Link to home
Start Free TrialLog in
Avatar of gwinn23
gwinn23

asked on

Can't open task manager or run msconfig / regedit from start menu. System slowed to almost nothing.

I'm logged in as admin, system is clean according to updated Norton Antivirus 2003, all updates for XP and IE installed.

I have a large AVI file which I am trying to delete: it says it's in use by another program. Right clicking on the file is VERY slow, when I click on preferences nothing happens.

When I try to run Task Manager it just opens for a second (or not at all). Same problem with msconfig or regedit from the start menu.

Also, my system has bogged down to almost nothing. Is this a virus that Norton won't detect, or something else ? I did have MSBlast and an unidentified trojan, but they both now show as cleaned.
Desperately need help !

Running XP pro on a compaq P4 1800mhz, 512 RAM: was clean install on primary HDD although there was an old version on 98 on the slave drive (now removed)
Avatar of CrazyOne
CrazyOne
Flag of United States of America image

For the AVI

Don't use Explorer in fact close all explorer widows now

Instead do this

Start > Run cmd

DEL C:\TheFolder\TheFile

or
 
remove the following registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{87D62D94-71B3-4b9a-9489-5FE6850DC73E}\InProcServer32

or

if the file is not broken just delete it from within Widows Media Player when you go to open it
The other issue sounds like the YAHA worm or possibley the KLEZ

McAffee has utility that is aimed at removing the virus and fixing the registry

Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/


Also Symantec
Here is a link on how to remove it. This is pretty detailed so pay close attention and do it the way it is outlined.


http://securityresponse.symantec.com/avcenter/venc/data/w32.yaha@mm.html


http://www.symantec.com/avcenter/venc/data/w32.yaha.h@mm.html 

or

http://www.symantec.com/avcenter/venc/data/w32.yaha.k@mm.html 
Oh and run your viruses tools and scanner in safe mode for now.
Avatar of gwinn23
gwinn23

ASKER

great, that worked...but why can't I access task manager or run msconfig ?

MUCH thanks :)
Avatar of gwinn23

ASKER

sorry, too quick on my comments there :)
Avatar of dew_associates
Are there any errors in the event logs GW?
CO, spot-on.

Emergency Msconfig, Regedit, Task Manager (Line 261)
http://www.kellys-korner-xp.com/xp_tweaks.htm

Troubleshooting the Task Manager
http://www.kellys-korner-xp.com/xp_t.htm#tm
How else do you think a millionaire earns his points? He sticks to what works.
Avatar of gwinn23

ASKER

Ok...
CrazyOne: Stinger came up clean. YAHA and Klez variants are all included in my virus def's., ran an update and full system scan today, nothing detected in my files that would indicate either one with a manual search either.  

Dennis: (nice to see ya :)
I have the following errors from today:
Application:
Perflib: The timeout waiting for the performance data collection function "RemoteAccess" in the "C:\WINDOWS\System32\rasctrs.dll" Library to finish has expired. There may be a problem with this extensible counter or the service it is collecting data from or the system may have been very busy when this call was attempted. (2x)

Usernv:Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.  

System:
Dhcp:Your computer has automatically configured the IP address for the Network Card with network address 0030842D4B4F.  The IP address being used is 169.254.226.223. (3x)

DCOM:Access denied attempting to launch a DCOM Server using DefaultLaunchPermssion. The server is:
{00020906-0000-0000-C000-000000000046}
The user is Unavailable/Unavailable, SID=Unavailable.

FreekHendriks: yes, but it was a bit different and didn't address the lost access to msconfig / task manager, which is my primary problem.
None of those will affect how items open from the Start - Run GW.

Let's back up a bit. Has this been an ongoing issue or has it just begun happening. If it has just begun, then what has occurred or changed on the system recently?
00020906-0000-0000-C000-000000000046 has to do with MS Word. It is unlilely the cause of the current problem but in Windows unrelated things can and do bind themselves at times to other issues. Are you noticing any problems with MS Word?
Try this

Start > Run chkdsk /r
reboot and defrag

next do this

start > run sfc /scannow
Avatar of gwinn23

ASKER

good question. I did the install 6 days ago, and I know that regedit was working as recently as last Thursday (09/18) when I used it to resolve the mouse driver problem. I don't recall using it (or taskmanager/msconfig) again until today.
I've reinstalled several programs, mostly my graphics stuff (Photoshop, Illustrator, Flash, .etc) but nothing that would cause the problem as far as I know. They are all running fine on the other workstation.
Taskmgr.exe is present in the system32 directory.

Sramesh2K: Not sure I trust the advice from that site since a) the first recommendation in restoring the taskmanager would actually disable it completely, and b) they want me to replace my registry file with something they wrote.
GW, boot the system into safemode and try and open regedit and msconfig.
Avatar of gwinn23

ASKER

they open fine in safe mode.
ASKER CERTIFIED SOLUTION
Avatar of CrazyOne
CrazyOne
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gwinn23

ASKER

Just FYI, and not particularly related but by default Paintshop Pro v7 and Creative Labs Poser have some apparently conflicting file extensions with XP. In particular, .msc and .mat. If those programs are loaded the default file settings have to be edited.
Avatar of gwinn23

ASKER

Crazyone: No, that worked normally: i.e., disabling from msconfig in safe mode also disabled in regular startup.
Avatar of gwinn23

ASKER

Why in the world am I having so many problems with this OS ? Nobody else seems to have them: first I can't load mouse drivers, then I can't configure an ICS, now this. This is a commercial copy of XP pro and licensed for multiple computers, my company paid big $$ for it. It runs fine on the other computers at the home office.  ????
Something just ain't right. :(
Avatar of gwinn23

ASKER

My computer is a Compaq 7500 that originally came loaded with XP home edition in German. I removed that and installed win 98SE in english, because it was the only english OS I had access to.
The HDD crashed, so I bought a NEW HDD and got a copy of the XP CD from the main office in the US shipped over, and ran a fresh install. There shouldn't be any record of the old OS here unless it's in BIOS ? I can't get the original CD because they're on another continent.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of gwinn23

ASKER

thanks, I'll start looking through those.
Well part of the question the part about the AVI was answered in my first comment. The other part of the question seems to be unresolved but prior gwinn23 last comment several comments made by Experts, primarily dew_associates, have possiblity of working. I would suggest if gwinn23 doesn't return that the points be split.
gwinn, can you tell us what worked?