Help with Windows Start Up Error and Vundo

I have been experiencing some issues with my computer and I was hoping that you guys could help me. A little background, this is regarding a Dell Inspiron 6000, running windows xp (pro), sp2. Over the past few months my computer has been running slow and I had attributed it to installing IE 7.0. (I have minimal memory) I downloaded Firefox and began using that instead; at the same time, I thought I would clean up the system and remove some old programs and also clean up my directories and files. I also thought I would remove some items from start up using msconfig. (I’ve just read that majorgeeks does not recommend that way and would like to ask about other options especially with stubborn items like Realplayer, first things first though), after making changes I received an access denied error. (The changes took affect, but I still received the error.) I read about it and was lead to start in safe mode and log in as administrator and then try…same error. Anyway, after asking advice I was told to change the attribs in the windir and/or windows/system32 directories, which I did, but this did not solve the issue either, so I tried to change them back. The next time I restarted my system after deleting programs and working with the attributes, I received a

“We are sorry for the inconvenience, but Windows was unable to start normally error.”

I accepted the start normally option and my system seems fine. The error remained so, I tried to start from last known configuration, and I then did a system restore to an earlier point, but that did not clear the error either. I was told it may be a registry problem so I tried restoring the registry backup from CCleaner. I was then told I would need to reinstall Windows XP to resolve the issue. I could not find my install of XP home, so I upgraded to XP pro using the CD supplied with my spouse’s computer. This did not clear the issue either. I sought out information at Microsoft and ran a One Care Safety Scan, it found one item (I am sorry but I do not know how to access a report) and deleted it; it also rescanned and cleaned the registry. The problem still exsists. I then found your site as I was searching for answers to fix the Start up error. I found a thread that was having the same type error message and discovered that she had a virus. As I was reading the READ AND RUN section I followed all the steps and they are as follows: I use the latest version of McAfee and was unable to find a way to delete the log files, but while I was there I noticed that at the end of august it detected and removed an Exploit MS06-014 (virus) from a script that was running and then on 9/23 it discovered and removed a Vundo (Trojan).

I ran CCleaner in both Admin and User login’s to clean out files. -- I ran Spybot and used the immunize feature. -- I ran Counterspy – it found a few negligible items, the options were to ignore or remove – I removed. (will attach in follow up) -- I ran BitDefender (in normal mode) but was unable to find an option to save a file so I viewed it and cut and pasted – it was clean. (will attach in follow up) -- I ran Panda – again I couldn’t find an option to save, only buy or scan again? It was also clean. -- I rebooted in normal mode – ran both getrunkey and shownew (attached) -- Followed instructions for Hijack This – (log attached) (also, I was confused about the System Restore so all scans were run with it on, but it was off for the hijack this scan, and is currently off?

I thank you for taking the time to read this and offer support.

Judi

 

two more attachments

 

Thank you for addressing each statement. Since I seem not to have malware, should I continue? I will answer your questions, just in case? (1) I was in msconfig to stop items in startup.ini, ie. real, powerdvd, etc. after unchecking those items and applying, I recieved the access denied error, even though the changes take place. this error is still there. (2) I understand that I shouldn't have been in system32, lord knows I am no expert. I didn't delete anything, just changed the attributes to +r, +h, but then tried to change them back, when it did not fix the access denied error. which is what I was trying to do (bad advice, huh?) (3) Yes, I still get the "windows didn't start normally error at start up," but when I select start normally my system seems fine - as in, still running, still slow. (4) Gotcha, CCleaner, System Restore, Upgrade...bad...How Bad? (5) The thread I refered to ...I only mentioned it because of the system restore, and because she had viruses, viri?..not really relevant.

I think that is it. I will go back and remove the viewpoint and counterspy.

 

(1) continue with this thread on the malware forum.
(2) they were just items from programs running, nothing system wise, and yes I undid the changes and msconfig is now starting in normal start up.
(3) yes, I forgot +s, Im sorry, but I may have unprotected them first -r, -h, -s, then when that didn't work, reapplied and I did it to the whole folder.

 

Thank you, I will repost in the software forum.

 

I did, straight away - and the error went away. Is there no way to reset the attribs to their default state? I feel so stupid for doing this? Am I more vulnerable for having done it? Thanks.