Mouse Won't Work (After a Long Hiatus with Trojans, BitDefender, and Endless Reboots)
I'm cross-posting this from other forums on somebody's suggestion, and cross-posting from the virus/trojan forum here. It's a mouse/internet connection/messed-up Windows problem in addition to possible virus/trojan problem.
Basically, the mouse and internet won't work on my old computer. Fortunately, my new PC is up and running and working great. Unfortunately, I still need to migrate a bunch of stuff over from my old computer (I was in the middle of backing things up when the fecal matter hit the fan) and I have to make sure my old comp is truly free of viruses and trojans before I can move anything from there over to my new comp.
This will require fixing the following things on my old PC: (1) getting the mouse working again (not strictly necessary but it's a pain using keyboard only) and (2) making sure it's virus/trojan free which will probably require (3) getting the internet working again.
Long story short, after a FUBAR'd BitDefender installation/uninstallation (which I installed as part of a cocktail of free virus/trojan solutions) totally messed up my Windows installation, the mouse and internet stopped working. I MIGHT have finally removed BitDefender, but the mouse still won't work. It's kind of hard to figure out the problem from this summary, so I'll post the complete history here. Note that I'm a semi-advanced user and that I tried most things people can think of. You can just skip to PART THREE to get to where I'm at now, since I solved the problems in Part One and the one of the problems in Part Two, but it'll be hard understanding how I got there.
HISTORY
PART ONE - TROJANS AND ENDLESS REBOOTS
My problem is happening on my old Dimension 8200, not my new XPS 410, FYI. I am writing this on my new XPS. The Dimension 8200 is a P4 1.8 with 640 megs of RAM and Windows XP Home Edition. Any details I post on my Dimension will have to be off the top of my head unless I can get it from MSDOS prompt, cuz I can't even boot it in safe mode now. I'll tell the story from the beginning (or if you don't feel like reading you can just skip to the chase by scrolling down to THE CHASE below)
A few days ago, I tried out a new Anti-spyware program (SpySweeper) in order to prep my old PC to give to someone else (I was just wrapping it up) and to transfer a bunch of stuff to my new PC. Spysweeper detected a Trojan (ldpinch) on my computer that my usual AV (Avast) didn't. Amazingly, immediately after just-downloaded SpySweeper (yes I downloaded spysweeper direct from the company's web site) picked up ldpinch, Avast, which earlier the same day picked up nothing, suddenly picked up a virus as well, but a different one (possibly the virus was dropped by the Trojan or the other way around). Keep in mind that I usually run a very tight ship on my PC - I don't visit fishy web sites, I never run strange executables (and if I do I always scan them with an updated Avast, something I'm going to have to rethink), don't fall for e-mail scams, never open strange attachments, etc. Unfortunately, I do shut off my firewall most of the time because it interferes with too much normal functioning and I don't know how to configure it properly so that it doesn't.
I subsequently went ballistic, downloading every free virus program available to be sure my system was clean (and because the free version of Spysweeper can't clean). I got AVG, NOD32, PCTools and Spyware Doctor (free version also can't clean) to start. I ran Avast until it said all was clear. Then AVG picked up a quite a few Trojans/viruses and cleaned them all. Apparently an infinite potion stacking and a relics-in-epics mod I downloaded for Titan Quest a few weeks ago were Trojans (no choice, I absolutely could not play without them lol). I don't know if those were my only Trojan sources though - seems like I have/had too great a variety of Trojans for those to be the only ones, and they were the same one.
I found a second csrss.exe in my task manager after a boot and my firewall said it was trying to access some site in Spain. I promptly deleted the fake csrss.exe from my Windows directory, not touching the real one in /system32. I also manually deleted some other fishy files I found in my task manager and researching them on google to make sure they were not legit (I could easily spot them because I keep my task manager very clean). I also checked to make sure said files did not reappear after subsequent reboots.
Even after manually deleting some Trojan related files and the Avast and AVG sweeps, Spydoctor and Spysweeper kept picking up trojans (ldpinch and Win32:Hackspy). Since they found them in the registry only, I decided to just remove them from the registry manually, which I did. Checking many times through subsequent reboots, none of the registry entries reappeared, and Spydoctor and Spysweeper gave me clean scans (free of Trojans/viruses, anyway, didn't bother with cookies). NOD32 was useless, never picked up anything at all, ever. I then uninstalled Spysweeper (not Spydoctor yet).
