From Vundo.k through Malware forum to remaining Software problems

I went through the entire Malware Removal Process as described on this site and had no idea which forum was most relevant. I chose to post in the Malware forum and TimW provided replies that have cured some of the ills. Based on the remaining problems I described to him in my last reply he responded by indicating that they were not Malware problems and I would be best served by posting in the Software forum.

My previous posts and TimW's replies have the following dates/times if it is helpful to someone to review what has already been done. My first post (2/8/08 at 16:10 and edited at 16:16 was titled "XP System apparently messed up by Vundo.k"), his reply (2/9/08 at 15:19), my reply (2/9/08 at 16:49), his reply (2/9/08 at 19:06), my reply (2/10/08 at 23:50), his final reply (yesterday at 15:46).


System Info:

OS Name Microsoft Windows XP Professional
Version 5.1.2600 Service Pack 2 Build 2600
OS Manufacturer Microsoft Corporation
System Name XP-CHILL
System Manufacturer Dell Inc.
System Model Inspiron 9300
System Type X86-based PC
Processor x86 Family 6 Model 13 Stepping 8 GenuineIntel ~1596 Mhz
BIOS Version/Date Dell Inc. A02, 2/23/2005
SMBIOS Version 2.3
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)"
User Name XP-CHILL\chris
Time Zone Eastern Standard Time
Total Physical Memory 1,024.00 MB
Available Physical Memory 555.76 MB
Total Virtual Memory 2.00 GB
Available Virtual Memory 1.96 GB
Page File Space 2.40 GB
Page File C:\pagefile.sys

The remaining problems that I can identify are as follows:

1) Windows Media Player is gone. Media Player 2 will work but I want to regain use of WMP10. After having read of others having problems with WMP11, and considering that I don't see a need for me to be using WMP11, I would hope to just get WMP10 functional again.

2) Excel continues to shut down with the standard Microsoft error window (Microsoft Excel has encountered an error and must close. Sorry for any inconvenience. Do you want to send a messae to Microsoft?).

3) Eventvwr shows an Application error in regards to the shutdown of Excel and a System error associated with BroadJump PPPoE Protocol Helper; and a System Warning concerning the registry. I previously attached the file 'eventvwr.txt' in the Malware thread containing the details of these Eventvwr reported items. When I attempted to attach the same file to this post I received a message that I had already attached the file in the other thread. This made it appear to me that the system isn't intended to be loaded up with the same file at multiple locations. If it is of use hopefully it can be located in the Malware thread.

4) Startup of IE6 is inconsistent. Generally, on the first double-click on the icon I see an hour glass for two or three seconds which then disappears without any browser window opening. The second double-click does open a browser window. Anytime a double-click doesn't open a browser window I get an "End of program - iexplorer.exe" error window at the time I try to shut-down the computer. Sometimes the first double-click opens the browser window. This is the only icon that behaves this way so I don't think it is a function of how, or how quickly, I perform the double-click.

5) Occasionally a single desktop icon, or multiple desktop icons, will either temporarily change or a false icon will appear overlaying the correct icon. The last time this happened I had opened Windows Explorer and clicked on Desktop in the left window pane. When I closed Windows Explorer there were several screwed up icons.

6) After all that I have messed around with, and downloaded, the disk now has only 25% free space when it was more like 50%, it is 24% fragmented and the files are 49% fragmented. I have in mind to first complete all repairs, then delete everything I have downloaded and then defragment the disk. Should this be cleaned up before or after any further attempt to repair the system?

Any help would be appreciated!

 

I should have been more descriptive in my previous post. I tried to keep it brief by just making reference to my posts in the Malware forum but a few more details should have been provided.

First, I believe the "repair" of Excel has corrected that problem. Second, I have successfully downloaded IE7 and it seems to be working.

What I failed to mention was that while WMP10 is gone, the real problem is that my attempts to download WMP10 or WMP11 have been unsuccessful. I downloaded all of the critical Windows XP updates as was recommended at the link indicated in your reply. I downloaded WMP11 to my desktop; closed IE7, and then tried to install WMP11 by double-clicking on the desktop icon. I had tried this same process previously with WMP10. Everything seems to be proceeding correctly and then an error window appears. The error window consists of the following:

Heading: Windows Media Player 11
Sub-heading: Cannot complete Windows Media Player 11 Setup

Informational notes:

It was not possible to complete Setup. For more assistance, click Web Help.

It was not possible to complete Setup; Windows Media Player 11 was not installed. Restart Windows and then run Windows Media Player Setup again.

Restarting Windows and running Setup again resulted in the same error.

I have also attached a text file (Eventvwr Indications.txt) that lists one warning and three errors that have been showing up throughout all of the efforts to get the system fully functional again.

