Help Please ~ In Deep Doo!!

Good Morning!

I’ve got a serious problem which I cannot find a solution. I have been hijacked and I can’t find the malware nor circumvent it. I am running Windows XP Pro SP3. Sunday I noticed on reboot a most odd happening... the boot would pause and engage Chkdsk, not a normal procedure unless scheduled from inside a Cmd Prompt when asked “would you like to run chkdsk on your next boot.” I have enough familiarity with Chkdsk in and from my DOS days and know even if implemented from a command prompt the /f parameter must be engaged in order for any actions besides the basic scan itself to take place. The entire setup and files being displayed were way out of the ordinary from anything I have ever before experienced... even the Window XP Logo at the top Right of the screen seemed totally out of place, never before had I seen that in connection with the running of Chkdsk... and even with that it was a poor representation of the logo with bleeding and very imprecise edges... Then as I notices numerous files passing by I noted a series of one I am Certain do not exist on my HD i.e. “joke of the day/... and numerous incantations of same.

Then after booting into Windows I noticed my Norton A/V missing from my Tray... I then went to my Startup and tried to manually engage Norton and no matter what I did nothing would happen. I went to the Directory and regardless of whatever Norton or Symantec executable I tried none would engage. I then attempted to go after a System Restore... None of the check point dates would successfully load and take. I then went and rebooted figuring I would go into a Safe Mode Boot and try and access System Restore that way... which from past experience for whatever the glitch might be {never have been able to correct this even with Microsoft Tech Support looking into that matter that I could rarely implement System Restore from Inside Windows ~~ alas another issue but not germane to the current condition} I could in the past, only do a successful Restore from Safe Boot Mode... Well this attempt was to no avail as after the files that get loaded flash down my screen the system would just hang. I tried this several times but to no avail. So back into Windows again.

My next thought was to reinstall Norton Antivirus 2009 from the CD only to be greeted with the following:

“Another installer is currently running. Please wait for that installation to complete and try again.”

Now to be noted is the fact that although I could not implement Norton under any circumstance when I used my Task Manager Clone I noticed all the various Modules of Norton / Symantec actually running in the background as expected... so as far as I could tell I was still being somewhat protected by Norton A/V.

So a friend who happens to be an IT Director came over and after investigating we decided the best course of action was to download a demo of AVG A/V and we ran that. It detected 7 instances of "Hijack/ ~ Whatever" {my term for I forgot to write down the specific file parameters} inside of my registry. Being that it was a demo and would do nothing until AVG was purchased, of course. So I did that. Had it up and ready to run but was admonished to first uninstall Norton before installing AVG... I attempted to do that but was greeted with the same pop up admonition as reported above. My next course of action was to use a Task Manager clone and then disable all instances of Norton and Symantec currently running, as well as the Start Up file that would load same.

AVG installed and loaded successfully and I did a full system Scan. It, unlike it’s demo version picked up Absolutely Nothing ~~ with the exception of some Tracking Cookies. I was astounded. How could this possibly be?? Yet the demo when it ran, picked up like I said, 7 instances of Hijack 'something' in the Registry and by each were the suggestion: 'Dangerous'. Yet again when I ran the purchased version of AVG, Nada!!!

So now I have AVG successfully running and with all the additional modules that came with the package Web Shield Anti Spyware Anti Rootkit etc ... I even notice 2 incantations of Symantec Framework still loading in the background.

So there is the problem... all the previously noted and listed symptoms still exist as of the posting of this inquiry... What to do... what to do...??

Also please note that I have the following Programs at my disposal:

Paretologic Antispyware and associated Programs ~~ Registered and Paid

Reg Cure by Paretologic Registered and Paid

Glary Utilities Pro Registered and Paid

Advanced System Care Demo Only

CC Cleaner Free

Hijackthis Free

Fresh Diagnose Registered

CloneSpy Free

Expired Cookie Cleaner Free

I have run Paretologic AntiSpyware but not yet Reg Cure... Glary Utilities... but picked up nothing discernable. I ran Advanced System Care but I am too unfamiliar with all it’s vast capabilities ~~ and to be honest I am analogous to having a Pilot’s License to Fly a Piper Cub but when I load ASC it is tantamount to getting behind the controls of a Boeing 767 and I am scared to death of all the suggestions it wants to implement from just my past incursions and demo’ing of the product before, and not in deference to my current situation ~~ quite frankly I am in no way at the level of most who post herein and am intimidated by all that I see inside of ASC and just don’t know enough to feel secure that I am detecting and more importantly would be excising the correct item from my Registry. Ah yes, The Registry!! Another fairly intimidating concept in my lack of familiarity or hands on makes me approach the detection and potential deletion thereof with much trepidation.

So Guys n Geeks... Where do I go from here??

Thanks for your help and attention.

 

This is Me Again, Midrange

After reviewing the Read Me Run Me First Malware Removal ----> Windows XP Cleaning Procedures ---> Dealing with System Resore procedures... my problem is that I can't successfully access System Restore from inside Windows except that I could disable it of course... but I am unclear as I read that as to if I should or shouldn't disable as it also admonishes that "And Ifected Restorepoint is better than No Restorepoint at all" I must read it again to clearly understand whether or not after implimenting the other procedures if I am or am not to disable..

In concert with that, as I mentioned in my previous, because of the infection I am prevented at this time {prior to imolementing Any of the listed Malware Removal ones} from being able to do a Safe Boot... so where would that leave me if, during, after ect I have indeed implimented the installation and running of the listed programs?? Is it essential to the running of any one or all of the listed tools that I be able to do a Safe Boot? What do I do at this point Before I have instituted the Malware Removal software recommended. I am hesitant to go any further until I get an answer to this question.

Thanks for whomever's timely response

 

Thank you for your reply...

The problem I do believe is some sort of malware as the original problems haven't gone away... I saw the reference to the Read & Run this and went to the Windows XP Cleaning Instructions and downloaded all the suggested files.... I've only had time so far to run SuperAntiSpyware & Malwarebytes and found one "Unclassified" Program and excised it.

The problem I mentioned with safeboot is that indeed I have a file corrupted in my email program and it was the .log file and while inside windows a pop up screen came up and announced because the file was now corrupted my email program would no longer run and it directed me to run chkdsk to resolve it.... that's the first time that has ever happened and I do consider the pop up admonition totally legitimate.

The problem is that the only way I can get to a command prompt outside of windows which is the only way chkdsk can be run, is by invoking an F8 pn boot and going to selection of "Safe Mode Command Prompt Startup"

Except when I attempt that the files will load to a certain point as I previously reported and then the system hangs and I can't get a command prompt to run chkdsk.

I still can no longer access anything that has to do with Norton A/V such as my now desire to deinstall it because I have installed AVG. I can't deinstall or uninstall because a pop up will come up either when I try to access uninstall from inside Control Panel or from the Norton Icon which also appears when I try to access the Norton CD "Another application is running install. Please wait until finished and try again."

I hate to disagree with my "Elder" who is light years above me in knowledge of such issues but from the action I am describing as well as the original phoney boot ---> involuntary implementing of a fake chkdsk that ran very strange files that I had never seen before.... trust me I do know enough about chkdsk and what to expect when it runs.... like in order for the files that I saw running the /f parameter would have to been invoked it was not.

And the behavior inside Windows is very representative of what a virus or malware might/would do to prevent me from running or deinstalling or reinstalling my Antivirus software.

Please can you at least tell me how I can get to just a command prompt before I impliment the rest of the procedure that I see you yourself wrote for Malware Removal. I need to run a legitimate chkdsk to at least try to restore my email program

Thank You