Then, just to be safe, I decided to download a cocktail of everything else that had reasonably good reviews (except Moosoft Cleaner since my trial expired a long time ago for that): Sunbelt Counterspy, Kaspersky AV, Avira AntiVir, BitDefender, Panda (didn't install because conflicted with AVG), Stopzilla 4.3, and maybe one or two more that I forget. Stopzilla picked up a couple of new Trojans in registry only. It said it wouldn't clean them in the free trial, but automatically quarantined them and when I uninstalled Stopzilla so I could manually remove them from the registry, they were gone, even after several reboots. Sunbelt Counterspy picked up Backdoor.Genlot.DX in an actual file in Local Settings. Aside from that all the other ones gave me clean scans except BitDefender, which I installed last.
After I installed BitDefender, updated it, and rebooted, my endless reboot nightmare began. The reboot occured right after the Windows XP splash screen disappears. The Windows splash screen appeared for the expected amount of time, then when the welcome screen should appear, the screen goes black, my CD drives spin up, and the system reboots - each and every single time - in an endless loop.
Figuring that BitDefender must be the cause of the problem (well, BitDefender and all the other virus programs I had loaded), I thought I could just boot in Safe Mode, uninstall BitDefender, and be done with it. Unfortunately, BitDefender can't be uninstalled in Safe Mode. Since I couldn't access the Internet at the time (I didn't set up my XPS 410 for net access yet at the time), I couldn't find instructions on how to manually remove BitDefender, so I did some creative tinkering of my own.
First, I decided to uninstall every single one of the recently downloaded anti-virus/anti-spyware programs that I could in safe mode. I did not try uninstalling my old favorite, Avast. A few remained when I was done (they also couldn't be uninstalled in safe mode) - if I remember right, they were Sunbelt Counterspy and Kaspersky AV. Did this solve it? Nope. The reboot problem still kept happening.
Next, I decided to edit my startup programs with msconfig. Usually, I disable every TSR I can get away with disabling (including Avast's) in msconfig as soon as I install a program. I didn't bother disabling the TSR components of all my recent antivirii/antispyware when I installed those because I figured I was uninstalling most of them soon anyway, after I made sure my system was clean. I did aggressively choose to disable/not install the TSR components of all my new antivirii/antispyware when installing/running them, but the things just up and install the TSR's anyway.
So for my next step, I decided to disable all of these. It didn't work, but worse, I found something terrible - msblaster.exe was listed under startup! I recalled that this was a worm because I had it once before. The thing about it was that it was UNCHECKED when I found it. What kind of virus adds itself to startup unchecked? Anyway, I did a system file search for msblaster.exe and checked the usual locations (windows directory, system directories, root) and couldn't find it. Maybe it was left over from the last time I had msblaster (years ago I think)? I don't think so because I use msconfig all the time and I'd remember seeing something like that every time.
Next I finally got my XPS 410 internet up and running. I did some research on msblaster and found out that it caused endless reboots. However, unlike my reboots, msblaster reboots actually load up windows and then say "the system will be shutting down in 30 seconds" or something like that. I wasn't getting anything like that. Still, it's a possibility.
To be sure I didn't have msblaster, I ran all the antiviruses I had left - Avast, Kaspersky, and Sunbelt Counterspy. These all had the latest definition updates (10/12/06) so that wasn't a problem. They all came up dry. Keep in mind that all of my antivirus cocktail gave me clean full scans before this reboot started (except BitDefender which I never got to use, obviously). I also double checked to see if there were any of the msblaster affiliated processes in task manager - I didn't of course, or I would have spotted them earlier since I was checking the process list every minute at this point.
Next, I deleted the BitDefender directory manually. I had to do this in MS DOS in a clean boot, because some file in it was loaded even in safe mode. Didn't work.
Next, I tried doing a startup with all services/startup programs unchecked. Nope. Then I tried a diagnostic startup. Nope. Then I tried F8 menu options. First I tried disable reboot on system fail. That did stop the reboots, but after the splash screen I just get a black screen and it just stays like that forever. Manual reboot, turned it off. I tried everything else on the F8 list. I couldn't use System Restore because I turned it off - I don't like it because I usually like to fix problems myself, and because my old computer was slow as with tiny hard drives (40GB and 80GB) and I needed all the performance and disk space I could get.
