XP S3: Lost Internet, Shutdown Manually, Then Shutdown Self on Reboot!

For the last few days, AVG Free has reported only about half as many total files scanned as previously. An update of AVG about that same time contained a program update as well as database updates, so I attributed the change to that.
Last evening, I was editing an MSWord document, but twice I received an error message announcing that a problem had occurred and the program must shut down. I have seldom if ever had Word do that to me before. I finally did manage to get the document completed and saved as edited! Unfortunately, I did not back it up.
When opening AT&T Yahoo webmail, I got a pop-up error message "AI RoboForm assertion failed," which told me to paste its contents into an email and send it to bugs@roboform.com. I did so.
I decided that was too many error messages in quick succession, so I ran some scans, each time checking first for updates: CCleaner, MbAM (found a trojan, quarantined and deleted it), and RegSeeker.
Tried to access my webmail (to look for reply from RoboForm), but could not access the Internet, getting instead the page "Internet Explorer cannot open this page."
It was suggested that I use my AT&T Self-Support Tool. It checked my system and then said to access a certain help page. That tried to access the Internet but could not.
At that point, I decided to deactivate the connection to 2Wire DSL modem and shut down the computer till I could get more help.

User MedTxInMich, her daughter, now talking: :wave
I turned on the computer tonight to do the "read and run me first" process, but it shut itself down before it had even completed startup. I tried startup in safe mode, which worked, and thought we were home free when it recognized my flash drive, to which I'd saved the programs in your process that she didn't have. Weeell...for some reason, it wouldn't let either Administrator user install programs, saying "the administrator has not given this user permission to install programs." Uh-huh.
At first, I told her, "That's it. You're dead." Then, I remembered system restore and your lovely saying, "An infected restore point is better than no restore point at all!" So, I went back to the restore point she chose (January 9, the last time she downloaded e-mail from her web mail) from safe mode (I know, but I obviously couldn't do it from regular mode) and away we went with a restored internet connection and an ability to install and run the requisite programs.
So, I have attached the first 3 logs (SAS, MBAM, and CF), and MGT will follow in the reply to this message.
My mom doesn't use her computer for a profession, but she had been in the middle of doing the local AAUW chapter's newsletter, as well as her local U of M alumni club's business, and there was a deadline for both. I hope we can get her up and running soon, but I understand you folks are busy.
*huggles*
Thanks bunches for your continued assistance to our household!

 

MG Log zip is attached. Thanks again for helping! :wave

 

When I started my computer, everything reacted very slowly, especially Internet Explorer. I finally got everything done that you asked me to do, but things are still running slowly, even after restarting the computer and running CCleaner and its registry cleanup (?).

Another note: My daughter ran RegSeeker, and at the end of the scan, the popup that appeared was very small and had no words in it. She thinks something is still wrong.

She has also installed Firefox and it accesses the web a lot faster than Internet Explorer, but everything else still runs slowly.

Thank you for your help!

 

Hello Tim. I have not had Zone Alarm for a long time. Once our local "computer guy" recommended AVG Free, we uninstalled ZoneAlarm. I suppose it's possible there are still vestiges of it in the registry or elsewhere. If you think that is the case, are there instructions you could give me to rid my computer of remaining traces?

We had been very satisfied with AVG8 and its operations, but if it's not keeping out the malware, then we should find a program that would do the job more thoroughly! My daughter says that you people recommend other anti-virus software that is better and less of a memory hog. Do you have any suggestions for me in that regard?

One more thing: on my daughter's recommendation, we went back to a restore point almost a month earlier, thereby "losing" data changes and additions to things like my address records as well as some files for a now-overdue newsletter I was working on. I wonder, if and when we get things back "up to snuff," if it would be safe to return to a more recent restore point (of which there are several)? I'm concerned whether that would bring back the darn malware!

 

MedTxInMich, here:
We had to do a system restore from safe mode originally in order to do anything at all on her system, including the "Read and Run Me First" process. Her regular Windows environment shut itself down when I booted it up after she had had it shut down all night. Please see original message of 2/4/09.

We have done no system restores since that time--only the steps you have told her/us to do.

Thank you for your continued assistance.

 

Quote:
Originally Posted by commenterri

YOU SAID: "This statement confuses me. You went back to an earlier restore point before we started working on the system? You now want to go to a more recent restore point --- which may well be a point that is infected. So doing that will negate any malware removal that we have done. If you want to do this, then we will have to start the process all over again. Please explain."

MedTxInMich, here:
That was my mom's request. She really wanted to do that newsletter and U of M business she'd started on and saved at a future point on the system, but I had already told her we couldn't go back to a future restore point once we'd restored to a previous point. (I thought this was true. I guess I was wrong, but...oh, well! What she doesn't know won't hurt her! :-D 'Course, she's going to read this....:wave Hi, Mom!)

So, we're uninfected, now, right? Yeah, let's keep it that way. I had already downloaded Avast!Antivirus for her because that's what I'm running on my laptop after getting it malware free recently. Let's hope changing to that will go better. What about recommending a firewall, too? I know Windows is for crap, but I think Online Armor would ask her a lot of questions she would say yes to that she shouldn't. Hell, I think I often say yes to a lot of its questions I probably shouldn't.

Thanks, again.

 

Tim W. (or whoever receives this message):

This is Terri, mother of MedTxInMich. I finally found a block of time today to work on a final fix of my desktop computer we were working on with you last weekend. (Meanwhile, to be safe, I had been using our laptop to communicate and play games, but that's about all we do on it.)

Your previous post said, "If you are not having any other malware problems, it is time to do our final steps:" So I followed the directions to initiate the uninstall of ComboFix. After a few seconds, a Windows error message popped up saying something like "prep.com has encountered an error and has to shut down." Then an AVG Resident Shield alert popped up saying it had detected a trojan named BackDoor.SmallX.VX. I copied the window into a Word document in order to send it to MajorGeeks, and I will attempt to attach it to this post though I am new at this.... I clicked on Heal, then went into AVG and moved it to the virus vault and emptied the virus vault. I figured, now it's gone so I'll try the CombiFix uninstall again. It all happened again! So I guess healing it after one gets the alert does not take it down completely.

I have since shut down my desktop computer all the way and moved back onto the laptop for communications.... :cryWhat do you suggest I do next? I would appreciate all the help I can get!

 

Thank you so much, Tim!

After I got your message, I went ahead and did all the things you suggested to undo the changes made during the cleanout of my computer. Then with my daughter's help, I uninstalled the less effective or more bloated programs and replaced with or added more thorough or less bloated ones. So now I still have CCleaner, Spybot S&D's newest program update, Malwarebytes' Anti-Malware, and RegSeeker; and I have added (or changed to) avast Antivirus, SUPERAntiSpyware, and SpywareBlaster. We also installed PCTools Firewall. Hopefully, running these programs every week or so (some every day) will keep me in much better shape for anti-malware safety!