XP Pro Registry Corruption:Repair

Hello- I thought I had malware issues, ran the 'READ ME, RUN ME FIRST' in the malware section and it came up clean. The pc is very sluggish, slow to start up/ shut down, etc.

In System Info/ Windows Error Reporting, there are 3 items of interest. I'll attach the screenshot.

I need help repairing the Registry. Please help!

Thanks-

tim

 

timw128...

Can't quite read everything in the details column. Could you post what it says there for the last 2 errors?

If you haven't already done this, you can right click on the events and select "Properties". This has more information. Maybe something there will point to a specific cause of your problem...

 

That's the best I can do. The right click- Properties doesn't work when in System Info.

 

timw128...

I see, you aren't looking at the Event Viewer, my bad. Open start menu and then click on Run and type in eventvwr. Then press enter, and the Event Viewer will open.

Click on the Application tab and see if you can find the errors using the date, 6/4/13. If you are able to find the entries, see if you can right click and choose properties. If you can take a screenshot of the menu.

In the SysInfo menu, can you make the column with the details larger? To see, hover the mouse cursor over the line at the top of the header for the column. If the mouse cursor changes to a slider cursor, left click on the line and drag it to the right some. If you are able to do this, please post a screenshot or just what the details column says. Could be a clue to the problems you are having.

Could be other things, but seems like a good place to start since you noticed these errors...

I've used strictly XP Pro for the last going on 13 years, so hopefully I (or someone else) can help you get to the bottom of the problem...

 

Can't blow attachment up anymore. I used MS Paint.

 

'AtlBo', here is more info taken from SysInfo/Tools/Dr. Watson. Another thing, System Restore only registers back to 04MR14.

Of further note, when I go to a site such as MajorGeeks, when attempting to log in the mouse takes a while going from pointer arrow to cursor mode whereas I can type in log in info- just sayin'...

Please note attachment.

Thanks

 

timw128...

One quick request:
Please post:
1. PC brand and model
2. Which XP service pack is installed on the PC (right click on My Computer->select Properties and on the menu it should say which service pack you have)
3. Processor make and model
4. How much RAM on the PC
5. Main hard drive size and free space on the drive

OK thanks for the attachment. Looks like the error had something to do with a Comodo program you must have had installed at one time (or still have installed?). I wouldn't worry about that for now.

No need to pay avast to fix your registry. It would likely be a side step rather than a step forward as their fix would probably cause a disabling of some programs and then simply restore Windows defaults. Actually, you really should take your focus off of the registry completely. The registry will take care of itself when you develop really solid maintenance habits. If you have a cleaner type program, I would start by disabling the registry cleaner portion of the software. I do recommend cleaning but only temporary internet files (or internet cache files). If you like removing internet history that's fine.

Not too surprising you are finding things with MBAM that they didn't find here at MG. Obviously, these threats weren't in the MBAM scan you showed them on the malware board. Remember, too, they know what the threats are, and some of them are less threatening than others. Again just let MBAM do its thing. Otherwise you can't do it any better.

OK, so the focus is on avast 2014. Before trying to reinstall avast, have you tried logging into Safe Mode? On boot press and hold either F8 (try this first), F10, or F12 and a menu with boot options should show up. This is not to be confused with the boot order menu. You should see Safe Mode, Safe Mode with Networking, Last known good configuration, and some other things. Try Safe Mode. Here are the details:

http://windows.microsoft.com/en-us/...e-mode#start-computer-safe-mode=windows-vista

I usually put off updating avast when the new version comes out. This is because I would rather update after the newest version has worked out its kinks. If necessary, it could be that removing and then reinstalling avast might be a good idea. Need more info and let's see how it performs in Safe Mode...

 

OK. You are running Comodo PC TuneUp. That's the program that seems to be having the problem that showed up in the System Information.

Try this. Open Task Manager and then click on the Processes tab. Find this:

CPluginService.exe

in the list. Right click on it and select End Process and then Yes. See if the PC runs better.

Comodo's programs are a little bit brittle I have found. What I mean is that they don't respond well to changes to the system. It could be that the avast update has caused some problems with Comodo, and I think it's a good place to start. This is especially true since PCTuneUp was having problems even before your update, judging by the date on the errors. I wouldn't judge the avast program if there is a conflict with Comodo. This is because avast does respond well to changes to the system in my experience...again, Comodo not so in my experience.

 

Thanks, 'AtlBo'. I have NO idea how Comodo PC Tune Up even got on the System. I have used Comodo Dragon browser for some time and find it lighter, faster, and more secure than Chrome.

There is no 'CPluginService.exe' in Task Manager/ Processes. Throughout this whole process I do recall seeing a 'PCTuneup' somewhere and got rid of it.

I noticed these issues started happening after these events:

1) avast! Internet Security 2014 upgrade
2) Windows Updates- there were a bunch of them due to the fact the pc
was dormant for 8 mos.

avast! Tech Support took over my pc remotely and suggested that I have significant Registry issues(?) They wanted $179/ yr. subscription to repair. No way am I going to sign up for that. Their premise was the issues regarding plugin as shown in 'SysInfo/ Windows Error Reporting', way back in 06/2013.