Next, I googled the reboot loop problem. It seems a common solution is to boot from the Windows XP CD (yeah same one that came with my Dimension from Dell) and do a non-console repair installation. I did just that. This is what really did my Dimension in. While the setup was half done, it rebooted as part of the process. After the reboot, it displays (in DOS blue screen text) something like - "Setup restarting....................." and reboots. This is right after the Windows splash screen exactly like before. What's worse, when I try to run Safe Mode now, it says "setup cannot run in safe mode, rebooting" or something like that. So, I lost Safe Mode as well. I'm not going to try a fresh Windows XP reinstallation unless somebody recommends it.
Why am I asking for help in resolving this instead of just reformatting? First, I still have all my on my old PC. Yeah I know, back up often. I was sorta in the middle of backing up all my stuff when all this went down. Second, I had a lot of settings/tweaks and stuff I wanted to write down to transfer to my XPS like what options I had on/off for my various apps because I don't want to spend months figuring them all out again. Finally, I have to give my Dimension to someone else in fully working order, and I don't want to start from scratch.
PART TWO - BITDEFENDER AND THE MOUSE
I managed to resolve the reboot problem by manually deleting all the BitDefender files I could using a boot disk and MS-DOS prompt. After I got my Windows back, I managed, with some difficulty, to remove Kaspersky AV and Sunbelt Counterspy.
Now I have some new problems. I can succesfully boot my old Dimension now, but the mouse won't work, no matter what I try. I also can't connect to the internet on it, and it takes forever to start Windows. I am 90% certain that the problem is the borked BitDefender installation. I believe this is the case because after I managed to finally boot my computer, the reinstallation of Windows continued, and at first the mouse worked, but then an error message saying something about not finding some Bit Defender .osx file or something like that (from memory, I should have written it down but didn't). After that popup, the mouse stopped working.
The mouse is the main problem, obviously. It makes the computer a pain to use. Fortunately, I have pretty good keyboard skills, and can still perform most functions with it. The mouse is not recognized in device manager, nor is it recognized by add new hardware. It is a USB mouse. The keyboard is PS/2, interestingly enough. Perhaps that's why it still works and the mouse doesn't. Makes me wish I still had a PS/2 mouse to test. Still, I'm pretty sure BitDefender is screwing it up and since BitDefender is probably responsible for all the other problems and may cause more problems down the road, I have to take care of that anyway.
BitDefender won't uninstall because I had to delete some of its critical files to get my computer to boot again. Reinstalling BitDefender (so I can uninstall it properly) won't work either, because it detects the old installation and refuses to install. I followed this guide to manually removing BitDefender as best I could:
http://kb.bitdefender.com/KB260-en--Additi...ll-methods.html
However, because I had to delete critical files to boot my comp, there were a few steps I could not complete.
1. I didn't do the Windows Install Clean Up stage because I couldn't download it (and I may not be able to use it properly without a mouse).
2. I couldn't regsvr32 /u bdshelxt.dll or bdo.dll because I had already deleted those files.
3. I couldn't uninstall the bitdefender firewall NDIS filter driver or the Bitdefender firewall TDI filter driver because I had deleted those executables already.
BitDefender may or may not be the cause of my mouse/internet problems, but it does have to be properly and fully removed anyway. It is still possible there is a virus/Trojan at work on my comp and that it is responsible for the mouse/internet problems. I say this because there were a few suspicious things that I observed after fixing the reboot problem. First, of course, msblast.exe still appears unchecked under Startup in msconfig, which makes me concerned (see Part One for details on how I first observed this). Next, when I tried to remove Kaspersky AV, I had a real hard time. Most alarmingly, when I looked in my task manager, avp.exe (one of kaspersky's TSR's) appeared twice - once under my name, and once under SYSTEM. This was disturbingly remniscent of the CSRSS.exe thing I encountered earlier (see Part One for details). I also could not terminate the process through task manager. The Kaspersky AV uninstall program refused to let me uninstall without removing the TSR component of Kaspersky first.
After a reboot, and on all subsequent reboots, avp.exe only appeared once in my task manager. I had difficulty preventing avp.exe from being loaded at boot. Whenever I tried to modify my services/startup settings in msconfig, it would tell me that I could not change my startup settings because I was not an administrator or something like that (and I am an administrator on my computer, duh, I'm the only user, I even double checked again and it said I'm admin, and I was logged in as myself). I finally managed to get around this by booting in safe mode and making my msconfig changes there, then starting in normal and uninstalling Kaspersky. Fishy, to say the least.
