VIRUS? Windows Loads - No Icons - HELP

Hi,
I have a Dell 4400 desktop running XP.. I go to work the other day and I notice before I left the PC was doing a windows update.. It must of refreshed itself,

1. I come home its a black screen so I refresh and it took forever to load, when it did load there is no icons on the desktop and button would nor click. So I refresh again.. Same thing. At this point I knew something was not right. I refreshed 5 more times before simply going to "Safemode"...

2.) Once in "Safemode" the PC ran GREAT & fast. I did a virus scann, and all the other scans to remove virus and Malware.. (SEE LOGS)..

3.) Root repll does not work in Safe mode, it simply freezes up.. Also Combo fix would run yet when it got down to "Scan for virus" it never started the scann. So I assume Combo fix does not work in Safemode..

4.) Once I ran everything the I restarted XP, it loaded slow yet icons came back on desktop. Bad thing is you click on them and none open, I click on Start button and the PC is FROZE.. Rebooted tried once more and same thing..

Please see my logs.. Thank you for any assistance
Regards
Superlost6

 

Here is the viruis scann image..

 

Hello Superlost6


http://img196.imageshack.us/img196/3557/tdsskiller.gif I want you to read and follow these instructions: TDSSKiller - How to run


http://img684.imageshack.us/img684/6489/aswmbr.gif Please download aswMBR to your desktop.

• Double-click aswMBR.exe to run (Vista/7 right-click and select Run as Administrator)
• Select No when asked "Would you like to download latest Avast! virus definitions?"
• Click the [Scan] button.
• On completion of the scan click [Save log], save it to your desktop and attach this log to your next message. (How to attach)

http://img205.imageshack.us/img205/1894/otl.gif Please download OTL by OldTimer.

• Save it to your desktop.
• Double click on the OTL icon on your desktop.
• Check the "Scan All Users" checkbox.
• Check the "Standard Output".
• Change the setting of "Drivers" and "Services" to "All"
• Copy the text in the code box below and paste it into the http://img14.imageshack.us/img14/66/otlcustomfix.png text-field.
  
  Code:

  activex
  netsvcs
  /md5start
  afd.sys
  i8042prt.sys
  ipsec.sys
  netbt.sys
  svchost.exe
  tcpip.sys
  /md5stop
  %windir%\$ntuninstallkb*. /30
  %windir%\system32\drivers\*.sys /lockedfiles
  

• Now click the http://img171.imageshack.us/img171/2405/runscanotl.png button.
• One report will be created:
  • OTL.txt <-- Will be opened
• Attach OTL.txt to your next message. (How to attach)

http://img600.imageshack.us/img600/2693/mgtools.gif Now download the latest MGtools.exe to the root of your c: drive.

• Replace your existing MGtools.exe with this one.
• Now run this new MGtools.exe by double-clicking it. (Vista/7 right-click and select Run as Administrator)
• When it is finished, attach c:\MGlogs.zip to your next message. (How to attach)

 

Thanks so much for the help,
I have ran all scans and posted the logs. I await your responce
Thanks
Superlost6

 

2 more

 

Hi,

I need you to go back and complete step #6 (Using DeFogger) here: Disable Any Disk Emulation Software

I need the MGlogs.zip from MGtools. Just attach the entire archive so I can review.

It also looks like the TDSSKiller and aswMBR scans were interrupted because the logs are incomplete. Can you rescan with both and attach the new logs? Thanks

 

I did this before work (without coffee) When I get home I will repeat the steps needed and the logs you request. Once more THANK YOU SO MUCH!
Superlost6

 

Oh, one more thing to keep in mind, I am doing all this in "Safe Mode" as it's the only thing I can get to work.. Is all this ok to do in safe mode?????????

 

Yes that's fine.

 

I still can not get Combofix to run in "Safemode".. It gets stuck in scann mode. See image

 

OTL would not run in safemode, I deleted it and reinstalled still would not run.

I did re-run all other scans, see logs.. I look forward to your reply
Thank You
Superlost6

 

For the record, I restarted windows XP in NON safe mode and it loaded SUPER SLOW and only 2 of my desktop icons loaded before XP froze............

 

Hi Superlost6,

Your logs are clean.
I think the problem is that you have a low amount of memory

Code:

Total Physical Memory	640.00 MB

combined with the fact that Avast is installed and there are traces of services and files related to AVG and Sophos in your logs.

With this amount of memory, I do not recommend using an antivirus at all. Having traces of 3 antiviruses is what probably was prevented tools like ComboFix and OTL from running.

Also these folders indicate previous data corruption issues.

Code:

Locating all files created in C:\  
FOUND.000     Jul 28 2003              "found.000"
FOUND.001     May 16 2004              "found.001"
FOUND.002     Mar  8 2007              "found.002"
FOUND.003     Mar 27 2008              "found.003"
FOUND.004     Apr 13 2008              "found.004"
FOUND.005     Aug 14 2008              "found.005"
FOUND.006     Sep  9 2009              "found.006"
FOUND.007     Feb 16 2010              "found.007"

I am moving your thread to Software since these problems are not malware related and so that you can get the help you need there.

Take care

 

Thank you , what I will do is uninstall all anti virus programs and try that.

On this...... ,
Code:
Locating all files created in C:\
FOUND.000 Jul 28 2003 "found.000"
FOUND.001 May 16 2004 "found.001"
FOUND.002 Mar 8 2007 "found.002"
FOUND.003 Mar 27 2008 "found.003"
FOUND.004 Apr 13 2008 "found.004"
FOUND.005 Aug 14 2008 "found.005"
FOUND.006 Sep 9 2009 "found.006"
FOUND.007 Feb 16 2010 "found.007"

Is there something there needs fixed?
Thanks
Superlost6

 

You can leave those there or you can delete them. I prefer deleting them.

 

This is embarrassing, all I see is found 0001 0002 0003 and have no idea what or were it is.. What am I deliteing? :confused

Also, after working on this Saturday, I uninstalled the virus program and many other unwated programs and it runs GREAT now.

Since PC is old and has only 3/4 of a gig of ram I ordered a 528mb chip to boost to 1gb (units max) Personally I think 2gb is best to run. When I put the 528 chip in when it gets here, will I then be able to use virus program?

Thanks