System clean, need repair now?

Hi there. I've been over at the malware forum getting a cleaning from all kinds of goodies - Kestrel13! was extremely helpful and I am grateful for the help.

Now it seems I need some repairs to the OS, as it is not operating properly:

MS Security Essentials is not being recognised by the Security Center. I have removed and reinstalled it several times with no luck.

Boot up takes longer than usual

I have to tell the system to shurdwon at least twice before it actually does, and then I get hangs from explorer.exe and HiddenFaxWindow

Typing is very lagged - I have to wait for the letters to catch up

Dell Vostro 1000 laptop-2 years old Win XP SP3 1G RAM
Can someone help me please? Thank you.

 

I've had luck with dialafix on XP systems after malware removal:
http://majorgeeks.com/downloadget.php?id=4899&file=15&evp=7d21ae5c611baf9a52b1750805534dda

Also, I'm guessing it runs good or better in safe mode?

From a command prompt, run sfc /scannow, put in the disk when and if prompted.

Any check marks in the device manager?

What antivirus?

And have you looked at your autoruns programs? This program works good with XP also:
http://majorgeeks.com/downloadget.php?id=619&file=9&evp=31c01d0f79867b21b844cd676262c9ba

If uncertain what do disable, post back the list you get.:wave

 

Thanks Kestrel13! I'm thinking what I (maybe) need is someone to walk me through an XP repair using the recovery console. This computer is not only lagging with every character I type, anything I try to do is very very slow - for instance, turning system restore off, and then on; setting a new restore point; opening IE; connecting to the wireless network; etc. I really feel like those viruses did some serious damage to the system and I just don't know how to repair it. And the fact that MSSE is not being recognised by the security center has me worried. I don't want to return this computer to my friend until I am sure that it is working properly and protected properly. And after all that we accomplished in the malware forum, I would die if I had to format and reinstall! :cry

 

Hi Halo. Thanks for your reply.
I just finished running sfc /scannow, which I had to try to run 3x because the first 2x it wouldn't work - just seemed to be done in about 10 seconds....but the 3rd time it ran for about 1/2 hour, so it appears to have run now. (apparently nothing works the first time on this computer right now!) rolleyes

I have run ccleaner (registry and files), and am attaching the installed programs list for your review. Looking through my notes, when I got this computer, it had the following programs, or remnants of programs:

Advanced System Optimizer
AVG Free (not functioning properly until I ran MBAM)
Comodo Anti-Virus + Firewall (remnant)
GIMP 2.6.5 (not sure what this is)
Google Desktop
Google toolbar
Java 5 update 6
Limewire (remnant)
McAfee Security Center (remnant)
MSN toolbar
Softonic toolbar
Systweak ASO v 3.0.635.4753
Windows Live OneCare Safety Scanner (online scan remnant)
Yahoo □u"ã:C [gibberish] (which I determined to be a toolbar)
Yahoo Browser Services
Yahoo Install Manager
Zonealarm (remants)

I ran the following specialized removal tools:
AVG
McAfee

I then uninstalled the rest of these; manually deleted left over program folders; ran ccleaner to get rid of them all.

I also ran the Symantec Vundo Removal Tool, just to be sure it was gone, and it said "Vundo not found". Whew!

Once the computer was clean from Vundo/Variant, Vundo/Variant-Slider, Trojan.Dropper n.exn and Trojan Dowloader HTML:RENOS, I installed MS Security Essentials. I have since uninstalled and reinstalled it several times, but it is never recognised in the security center.

It had IE7, but would not take security update KB978207 and MS could not resolve by resetting the WU temp files, or trying to install in safe mode, manually, so they suggested I upgrade to IE8, which I have done.

I did get an error when I uninstalled AVG - error code 0x80041014

At one point I got this error two times: R6034 attempt to load C runtime library, but haven't seen that since a week ago.

I went to the Dell site and downloaded all the updates for the computer (and there were a ton) including CD firmware, BIOS update, etc.

The CD would not write, even after a firmware update, so I tried the MS auto fix, but it failed, so I had to manually go into the registry and remove the upr/lwr filters and reinstall the thing; now it is working.