So, now I'm still very suspicious that there's some trojan/virus active on my Dimension. Recall that I downloaded almost every free AV/AS out there and they gave my PC a clean bill of health before the reboot problem started. Also recall that I uninstalled every one of these AV/AS programs in the end to try to fix my computer. All I have left is Avast and the ghost of BitDefender. I'm not sure what else to try to find and kill this possible trojan/virus, especially considering that trying every free AV/AS out there was what got me into this mess in the first place. Anyway, I have to be absolutely sure my computer is free of viruses/trojans before I can transfer my stuff over to my new comp.
In summary, these are the problems I need to fix on my old Dimension now:
1. Remove BitDefender completely.
2. Get mouse working again.
3. Get internet working again.
4. Make sure the entire computer is really free of viruses/trojans so I can transfer files to my new comp safely.
PART THREE - BITDEFENDER REMOVED (?) BUT MOUSE/SYSTEM STILL BROKEN
I managed to copy over the install cleaner to my Dimension. After I ran the install cleaner I could finally reinstall BitDefender. I did this, rebooted, and uninstalled it. My mouse still doesn't work. BitDefender should be gone now, but I'm not totally convinced it is. Windows still takes abnormally long to boot.
Next I tried reinstalling Windows from the CD again. Like the first time I tried this, the mouse began working again briefly, during the setup screens. This time, there was no BitDefender error message. Sometime when it was installing device drivers, when the monitor was constantly turning on and off, the mouse failed. Same as before except for the lack of a BitDefender message.
Next I tried fiddling with the device drivers. I had actually tried this before I uninstalled BitDefender. No mouse gets recognized, though two things are recognized: a USB Human Interface Device and an HID-Compliant Device, both under Human Interface Devices in Device Manager. Details:
USB Human Interface Device
Driver Version 5.1.2600.0
Provider: Microsoft
Digital Signer: Microsoft Windows XP Publisher
This Device is Working Properly
HID-Compliant Device
Unknown Device
Device type: Human Interface Devices
Manufacturer: Standard System Devices
Location: on USB Human Interface Device
Status: This device is not configured correctly (Code 1)
To reinstall the drivers for this device, click Reinstall Driver
On clicking Reinstall Driver -> There was a problem installing this Hardware: HID Class
An error occured during the installation of the device. The driver installation file for this device is missing a necessary entry.
This may be because the INF was written for Windows 95 or later. Contact your hardware vendor.
No mouse appears in the device manager. Under Mouse Properties -> Hardware, it is completely blank.
Sometimes when I ran the Add Hardware wizard, or when I restarted the system, it would ask me to insert a Logitech CD (which I couldn't find). To solve this, and because I moved my Logitech mouse over to my XPS and am using the Dell USB Mouse which came with my XPS on my Dimension, I uninstalled the Logitech drivers. I got the same results on my Dimension with both mice, anyway. Again, no results.
Here is my Hijack This log (seems fine except for R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>):
Logfile of HijackThis v1.99.1
Scan saved at 10:27:19 PM, on 10/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ACDSee32\ACDSee32.exe
f:\temp32\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
And again, if nobody here can help me, please refer me to a forum that can, thank you.
Basically, the mouse and internet won't work on my old computer. Fortunately, my new PC is up and running and working great. Unfortunately, I still need to migrate a bunch of stuff over from my old computer (I was in the middle of backing things up when the fecal matter hit the fan) and I have to make sure my old comp is truly free of viruses and trojans before I can move anything from there over to my new comp.
This will require fixing the following things on my old PC: (1) getting the mouse working again (not strictly necessary but it's a pain using keyboard only) and (2) making sure it's virus/trojan free which will probably require (3) getting the internet working again.
Long story short, after a FUBAR'd BitDefender installation/uninstallation (which I installed as part of a cocktail of free virus/trojan solutions) totally messed up my Windows installation, the mouse and internet stopped working. I MIGHT have finally removed BitDefender, but the mouse still won't work. It's kind of hard to figure out the problem from this summary, so I'll post the complete history here. Note that I'm a semi-advanced user and that I tried most things people can think of. You can just skip to PART THREE to get to where I'm at now, since I solved the problems in Part One and the one of the problems in Part Two, but it'll be hard understanding how I got there.