Any suggestions to correct these things would be appreciated.

 

First question I have is:

Have you modified any services via any application to make you computer "faster"? Or perhaps used Black Viper? Used xplite?

If not, try (though no guarantees):
Dial-a-fix

http://www.majorgeeks.com/download4899.html

Download, unzip, run, check the green check box (should check all check boxes), GO. A window will appear to check date/time. Any errors post here.

If you get a pop up saying there are policies running, go ahead and say, remove/disable.

 

Interesting first question. I do not know of any "application" I have run that was run with the intent of speeding up the computer. However, several months before the Vundo.k virus showed up I did have an IT person at the company I was then working for look at the system because it was booting up very, very slowly. I believe he simply went through the various processes that started automatically and changed some to manual. I also moved a huge volume of digital pictures out of "My Pictures" within "Documents and Settings" and the boot-up did return to normal.

I don't believe he used any "application", but maybe there was some change made that left the computer more vulnerable to the virus and it had a broader range of effects.

In trying to recover the functionality of the system I have run numerous different "applications" with guidance through this site but I don't believe any of them were suggested, or intended, to speed anything up. Each of the suggestions has resulted in improved functionality and speed hasn't been an issue one way or the other.

No errors were indicated from execution of the prior posted suggestion, nor was there anything about Policies running. When I tried again to download and install Windows Media Player 11 it failed as before with the same window opening containing the following message: "It was not possible to complete Windows Media Player Setup." (With similar text repeated in the same window and there is a "web help" option available).

When I clicked on "web help" another window opened containing the following message: "You've encountered error message C00D2AFB while using Windows Media Player. Additional information is not currently available for this error." Below this message are two additional choices, one of which is titled something like "More details".

When I click on it some additional text appears as follows: "This error may have been triggered by an error in another program or component of Windows. The following information describes the original error."

A two-by-two table appears with a left heading of "Original Error Code" below which is the number 80070005. And a right heading of "Original Error Message" below which is the text "General Access Denied".

A couple details that may be relevant:

After the installation fails, when I check the listing of programs in the Add/Remove option in the Control Panel there is a listing for Windows Media Format Runtime with a size of about 8 MB.

I also noticed that while the intallation is appearing to proceed normally one of the status messages indicates that "Windows Media Player is being updated" (or words to that effect). At this point, however it came about, there is no WMP on the computer at all. Does this message effectively mean that I would have to load something else first if the download is thinking that it is going to "update" something that isn't actually there to begin with?

Any other suggestions would be appreciated.

 

I have three remaining questions but first, for anyone that may experience a similar problem, a brief summary of my efforts in reponse to the prior reply from MG.

With limited knowledge of Registry Keys I was hesitant to delete or rename Keys, so I opted to look at the updspapi.log and the first instance of Error 5 was associated with HKLM\Software\Microsoft\MediaPlayer\Settings.

I was unclear what was meant by "give access to that registry key" but I guessed this meant altering the permissions. I navigated to this key through the Registry Editor. I gave full control to Administrator and my username, shutdown the computer and restarted. Then I attempted installation of WMP11 and although the installation failed just as it had previously I noticed in the registry that a new subkey "MP3Encoding" showed up within the aforementioned registry key.

I shut down the computer, restarted, attempted the installation and it failed again. In navigating to the "MP3Encoding" subkey to investigate, an error window opened when I attempted to open the subkey. The error indicated that "Access was denied" to the subkey. Figuring that I was on the right trail I then altered the permissions for the "MP3Encoding" subkey and the subsequent installation was successful.

Side Note: Concurrently I experienced a similar progression in the registry key HKLM\Software\Microsoft\MediaPlayer\Services.

WMP11 is now apparently fully functional.

My remaining questions are as follows:

1) If I had just renamed HKEY_CLASSES_ROOT\WMPlayer.OCX (and/or OCX.7), was the idea that the installation would recreate these keys and all pertinent subkeys (including HKLM\Software\Microsoft\MediaPlayer\Settings) completely without the manual approach I followed?

2) I still see an Error in Eventvwr/System as shown in the attachment. Does this error matter? How do I eliminate this error?

3) I still see a Warngin in Eventvwr/Applications as shown in the attachement. Does this warning matter? Can I get rid of it?

I'm tired of seeing Errors and Warnings - I want them all gone so I can return to using the computer rather than fighting with it!

 

I'm intending to perform the Basic Computer Maintenance mentioned previously along with a full disk cleanup and defragmentation but I would prefer to address items 2 and 3 in my previous post first if there is any way to eliminate them. A response to item 1 would be appreciated for my own future knowledge.

I very much appreciate all the help - from one foot in the grave to full functionality!