Of further note, I am wondering about the condition of the HDD. I ran HD Tune and the health was noted as good, but the numbers look suspect.

I ran 'sfc.exe /scannow' and was required to put the XP SP3 CD in, which I did.

I think I may need help repairing a corrupt Registry- possibly.

Thanks!

tim

 

I had no choice because the 2013 variant had expired while I was in the State of Georgia for 8 mos. on a Project

 

Does "C:\Program Files\COMODO\PC TuneUP" directory still exist and if so does it contain any files? In particular CPluginService.exe.

 

You have plenty enough RAM and HD space. Processor benchmarks (Passmark) at 321. That, compared to a E6400 core 2 duo at 1250 or a 1 generation i3 540 at 2684, is going to appear to be much slower and might give cause to considering a newer PC...not that this is your problem. All that aside, I've used the P4s, so I know they can get the job done for most common things. For higher def video, frequent 8+ browser tabs use, graphics work, or large or complex office files, newer would be a relief probably.

CCleaner's registry cleaner is becoming less and less damaging. I don't clean the registry because through trial and error and experience I have found that the PC handles the job itself over time. It's up to you, but I don't think it's worth the risk or trouble based on the way I use the PC. I just get rid of the temporary internet files and use the remove files feature in CCleaner to target some specific logs that get bigger than I like to see.

There was an updates episode around October/November for XP. Many users were experiencing problems with svchost.exe running at a high processor usage level...in this case 100%. When/if the problem is happening again, open task manager to the Processes tab and sort by the processor usage column. This is done by clicking on the header. See if svchost.exe is using the processor at a high level. It was supposedly addressed with an Internet Explorer update issued in December (Cumulative IE update). Can go through all the routines for quieting svchost.exe if it's the problem.

This may have fixed the registry already if it was needed. It's a fairly comprehensive fix all for XP.

I wouldn't be surprised if it's the svchost.exe deal. You could have just run into it now since you were away from the PC for so long, and it could have arrived with the updates you mentioned.

Have you tried creating a restore point? If there is a problem with SR, seems like a good enough way to find out.

 

No, just Dragon. I eliminated the PCTuneUp.

 

Yes, and it worked. I removed all the existing restore points afterwards.

There are some new event warnings and errors in Event Viewer this morning. If you want to hear about them, let me know. Why this pointer/ cursor anomaly, too, I don't know. I am wondering about deleting the last round of Windows Updates.

 

OK...I think I'm starting to get the full picture. You have the bugginess with mouse catches and slow menus, slow startups and shutdowns, and the general issues that eventually lead to a freeze and the pull the plug routine.

Well, that's one thing at least.

Yes, the error warnings might help. If you could post what you have starting up when the PC starts up, that would help too. CCleaner is the easiest way to see this, but there is a way in Windows to see. Open the start menu and click on Run. Type msconfig in the box and then hit enter. Click on the Startup tab to see which programs run on startup. No way to fullscreen the menu for a screenshot so, unfortunately this requires typing all of them into a notepad and uploading them to a post in a zip folder in order for me to see them.

If you want to bypass all of this you could download and install Speccy here:

http://www.majorgeeks.com/files/details/speccy.html

This would be very helpful. It has all the details about your PC and what is installed on the PC and your settings. Find the setting in Speccy for creating a log and save it to your desktop. I think Speccy has one area where your Windows installation key is listed, so you should remove that if it is there. Then zip the file up and attach it to your next post.

Generally, depending on what anti-virus you run, anti-virus programs can cause some lag on P4 PCs, especially. There is a scanner that runs a good bit of the time, and, on a P4, it's a hit on the processor. Otherwise, you come back after 8 months and turn on the PC and find this problem is somewhat standard from my experience with hooking up PCs that have been sitting for awhile and not running.

By the way, funny how Windows fixes work. You might try SFC /scannow again just to see if it will do any other repairs. Sometimes repairs have to happen in a certain order and then require a boot inbetween to register with the PC. Think there might be some of this in SFC /scannow fixes.

You don't have svchost.exe problems...that's a relief...

 

Here is a .zip attachment of the Speccy snapshot. I left the whole thing alone and included the OS.

Thanks, 'AtlBo'!

tim

 

timw28...

You run a tight ship. There is literally not one thing to point to in your Speccy that could indicate you have any kind of a problem. Looks like a brand new installation. So there won't be anything with startups to look at. Also, the SMART data for your hard drive looks good.

If you get a chance, please post those newest errors you mentioned.

I had a problem with Google Toolbar updater one time. You might try disabling the Comodo Dragon Update Service one time to see if that helps.

Otherwise, you could run a chkdsk /r. To do this, click on start button->open My Computer->right click on main drive (usually C: ) and select Properties->click on Tools tab->click Check Now->put a check in both boxes->click Start. It will run when you boot next.

Other than Comodo...I had problems with the firewall and had to switch..., I can't think of much. Might come down to removing some remnants of Comodo PCTuneUp that may somehow still be on the PC. Google search might turn up a removal tool. Google->Comodo PCTuneUp removal tool. Sometimes parts of a program will go crazy trying to find the rest of the program if all the program isn't removed.