HISTORY
PART ONE - TROJANS AND ENDLESS REBOOTS
My problem is happening on my old Dimension 8200, not my new XPS 410, FYI. I am writing this on my new XPS. The Dimension 8200 is a P4 1.8 with 640 megs of RAM and Windows XP Home Edition. Any details I post on my Dimension will have to be off the top of my head unless I can get it from MSDOS prompt, cuz I can't even boot it in safe mode now. I'll tell the story from the beginning (or if you don't feel like reading you can just skip to the chase by scrolling down to THE CHASE below)
A few days ago, I tried out a new Anti-spyware program (SpySweeper) in order to prep my old PC to give to someone else (I was just wrapping it up) and to transfer a bunch of stuff to my new PC. Spysweeper detected a Trojan (ldpinch) on my computer that my usual AV (Avast) didn't. Amazingly, immediately after just-downloaded SpySweeper (yes I downloaded spysweeper direct from the company's web site) picked up ldpinch, Avast, which earlier the same day picked up nothing, suddenly picked up a virus as well, but a different one (possibly the virus was dropped by the Trojan or the other way around). Keep in mind that I usually run a very tight ship on my PC - I don't visit fishy web sites, I never run strange executables (and if I do I always scan them with an updated Avast, something I'm going to have to rethink), don't fall for e-mail scams, never open strange attachments, etc. Unfortunately, I do shut off my firewall most of the time because it interferes with too much normal functioning and I don't know how to configure it properly so that it doesn't.
I subsequently went ballistic, downloading every free virus program available to be sure my system was clean (and because the free version of Spysweeper can't clean). I got AVG, NOD32, PCTools and Spyware Doctor (free version also can't clean) to start. I ran Avast until it said all was clear. Then AVG picked up a quite a few Trojans/viruses and cleaned them all. Apparently an infinite potion stacking and a relics-in-epics mod I downloaded for Titan Quest a few weeks ago were Trojans (no choice, I absolutely could not play without them lol). I don't know if those were my only Trojan sources though - seems like I have/had too great a variety of Trojans for those to be the only ones, and they were the same one.
I found a second csrss.exe in my task manager after a boot and my firewall said it was trying to access some site in Spain. I promptly deleted the fake csrss.exe from my Windows directory, not touching the real one in /system32. I also manually deleted some other fishy files I found in my task manager and researching them on google to make sure they were not legit (I could easily spot them because I keep my task manager very clean). I also checked to make sure said files did not reappear after subsequent reboots.
Even after manually deleting some Trojan related files and the Avast and AVG sweeps, Spydoctor and Spysweeper kept picking up trojans (ldpinch and Win32:Hackspy). Since they found them in the registry only, I decided to just remove them from the registry manually, which I did. Checking many times through subsequent reboots, none of the registry entries reappeared, and Spydoctor and Spysweeper gave me clean scans (free of Trojans/viruses, anyway, didn't bother with cookies). NOD32 was useless, never picked up anything at all, ever. I then uninstalled Spysweeper (not Spydoctor yet).
Then, just to be safe, I decided to download a cocktail of everything else that had reasonably good reviews (except Moosoft Cleaner since my trial expired a long time ago for that): Sunbelt Counterspy, Kaspersky AV, Avira AntiVir, BitDefender, Panda (didn't install because conflicted with AVG), Stopzilla 4.3, and maybe one or two more that I forget. Stopzilla picked up a couple of new Trojans in registry only. It said it wouldn't clean them in the free trial, but automatically quarantined them and when I uninstalled Stopzilla so I could manually remove them from the registry, they were gone, even after several reboots. Sunbelt Counterspy picked up Backdoor.Genlot.DX in an actual file in Local Settings. Aside from that all the other ones gave me clean scans except BitDefender, which I installed last.
After I installed BitDefender, updated it, and rebooted, my endless reboot nightmare began. The reboot occured right after the Windows XP splash screen disappears. The Windows splash screen appeared for the expected amount of time, then when the welcome screen should appear, the screen goes black, my CD drives spin up, and the system reboots - each and every single time - in an endless loop.
Figuring that BitDefender must be the cause of the problem (well, BitDefender and all the other virus programs I had loaded), I thought I could just boot in Safe Mode, uninstall BitDefender, and be done with it. Unfortunately, BitDefender can't be uninstalled in Safe Mode. Since I couldn't access the Internet at the time (I didn't set up my XPS 410 for net access yet at the time), I couldn't find instructions on how to manually remove BitDefender, so I did some creative tinkering of my own.
