Every week, my kids go to their aunt's house for a piano lesson, and for the last five or six weeks, while they're doing their lesson, I have been trying to get her computer back up and running. First I'll describe the problems she's currently having, and then I'll give you the back story so you know how we got to where we are.
Gateway desktop circa 2007
Windows XP Home SP2
30GB, 2.4Ghz, 256MB RAM
1. Last week, right after user account login, "RUNDLL Error: WNNT/uwipijovapu.dll Access is denied"
2. On starting up IE8, AVG ResidentShield quarantined "Trojan.Hiloti" the path of which was directed to uwipijovapu.dll
3. Now, right after user account login, "RUNDLL Error: WNNT/uwipijovapu.dll The specified module could not be found"
4. Mozilla Firefox takes 3-4 minutes to start up, IE8 takes about 30-40 seconds
5. Ad Aware 2007 wouldn't open, and yet in Task Manager, the program aawservice.exe is claiming 30K+ of system resources. When I click "end process" the computer is slightly faster, but still still slower than it should be (and the Firefox problem is still there). I installed a fresh copy of Ad Aware 2007, and the program works now, but I still get the aawservice.exe problem.
6. "Run:services.msc" doesn't list aawservice.exe at all.
6. In "Add/Remove Programs" there are no programs listed.
7. Malwarebytes and AVG Free find nothing.
8. Disk has been defragmented. Initially, the defrag made the machine run like a dream, but then all sorts of mayhem ensued. And that's where we get to the back story. Read on...
The Back Story:
1. Windows would not allow user login in Normal Mode. Computer was infected with Internet Security 2010 virus. User login would go right from "loading your settings..." to "saving your settings..." and then would shut down. Entire process took about 5 minutes.
2. In Safe Mode, I logged in as Administrator and backed up all her files to an external hard drive and took the computer home to work on.
3. Using the recommendations from this forum, I ran "SDFix" in Safe Mode. Program got to the point where it had to reboot to complete its operations (a normal part of the SDFix scan).
4. On reboot, Windows would not allow user login in either Normal or Safe Mode. What happened in #1 was now happening in Safe Mode too.
5. Booted from the Windows XP CD that came with the Gateway PC. Clicked the Repair Wizard. During the Repair process, SDFix suddenly resumed and finished running.
6. SDFix and the Repair Wizard appeared to work. Windows now allowed user login in Normal Mode. I installed and ran Malwarebytes in Normal Mode. It found and quarantined 23 infected files.
7. Rebooted the PC and everything started up as it should, but ran slowly. I ran disk defragmenter and it worked like a dream. The computer appeared to be fine. This is where I should have stopped.
8. I ran Checkdisk. Checkdisk got caught in an infinite loop where, on completing its check, it would reboot the computer and immediately start checking again (this ran for about two hours -- I had left it alone to run and only discovered the problem when I returned).
9. I pressed F8 during one of the automatic reboots and chose "Last Known Good Configuration" -- still landed me in a Checkdisk loop. Booted from the Windows XP CD again, and chose "System Restore" (for some reason, "Repair Wizard" was not an option this time). After system restore, Windows started up normally once again, but there was a weird driver issue: the display was loading with some very primitive graphics. And "Run: winver" told me that the computer was now running Windows XP Home SP1, when it had previously had SP2.
10. I loaded the Gateway Drivers and Application CD - this was obviously a mistake - to reload the monitor driver. The driver CD ran an automated process that tried, over the course of another couple of hours, to install all sorts of unecessary drivers. There was no way to stop or cancel the process. Some drivers installed successfully and others failed. Finally the automated driver CD was finished wreaking its havoc, and Windows again loaded normally, but was now very slow.
12. Next piano lesson, I returned the computer to my aunt, and connected it back up to the Internet for the first time since the virus infection and began to download and install program updates and security updates. I installed XP SP2, IE8, AVG Free, and Ad Aware 2007. These updates literally took hours to download and install.
13. Which brings us to our current situation.
Sorry for writing such a long description, and thanks in advance for any and all help!
EDIT: Moved from XP to Am I Infected forum, more appropriate ~ Hamluis.
Edited by hamluis, 21 April 2010 - 11:58 AM.