I've run chkdsk.

[somewhere about this point Kestrel13! got involved and cleaned the system thoroughly]

No bangs on any devices..

My startup programs are the standards - MS XP OS + adobe, itunes, java, etc. nothing special.

Boot up takes longer than usual.

I have to tell the system to shutdown at least twice before it actually does, and then I get hangs from explorer.exe and HiddenFaxWindow (and sometimes Connections Tray). Matter of fact, anything I tell it to do, I have to tell it 2 to 3 times, before it responds.

Typing is very lagged - I have to wait for the letters to catch up - it's really amazing how slow it is! LOL

I will go reset the security center as you suggest, reinstall MSSE and do the basic cleanup as you suggest, and will report back shortly.

Thank you very much!

 

Just a follow-up here. The cleanup tool for the security center worked - even though I got an error when I ran it - MSSE is now recognised!! Fantastic!

I had a look at the "cleanup" suggestions. I have already done all of that, actually. I had another look, just to be sure.

Oh, and BTW - when I ran sfc /scannow, it never asked me for the XP disk, so I assume that means that nothing was bad and needed restoring?

I look forward to your reply and next steps. Thanks.

(I attached a copy of the error)

 

You've got a lot of garbage on there, including a very outdated Java. I'd uninstall the Java, GIMP, all Google names, all Yahoo names, limewire, MSN, softonic, systweak, and zonealarm. Use Revo if needed;
http://majorgeeks.com/downloadget.php?id=5706&file=15&evp=98fb234f35985df47019a5783ef45bf8

Then reinstall Java from here;
http://majorgeeks.com/downloadget.php?id=4648&file=9&evp=5ef8b1f3160483c4ce2de236363794fa

Have you run the dialafix?

Good news with the SFC anyway.

And what is starting in your autoruns programs? You can get and post a list from the tools/startup in cCleaner.:wave:wave

 

Hi. Yes, I know it was a lot of garbage - perhaps I didn't make my post real clear - that list is what was on the computer when I first got it. I have since removed all those items, updated Java, etc etc. I posted an attachment of my current programs list from ccleaner in an earlier thread. No, I have not run dial-a-fix yet - what exactly am I supposed to do with it? Sorry, I am not familiar with that program.
Thanks.

 

Sorry, I see that now. It was just that the old Java kind of grabbed my attention.
Download dialafix, check all the boxes, and let it run. I'd set a restore point first, for security, though I've never had to use it.

I would take itunes out of my startup, I've seen that bog some machines. You also don't need adobe in there, Java I would leave as else it does take a few seconds to load when called for. The fewer programs you have running at startup the faster you'll be. I never have more than six running, which includes the security programs. And anything you disable will still run when needed.:wave

 

I went over to cnet to read the description and user reviews on it, and quite frankly, I am afraid to use it without some guidance, as the reviews warn the user to be well-read before attempting to use it. Any instructions you might give me please?

Sorry - I just saw your recent post as I posted this message - I will disable Adobe and iTunes from startup. Then I'll go try dialafix. If I completely mess things up, I will be able to use F8 and Last Known Good Configuration, right? Thanks.

 

As I said, set a restore point first, though I've never needed it.

When it opens, put a check in all the boxes. There is a good chance you'll get one or more error reports, don't worry about those. After starting it, leave it alone to finish. When done, reboot.

I've had this fix a number of issues after malware removal. Wish they'd come out with version for Vista and 7. Let me know how it works.:wave

 

Here is what happened:
ran dialafix
doesn't recognise IE*
gave me half a dozen or so errors when it got to the IE box
hung on ntmssvc.dll
killed process; ran again
hung again; killed; ran again
hung at registering es.dll
killed again
closed SAS, ran again
tooltips will not work
still hung at registering es.dll

I tried to open IE8 and it does not respond, not the regular way, not without add-ons, and not using WU.

Looked in the programs list and IE8 still shows as installed.

Any suggestions? I am afraid to shut the computer down now. :cry
Thanks..