First, I decided to uninstall every single one of the recently downloaded anti-virus/anti-spyware programs that I could in safe mode. I did not try uninstalling my old favorite, Avast. A few remained when I was done (they also couldn't be uninstalled in safe mode) - if I remember right, they were Sunbelt Counterspy and Kaspersky AV. Did this solve it? Nope. The reboot problem still kept happening.
Next, I decided to edit my startup programs with msconfig. Usually, I disable every TSR I can get away with disabling (including Avast's) in msconfig as soon as I install a program. I didn't bother disabling the TSR components of all my recent antivirii/antispyware when I installed those because I figured I was uninstalling most of them soon anyway, after I made sure my system was clean. I did aggressively choose to disable/not install the TSR components of all my new antivirii/antispyware when installing/running them, but the things just up and install the TSR's anyway.
So for my next step, I decided to disable all of these. It didn't work, but worse, I found something terrible - msblaster.exe was listed under startup! I recalled that this was a worm because I had it once before. The thing about it was that it was UNCHECKED when I found it. What kind of virus adds itself to startup unchecked? Anyway, I did a system file search for msblaster.exe and checked the usual locations (windows directory, system directories, root) and couldn't find it. Maybe it was left over from the last time I had msblaster (years ago I think)? I don't think so because I use msconfig all the time and I'd remember seeing something like that every time.
Next I finally got my XPS 410 internet up and running. I did some research on msblaster and found out that it caused endless reboots. However, unlike my reboots, msblaster reboots actually load up windows and then say "the system will be shutting down in 30 seconds" or something like that. I wasn't getting anything like that. Still, it's a possibility.
To be sure I didn't have msblaster, I ran all the antiviruses I had left - Avast, Kaspersky, and Sunbelt Counterspy. These all had the latest definition updates (10/12/06) so that wasn't a problem. They all came up dry. Keep in mind that all of my antivirus cocktail gave me clean full scans before this reboot started (except BitDefender which I never got to use, obviously). I also double checked to see if there were any of the msblaster affiliated processes in task manager - I didn't of course, or I would have spotted them earlier since I was checking the process list every minute at this point.
Next, I deleted the BitDefender directory manually. I had to do this in MS DOS in a clean boot, because some file in it was loaded even in safe mode. Didn't work.
Next, I tried doing a startup with all services/startup programs unchecked. Nope. Then I tried a diagnostic startup. Nope. Then I tried F8 menu options. First I tried disable reboot on system fail. That did stop the reboots, but after the splash screen I just get a black screen and it just stays like that forever. Manual reboot, turned it off. I tried everything else on the F8 list. I couldn't use System Restore because I turned it off - I don't like it because I usually like to fix problems myself, and because my old computer was slow as with tiny hard drives (40GB and 80GB) and I needed all the performance and disk space I could get.
Next, I googled the reboot loop problem. It seems a common solution is to boot from the Windows XP CD (yeah same one that came with my Dimension from Dell) and do a non-console repair installation. I did just that. This is what really did my Dimension in. While the setup was half done, it rebooted as part of the process. After the reboot, it displays (in DOS blue screen text) something like - "Setup restarting....................." and reboots. This is right after the Windows splash screen exactly like before. What's worse, when I try to run Safe Mode now, it says "setup cannot run in safe mode, rebooting" or something like that. So, I lost Safe Mode as well. I'm not going to try a fresh Windows XP reinstallation unless somebody recommends it.
Why am I asking for help in resolving this instead of just reformatting? First, I still have all my on my old PC. Yeah I know, back up often. I was sorta in the middle of backing up all my stuff when all this went down. Second, I had a lot of settings/tweaks and stuff I wanted to write down to transfer to my XPS like what options I had on/off for my various apps because I don't want to spend months figuring them all out again. Finally, I have to give my Dimension to someone else in fully working order, and I don't want to start from scratch.
PART TWO - BITDEFENDER AND THE MOUSE
I managed to resolve the reboot problem by manually deleting all the BitDefender files I could using a boot disk and MS-DOS prompt. After I got my Windows back, I managed, with some difficulty, to remove Kaspersky AV and Sunbelt Counterspy.
Now I have some new problems. I can succesfully boot my old Dimension now, but the mouse won't work, no matter what I try. I also can't connect to the internet on it, and it takes forever to start Windows. I am 90% certain that the problem is the borked BitDefender installation. I believe this is the case because after I managed to finally boot my computer, the reinstallation of Windows continued, and at first the mouse worked, but then an error message saying something about not finding some Bit Defender .osx file or something like that (from memory, I should have written it down but didn't). After that popup, the mouse stopped working.