If you haven't tried a full reinstall of avast (think you said you have), might be the last thing short of testing hardware that I will come up with. Could be Windows updates, and it might not be a bad idea to remove the most recent ones, but I think that's all I have.

Here is a link to the avast removal tool:

http://www.avast.com/en-us/uninstall-utility

Best thing I can think of is keep Task Manager open to the Processes tab and sort the processes by the CPU column so you can see at the top what's using the most processor. Then maybe you can sort of begin to piece together what's going on by looking at the numbers when things start to get the worst.

Hope someone will come along with an idea. Checking the RAM using MemTest86+ is the next step I have. It takes a looong time->12 hours

 

OK, will try MemTest86, again. Ran it about 8-10 mos. ago from CD and there were no issues. The issue now seems to be program initiation is slow-ie- if I click on the Comodo icon in taskbar by Start button, it takes Comodo approx. 30 secs to appear on screen from the desktop, and another 10-15 secs. for it to load the extension link icons on the opening page (Gmail, Facebook, YouTube, etc.) If I go to Start/ All Programs/ click a program to use the results are the same- approx. 15-30 secs. for the prog to open.

I really appreciate your help, yet I do not know what to do. I am about Googled out chasing this/ these anomalies around! :confused

tim

 

timw128...

I would use the AVG uninstaler and remove AVG before reinstalling Avast.

A long shot here. You could try resetting IE8. IE8 was causing system wide problems on XP late last year or at least it was a Cumulative IE update that fixed the problem. I know you use Dragon, but never know. Open IE->Tools->Internet Options->Advanced->Reset and then click Apply and OK.

Check the cables on the main drive. If one is loose that could cause slowing. I've had them somehow work loose before.

Defrag the main drive if you haven't done it recently. Also, cleaning out temporary internet files every night helps on my PCs here. CCleaner does it for me. I just run it on a schedule to run in the middle of the night. It can be set to run on boot too, but that slows boot times.

Check add/remove to see if any programs show up there that have been uninstalled. If so, remove with Revo. I keep HijackThis around and run it from time to time, because it sometimes shows evidence of old programs or toolbars that weren't completely removed. I wouldn't use HT to fix anything unless I was 100% sure the item was unnecessary. If you ever had a different A-V, the parts of A-V programs can definitely cause slow downs. If so, you can Revo around and see if you can turn up fragments of the programs. Also, most of the A-V companies have an uninstaller for their products.

In this situation, I think I would try uninstalling Comodo Dragon and then reinstalling it if nothing else works. Removing malware can mess with system settings and the registry somewhat. SFC /SCANNOW fixes some of this, but it won't fix broken programs. I like Comodo programs, but they seem brittle to me. Maybe reinstalling Dragon will help.

In general, malware removal can be a shock to a system, because Windows has to develop a whole new set of runtime rules with the malware gone. You ran sfc which helps, but boots, reinstalling software, and chkdsk should get you back on track eventually. This is purely based on my experiences. Some things work themselves out over time. In the mean time, for me, the standard practice is to just keep trying things.

 

It's 3:15am here, and I am still chasing things. Found a lot of DLL's with broken signatures, and general registry corruption.

Ran Sea Tools DOS, long & short tests- PASSED!

Ran MemTest86+, RAM stick in each channel (I know, you're supposed to A-B them independently), 1 Pass- NO ERRORS! I'll let it run a bunch of passes when I go to bed.

Tomorrow, I'll look at connections. Of note, I keep thinking about a bad Storage Controller driver because of some nonsense I noticed in Event Viewer- more on that later!

I am adamantly trying to avoid a Repair Install. There has to be a way of restoring JUST the Registry- as I mentioned earlier, there are a bunch of DLL issues that I found through a tool called 'depends.exe' by http://dependencywalker.com/.

I have a clean copy of Windows7 Ultimate x64. It will cost me about $600 to upgrade to Haswell i3 3.5, ASUS mATX mobo, 8GB G. Skill RAM, and a 1TB 64MB cache VelociRaptor.

In the mean time, I am locked on to fixing this situation. All the other things you have mentioned regarding Dragon, etc., I have already done.

Thanks for all the help. As they say, two heads are better than one!...LOL!

tim

 

SOLVED!!!

DMA/PIO mode anomaly with primary and secondary IDE channels within Storage Controller.

Solution: Uninstalled drivers for all (3) devices, rebooted, and rebooted again.

Results: XP Pro SP3 is rather speedy again, progs initiate fast.

Further study: I'll clear Event Viewer, streamline Service Control Manager settings for my personal application.

Diagnostics Performed: Seagate Sea Tools DOS- passed long & short
MemTest86+ for 8 hrs.- No Errors
Installed and ran Registry Recycler (Awesome Freeware
Tool!)
From Command: 'secedit /configure /cfg %windir%\repair\secsetup.inf /db secsetup.sdb /verbose'- FOR XP PRO ONLY!!!
THIS 'RESETS' REGISTRY TO OEM STATUS. For other Windows XP variants, there are manual commands that have to be entered in cmd.

Thanks for everyone's help!

tim