...
This computer's got a history of Vundos and trojans. I can never be sure that I've gotten rid of them all. I have Symantec Antivirus Enterprise and Spyware Doctor, did a scan on both recently and nothing worth noting turned up (other than tracking cookies, blah blah). So here's the symptom description:

If I boot into normal mode, it literally takes some 5-10 minutes for my desktop + taskbar to come up. Normally this comes up in 5-10 seconds. What I can do though, is to open up Task Manager and use Run... to run my programs, e.g. Firefox. After 5-10min the desktop/taskbar comes up, but explorer freezes once every 10 seconds or so. Maybe "freeze" isn't the right word. Explorer "unfreezes" once every minute or so for 10 seconds, then freezes again for a minute. During the freeze it won't even update anything on the taskbar. All the programs are unresponsive for the first 5 seconds I alt-tab into it, but after that it works like normal.

Eventvwr has the following log once every minute or so:
The server {8BC3F05E-D86B-11D0-A075-00C04FB68820} did not register with DCOM within the required timeout.

I looked at some online advice and this seems like WMI is down (I've seen messages of "WMI needs to shutdown" or whatever for a week or two now, but the issue described in this thread as well as this eventvwr entry only happened today), and one solution was to go into dcomcnfg and do some fidgeting there. Anyway, I go to dcomcnfg, open up Component Services, open up Computers, and bam dcomcnfg dies and with the following entry in eventvwr:

The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in f:\xpsp3\com\com1x\src\comsvcs\package\cpackage.cpp(1184), hr = 8000ffff: InitEventCollector failed

I'm not sure if this is some virus or just my computer being messed up.


The day before this happened I gave myself full access to HKEY_CLASSES_ROOT. May seem stupid, but I read somewhere that this is a fix for MSI not working properly sometimes and I didn't know better at the time. Maybe this is related.


Thanks for the help :thumbsup:

BC AdBot (Login to Remove)

 


#2 Guitarist

Guitarist

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:12:38 PM

Posted 04 March 2009 - 03:33 AM

sorry, not too sure what the problem would be myself but if you want to try something while waiting for someone to post another response here are some free online scans you can try... but of course..you'd be using you internet explorer... your call

http://www.kaspersky.com/virusscanner

http://www.ewido.net/en/onlinescan/

http://www.eset.com/onlinescan/

hope that helps

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:38 AM

Posted 04 March 2009 - 01:09 PM

Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10010
Date:
Time:

support.microsoft.com.
Event ID 10010 Source DCOM.

GUID {8BC3F05E-D86B-11D0-A075-00C04FB68820} Windows Management and Instrumentation

If you're not finding any malware, read Slow Computer/Browser? Check here first; it may not be malware. There are reasons for slowness besides malware - i.e. disk fragmentation, disk errors, corrupt system files, too many startup programs, unnecessary services running, not enough RAM, dirty hardware components, etc. As your system gets older it becomes filled with more files/programs and has a natural tendency to slow down so cleaning and regular maintenance is essential.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:38 AM

Posted 04 March 2009 - 03:17 PM

Thanks, I will attempt to fix the DCOM error again when I get home today...
As for the slow browser issue, I highly doubt that it's due to some sort of built-up. This issue happened overnight. My CPU temperature is steady at 45-50C, mem/cpu usage all looks good. It's only explorer that's freezing, all the other programs work fine. Heck, I can even play games and it'll run smooth.

#5 Guest_tylerisdabest_*

Guest_tylerisdabest_*

  • Guests
  • OFFLINE
  •  

Posted 04 March 2009 - 03:26 PM

did the scan find any adware.mywebsearch?

#6 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  

Posted 05 March 2009 - 12:59 AM

tylerisdabest: I don't recall seeing that one. I do have the Spyware Protect 2009 malware though.

quietman7: I tried all 3 of your links, the first 2 offered solution instructions, tried them both and unfortunately the problem is still there. I'm still getting the DCOM error and explorer is still frozen most of the time.

Guitarist: Running Kaspersky right now.

#7 Guitarist

Guitarist

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:09:38 AM

Posted 05 March 2009 - 01:20 AM

okay when that's done let me know what it found and quarantine them of course.


________________________________________


if you want to try and improve your start-up

click Start>Run then type msconfig and click the tab that says start up those are the programs that start up when you turn on your computer...here you can take off any programs you close when you turn your computer on to save some time. if you don't know what the program is i recommend searching it in google before taking it off in case its drivers or something of importance

#8 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 March 2009 - 01:35 AM

I've looked at startup, I know everything there and most of them have been there for ages.
Although, safe-mode boots fine.

Can't try turning them off and reboot right now though. Kaspersky is running.

#9 Guitarist

Guitarist

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:09:38 AM

Posted 05 March 2009 - 02:06 AM

yea let the scan finish, just thought id let you know how to stop programs you dont want starting up from doing so if you didnt already know how to :thumbsup:

hows the scan coming along? finding anything?

#10 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 March 2009 - 02:11 AM

Took hella long to download. It's only 15k files in, nothing yet. Maybe I'll just leave it running overnight, it's getting late.
If I can't get this fixed in the next few days I'll consider formatting my OS partition...It's been almost three years, a reformat is due.

#11 Guitarist

Guitarist

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:09:38 AM

Posted 05 March 2009 - 02:20 AM

okay, yeah a reformat is due and the best way to make sure everything is gone but not always the funnest thing to do :thumbsup: but if this finds nothing ill help you get a log for Hijackthis then you should make a new post in the hijackthis log section or however that works (not sure cuz im newer to this site i just know im not suppose to guide you with it incase of anything probably) but one way or another im sure we can get your computer going i have fixed much worse so much easier when your in front of it tho :flowers: anyways when the scan finishes post if it found anything besides tracking cookies and we'll go from there or until someone has a better idea of the problem

#12 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 March 2009 - 12:11 PM

Ok, Kaspersky found two backdoor.hupigeons. Those are my main concern, stupid Symantec never caught those. During the scan, Symantec's autoprotect also found a junkload of vundos and metajuans.
:thumbsup:

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,047 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 05 March 2009 - 05:45 PM

Did your anti-virus/anti-spyware scanner provide a specific file name associated with this malware threat(s) and if so, where is it located (full file path) at on your system?

Each security vendor uses their own naming conventions to identify various types of malware so it's difficult to determine exactly what has been detected or the nature of the infection without knowing more information about the actually file(s) involved.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 Guitarist

Guitarist

  • Members
  • 66 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ontario, Canada
  • Local time:11:38 AM

Posted 05 March 2009 - 06:05 PM

http://www.spywareremove.com/removeBackdoorHupigeon.html


but yea as quietman7 said in order to get rid of them we need to know the names of the files you want to get rid of other wise we dont really know what we are trying to do

hopefully that site is helpful and is what your trying to get rid of

#15 papercut

papercut
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 05 March 2009 - 08:00 PM

Kaspersky identified it as C:\Windows\sysguard.exe, which I've since deleted.
There was another entry in SystemVolumeInformation\_restore that I don't recall off the top of my head, but I have the log saved at home which I can bring up when I get back home tonight...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users