The mouse is the main problem, obviously. It makes the computer a pain to use. Fortunately, I have pretty good keyboard skills, and can still perform most functions with it. The mouse is not recognized in device manager, nor is it recognized by add new hardware. It is a USB mouse. The keyboard is PS/2, interestingly enough. Perhaps that's why it still works and the mouse doesn't. Makes me wish I still had a PS/2 mouse to test. Still, I'm pretty sure BitDefender is screwing it up and since BitDefender is probably responsible for all the other problems and may cause more problems down the road, I have to take care of that anyway.
BitDefender won't uninstall because I had to delete some of its critical files to get my computer to boot again. Reinstalling BitDefender (so I can uninstall it properly) won't work either, because it detects the old installation and refuses to install. I followed this guide to manually removing BitDefender as best I could:
http://kb.bitdefender.com/KB260-en--Additi...ll-methods.html
However, because I had to delete critical files to boot my comp, there were a few steps I could not complete.
1. I didn't do the Windows Install Clean Up stage because I couldn't download it (and I may not be able to use it properly without a mouse).
2. I couldn't regsvr32 /u bdshelxt.dll or bdo.dll because I had already deleted those files.
3. I couldn't uninstall the bitdefender firewall NDIS filter driver or the Bitdefender firewall TDI filter driver because I had deleted those executables already.
BitDefender may or may not be the cause of my mouse/internet problems, but it does have to be properly and fully removed anyway. It is still possible there is a virus/Trojan at work on my comp and that it is responsible for the mouse/internet problems. I say this because there were a few suspicious things that I observed after fixing the reboot problem. First, of course, msblast.exe still appears unchecked under Startup in msconfig, which makes me concerned (see Part One for details on how I first observed this). Next, when I tried to remove Kaspersky AV, I had a real hard time. Most alarmingly, when I looked in my task manager, avp.exe (one of kaspersky's TSR's) appeared twice - once under my name, and once under SYSTEM. This was disturbingly remniscent of the CSRSS.exe thing I encountered earlier (see Part One for details). I also could not terminate the process through task manager. The Kaspersky AV uninstall program refused to let me uninstall without removing the TSR component of Kaspersky first.
After a reboot, and on all subsequent reboots, avp.exe only appeared once in my task manager. I had difficulty preventing avp.exe from being loaded at boot. Whenever I tried to modify my services/startup settings in msconfig, it would tell me that I could not change my startup settings because I was not an administrator or something like that (and I am an administrator on my computer, duh, I'm the only user, I even double checked again and it said I'm admin, and I was logged in as myself). I finally managed to get around this by booting in safe mode and making my msconfig changes there, then starting in normal and uninstalling Kaspersky. Fishy, to say the least.
So, now I'm still very suspicious that there's some trojan/virus active on my Dimension. Recall that I downloaded almost every free AV/AS out there and they gave my PC a clean bill of health before the reboot problem started. Also recall that I uninstalled every one of these AV/AS programs in the end to try to fix my computer. All I have left is Avast and the ghost of BitDefender. I'm not sure what else to try to find and kill this possible trojan/virus, especially considering that trying every free AV/AS out there was what got me into this mess in the first place. Anyway, I have to be absolutely sure my computer is free of viruses/trojans before I can transfer my stuff over to my new comp.
In summary, these are the problems I need to fix on my old Dimension now:
1. Remove BitDefender completely.
2. Get mouse working again.
3. Get internet working again.
4. Make sure the entire computer is really free of viruses/trojans so I can transfer files to my new comp safely.
PART THREE - BITDEFENDER REMOVED (?) BUT MOUSE/SYSTEM STILL BROKEN
I managed to copy over the install cleaner to my Dimension. After I ran the install cleaner I could finally reinstall BitDefender. I did this, rebooted, and uninstalled it. My mouse still doesn't work. BitDefender should be gone now, but I'm not totally convinced it is. Windows still takes abnormally long to boot.
Next I tried reinstalling Windows from the CD again. Like the first time I tried this, the mouse began working again briefly, during the setup screens. This time, there was no BitDefender error message. Sometime when it was installing device drivers, when the monitor was constantly turning on and off, the mouse failed. Same as before except for the lack of a BitDefender message.