 

an update:
I thought perhaps if I reverted to IE7 I might recover from this ...
So I tried to run the IE8 uninstaller from ccleaner, and it hangs on "checking configuration".

 

It seems as thoug your system is quite compromised, I'm surprised the SFC didn't find anything. Can you uninstall IE8 using the Windows program?
Did you set a restore point? Can you restore? Do you have your data backed up?
Do you have a recovery disk? Do you get a "System Recovery" message on boot-up?
I think you can see where I am going here. You can continue to try to fix this for hours, possibly without success. Or you can perform a system recovery, but be sure to have any data you don't want to lose on some external medium.
Here are step by step instructions; but wait to see if anybody else has some other ideas for you. A large % of computers that I clean end up with this process, but at least it allows you to save your data.

1 Disconnect all the peripherals (printer, modem, USB), leaving only your monitor, mouse and keyboard.

Step
2Back up all the data that you want to save. Once you reformat and restore the computer, all existing data will be completely erased. This includes any email, program files and drivers. Be sure to save your "My Documents" folder.

Step
3Reboot your computer. As it boots up, a blue bar will appear across the top of the screen, displaying www.dell.com. As soon as you see this bar, press the "Control + F11" buttons. If you can't press these buttons in time, the computer will complete the boot process.

Step
4Click "Restore" on the screen that appears. A warning message will appear, indicating that you will lose all your data. This will initiate the restore process, which will take up to 10 minutes.

Step
5Once the process is complete, a message will appear indicating that the system recovery process was successful. Click "Finish" to reboot your computer. Your hard drive is now restored to its original configuration.

Step
6Review and accept the End User License Agreement and other legal material that will appear on your screen.

Step
7Gather your software, such as the Dell application CDs that were shipped to you with your laptop. Use these to reinstall the applications that originally came on your laptop, such as MS Office and Quicken.

 

Brandypeppy, the reason for the error is because the program does not work with IE8. Therefore all the errors. In reading the user reviews on cnet, I found this out.

I rebooted, used last known good configuration and am back here just fine.

Then I ran WU and I found 2 updates, which had already been installed, but WU wanted to install them again. They were KB796569 .Net frmwk 2.0 SP2 and KB976570 .Net frmwk 3.0 SP2. So I re installed them and they have registered fine.

I do have everything backed up, but have not "unregistered" this computer with iTunes. After all the work Kestrel13! did with me, I was really hoping to repair this system and not wipe it. Really, I think it can be done - I just need some guidance.
Thanks.

 

Yes, you do get error messages with dialafix and IE8, (I believe 7 as well),
but as I said, you can ignore them. But it should not disable it.
I didn't say anything about unregistering ITunes, just to remove it from your autorun list. You can still use it. As I said, I have seen this program bog a machine. I don't know why as I don't use it myself so I've never investigated it.
Is the computer still lagging? After you ran dialafix, and before the restore, was there any improvement? How is boot time?:wave:wave

 

Well, I think it disabled it because it hung when unregistering es.dll. No matter, all is back to the way it was.

When you have iTunes on a computer, and you purchase music, the computer has to be "registered", and you are only allowed a certain amout of registered computers/devices. I can not wipe this system without unregistering the computer, or it will be counted as a registered device (but one that doesn't exist if I wipe the drive without unregistering it).

I already had to do this on the other system they have, in which the HDD basically exploded and I was not able to unregister it before putting a new HDD in.

Typing on the computer is still very lagged, yes. Boot up has improved slightly. I did not run "Restore", I simply booted in F8 to Last Known Good Configuration.

 

Does it run normally in safe mode? If yes, use MSconfig to disable startup items one or two at a time, then reboot, using the selective startup option.
This can narrow it down to what is causing poor performance.
When you start your task manager, under the performance tab, what is your % CPU usage?

Or, here is another XP fixer;
http://www.majorgeeks.com/downloadget.php?id=6302&file=15&evp=4eee2df6f2a6429d9263e51ab7415adb
But I've never used this one yet.:wave

 

The typing lag is not an issue in safe mode.

CPU% usage has always been low - didn't appear to be a problem at all.