Next I tried fiddling with the device drivers. I had actually tried this before I uninstalled BitDefender. No mouse gets recognized, though two things are recognized: a USB Human Interface Device and an HID-Compliant Device, both under Human Interface Devices in Device Manager. Details:
USB Human Interface Device
Driver Version 5.1.2600.0
Provider: Microsoft
Digital Signer: Microsoft Windows XP Publisher
This Device is Working Properly
HID-Compliant Device
Unknown Device
Device type: Human Interface Devices
Manufacturer: Standard System Devices
Location: on USB Human Interface Device
Status: This device is not configured correctly (Code 1)
To reinstall the drivers for this device, click Reinstall Driver
On clicking Reinstall Driver -> There was a problem installing this Hardware: HID Class
An error occured during the installation of the device. The driver installation file for this device is missing a necessary entry.
This may be because the INF was written for Windows 95 or later. Contact your hardware vendor.
No mouse appears in the device manager. Under Mouse Properties -> Hardware, it is completely blank.
Sometimes when I ran the Add Hardware wizard, or when I restarted the system, it would ask me to insert a Logitech CD (which I couldn't find). To solve this, and because I moved my Logitech mouse over to my XPS and am using the Dell USB Mouse which came with my XPS on my Dimension, I uninstalled the Logitech drivers. I got the same results on my Dimension with both mice, anyway. Again, no results.
Here is my Hijack This log (seems fine except for R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>):
Logfile of HijackThis v1.99.1
Scan saved at 10:27:19 PM, on 10/15/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\ACDSee32\ACDSee32.exe
f:\temp32\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkID=39204
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.0.97.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200210...meInstaller.exe
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~4\SPEEDD~1\nopdb.exe
And again, if nobody here can help me, please refer me to a forum that can, thank you.
0
Comments
1) Give Memtest-86 a few passes. If you get errors, try testing each stick individually. If you only have one stick of RAM to begin with, replace it and try again.
2) Once you are sure you have good RAM, try sticking a spare PSU in the old computer and give the Repair Install another shot.
See where that gets you as a start.
Also, could anyone at least let me know if reinstalling Windows from the CD - choosing the fresh installation option instead of the repair option - would fix the mouse problem, and also, exactly how much damage would such an installation do?
What I'm planning on doing next is copying over everything I need onto one of the HD's in my old comp and moving it into my new comp (no, I will not boot from that HD, duh). This would of course be a lot harder without a working mouse, so I'm hoping I can resolve that problem first. Next, I will scan the HD from my old comp once it's situated in my new one. I need recommendations on what to scan it with once I have it in the new comp to be absolutely sure everything on it is clean.
There is no way I'm using Norton or McAfee. They are worse than viruses. I'm wary of BitDefender too because that's what broke my computer. Kaspersky is also a bit dodgy. I had problems removing it. I suspect SpySweeper is what installed some of the Trojans on my computer in the first place, so that's out. Panda conflicts with AVG so that's out of the question. I'm a bit wary of Stopzilla because I just don't like it very much. I like Moosoft Cleaner but I want to save the free trial for an emergency - when I really need it, so that's out. NOD32 was worthless, not using that.
This is everything I am considering trying: Avast, AVG, Spyware Doctor, Stopzilla (wary), Sunbelt Counterspy, Avira AntiVir, and Kaspersky AV (wary). Of course, I tried all this stuff on my old comp and they said everything was clean after I cleaned up all the viruses with them or manually. Like I said, suspicious stuff was still going on afterwards.
Oh yes, and my budget for this: $0.00 I spent all my money on my new comp. So, I could use any recommendations for AV/Antispyware/Antitrojan that I can get.
Do a search for a program called RegCleaner and use it to clean up any remaining bits of old programs you have uninstalled (like BitDefender).
Go into Device Manager and click View>>Show hidden devices and uninstall any stray pointing devices you find there. If it's a USB mouse, clean out everything under USB Controllers as well. That'll at least give Windows a fresh start at finding them and setting them up properly.
If it's a PS/2 mouse, make sure the controller is enabled in the BIOS.
As for antivirus programs, I'm a big fan of the free version of AVG.
I looked under devices and hidden devices and lo and behold there were 2 drivers - one motherboard one and one I forget that were not functioning. Unfortunately, uninstalling them didn't fix the problem. Windows isn't detecting them again with add new hardware. And yes, it's a USB mouse. I'll keep messing around with device manager but I'm about ready to give up on the mouse and just do a HD data transfer to my new comp (which will be a pain without a working mouse).
I've yet to try RegCleaner, I'll do that next.