I am concerned about this other download you've given me - is it for XP? Because form what I have seen, it is Vista and W7. Forgive me, but I don't want to end up like I did with the other one! LOL

I will try the selective startup and report back.
Thanks.

 

Sorry, that is a W7 fixer:-o. Just happened across it.
But the fact that safe mode is ok is ignormas. I still have to wonder about the itunes program, on autorun. Are you saying if this isn't in the autorun, you can't use it properly? Remember, it will still start when called for, I am not talking about unregistering it.

A post of all of your autotuns, either from msconfig or ccleaner, would be helpful, if you haven't already solved this.:wave

 

Okay - good thing I aksed - I almost ran it, but figured I'd wait to hear from you.

I have a post in here of the startup programs. in a previous day's message - it's a JPEG of ccleaner. Per your suggestion, I disabled Adobe and iTunes from startup. The registration of the computer with iTunes has nothing to do with that.

 

Look at your programs in autorun in safe mode with networking, this, plus antivirus, is all you need.

I would use this tool;(startup cpl)
http://majorgeeks.com/download619.html

And disable Dell automated, dell quickset, e center, sunjava updater, all adobe, itunes, and windows search.

How's this run then?:wave:wave

You can always reenable and programs, like adobe, will still kick in when and only when called for.

 

I have disabled everything possible in startup, and uploaded a copy here for you to see. Typing is still lagging. Ran another sfc /scannow; it never asked for the XP CD (again). Uninstalled Windows Search, ran ccleaner on the registry. Any other ideas please?

 

The list looks pretty reasonable now, although, unless it's a paid for subscription, the super anti spyware isn't giving you any real time protection and can be disabled without concern. And the Dell E center is just some bells and whistles and not needed.

This is certainly a bit of a stumper. Did/does the system run better without MSSE? I haven't used that one so I'm not certain how many resources it takes up. You could always use AVAST if yes.

Else, you still may need to do a repair/reinstall.:wave:wave

 

Yes, SAS-free only prevents your home page from being changed in IE; all else is done manually.

MSSE really doesn't make a difference. It's very light on resources, and I didn't have any difference in the typing with it on or off the system.

Drivers? Could some drivers have been damaged by the viruses? Or, perhaps an IRQ conflict somewhere?

 

You said in post 6 "there were no bangs on devices", I assumed that meant that your device manager had no errors.
I haven't done a lot of trouble shooting with IRQ conflicts, here is some info;
http://www.helpwithpcs.com/upgrading/change-irq-settings.htm

But, unless this happened after a hardware install, this doesn't seem likely. Maybe somebody else here could help with that.

I only suggested MSSE as a potential problem because you had problems installing it but I can't find if you responded to the safe mode question?
I apologize if you did but I've looked and don't see it.:wave:wave

 

Yes, I mentioned that safe mode did not display the typing lag issue. Your response was "But the fact that safe mode is ok is ignormas" [Which I think is great! I have to remember that one LOL].

I had trouble getting the Windows Security Center to recognise the install of MSSE, and once the Security Center was reset, everything was fine. But, I never really had any problems to install it, and it always worked fine each time I installed it. And I had already removed all remants of previous AV/FW installs before installing it. So, the Security Center had been affected by the infection, that's for sure.

No, no bangs on any devices (neither question marks nor exclamation marks). All I have done is cleaned this thing of viruses - haven't added any hardware, and yes, you're right, that's usually when it happens.

I just wonder if maybe some of the drivers were corrupted due to this infection, but it wouldn't show up in Device Manager? I don't know...Vundo can be so difficult to get rid of sometimes, especially when it's had a hold of a system for a while. The owner was complaining of a severe typing lag, and I figured it was a result of the infections.

I'll have a look at your link, thanks.

 

Just a quick note - I think we have solved the mystery! Removed the battery and the lag is GONE!! LOL Who would have thought??? Someone in another forum suggested I try this after reading on the web that others have found this to be the cause. Unbelievable! Well then, I think we are finished, and I can return this laptop!

Thanks ever so much for all your help!