Infection Issues w/LOGS

Hello, and Merry Christmas!
I have been having infection issues for the past 2 weeks. Browser issues, laggy pc, setting changes for no reason, weird files popping up in directories, can't run sfc /scannow, can't get a Recovery Console, etc.. I don't go to malicious sites.
Attached to this thread are the 1st 3 scan logs per the READ & RUN ME FIRST tutorial.
I hope I have provided enough info. I am kind of burned out from chasing this thing around, and want to get it rectified before I do a Repair Install of XP Pro SP3.
Thanks for your time and consideration!
tim

 

Hello, this is the second installment of my previous post. This contains the final 2 .txt files for the READ & RUN ME FIRST tutorial. Hopefully, you Experts will be able to help me out.
Thanks, and Merry Christmas, again!
tim

 

Thanks, Kestrel 13!... I'll do it right now and post logs- if need be.

 

OK, Kestrel 13!...Op complete. 2 suspicious objects in TDSSkiller and seemingly an issue in the MBR. :confused

 

I could use your guidance on another matter. Could you please point me to an expert involving OS, DLL, and 'CMD' issues?... I would appreciate it. My directories somehow got all screwed up (Infections?), and there are duplicate drivers, obsolete items, etc. that I really don't know what to do about.
Thank you, and have a Great Holiday Season!
tim

 

OK, since my last post earlier I have been having driver issues. Went to Device Manager, checked on the hidden devices and there a bunch of faded squares and yellow exclamation points. The pc operates like it has a mind of its own, too. There IS something evil lurking within that is systematically tearing everything apart in my rig. At this point, until this has been identified and eradicated, there is absolutely no sense in repair this OS via the Install CD. I am appalled at the size of my directories, too. It seems like everytime I go in and open the Files, there is more items in there! What the dickens is going on here???
Also, did a couple of sfc /scannow's and the machine didn't like it...some kind of negative message about the DLL Cache.
Don't know what to do...Put all my Docs, Photos, etc. on a CD, and make a text note of all my programs, throw the HDD in the river and start afresh???... This is a frickin' nightmare!... rather just got a piece of coal in me stocking!

 

OK- I am going to have to download MGTools again and run it. I do not understand the part about 'Open Notepad and copy/paste the text in the below quote box. Ensure you scroll down to select ALL the lines:' for the ComboFix scan. Does it literally mean to paste the scan log file or .txt in the box in your post?

 

OK, Kestrel13!- I think I got this right. Apparently the ComboFix log will show up in the C:\MGlogs.zip, so that's what I'll attach.

To answer your queries, I just don't remember seeing that many files in the Directories before. Of course, this is just a visual observation. The structure of the File System seems different is all- I can't explain it beyond the fact that it doesn't 'feel' the same. Sort of like a trained reflex, I suppose. It really doesn't matter at this point. I can re-org that matter later.
Of further note, at the time I noticed something was wrong the audio on this machine disappeared-ie-no sound out the back of the pc. I do get sound through the headphones @ front HP jack. Also, when the pc goes through the booting sequence, asks for PW login, the desktop is taking about 3X as long to load as compared to before these anomalies appeared.
I certainly appreciate the time and effort you have afforded me regarding this matter. If I have done anything incorrectly, or have any pertinent advice, please advise.

 

Kestrel 13!- I have major issues since running those tools. I got up this morning and turned the pc on and it just kept cycling through the boot sequence. Can't atrt the OS, although RC says it's there. Since, I have put an old HDD in and installed XP. I need to get back on that other HDD so I can get at my progs, docs & sttgs, etc. I don't have a clue what is going on as I did everything the way you instructed. Please advise.
Merry Christmas!
tim

 

@Kestrel13!

Code:

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services]
"[B][COLOR="Red"]Lavasoft Ad-Aware Service[/COLOR][/B]"=dword:0000000[B][COLOR="Red"]2[/COLOR][/B]

It's probably this service causing some boot conflicts whenever MSconfig is in Normal Startup Mode.

Ad-Aware isn't installed but the service is still stuck in the registry.

Remove the service and hopefully timw128 can boot back into Normal Mode.

That or go back to using MSconfig with minimal services / startups loaded

 

No, sir, it just goes right into a continuous boot cycle- following the Compaq splash screen and the subsequent Windows screen. Sorry I couldn't respond sooner- Holidays, and I blew up my 2600k. For the record, the 2600k will NOT clock over 5Ghz- even with extreme nitrogen cooling. Sooo, I had to put this slow WD HDD in this machine and get it up and running. What a frickin' job, trying to remember settings, etc.. I WILL back-up externally from now on.
Did you determine any viral content from the scans we ran?... I thought I had everything removed before, and the machine would work fine for a while, and then it would start acting up again, Made me think Rootkit.
Anyway, the mobo in this rig is questionable, at best. Even though it is a locked OEM Goldfish 3 (ASUS), I found a way to push the FSB and voltage a bit at the chip to 3.14Ghz. It's a P4 Prescott, 2.93Ghz piece, but it has been stable. All of this is redundant do to the miniscule cache. Mobo has a RAM slot out do to a wheezed capacitor, too.

 

OK, Thanks!... I'll try to play with this tonight and see what happens. I did play a bit with msconfig and services.msc to reduce cpu usage. This thing runs at 100% carrying only 28-34 processes, too. I have 2x2GB sticks installed, and an optional VC that runs 512MB. It's an nVidia 8400GS PCI piece. I only see 2.6GB of RAM in Device Manager w/XP Pro SP3. With Home Edition it seemed like I was seeing 3.2GB(?)

 

No update yet. I am going to put that HDD back in the machine and try to get at the OS page (F8). If that doesn't work, I'll plug in the Hiren's Boot CD and fix the MBR and FixBoot. Then I can implement your suggestion. On the HDD that's in the machine now, I picked up a couple of Trojans from somewhere. Don't know where they came from, as I do not visit any illicit sites. SAS Free found them. Probably from Facebook- they really need to induce some security measures!
I have been really busy over the Holidays, but rest assured, I'll report back soon.
Thanks-
tim :wave

 

Kestrel 13!- Thank you for your time and interest on this matter. I am not sure what has happened, but something wiped my OS from the drive in question. I booted my Hiren's diagnostic tools CD in and found that there was a partially installed Windows XP Professional OS there. I have no idea how this happened.
So, I guess we'll never know what happened. I couldn't even locate any data using some recovery tools on the Hiren's CD. :confused

 

Well, thanks... I'm no power user, and we could've probably tried a couple more recovery tools, but enough is enough. I just lost photo docs, nothing sensitive. I am just a lowly Mechanical Engineer, but I know when it is just efficient to cut bait and run...lol!
Now that my mind is back on it, I may be able to play with that drive a bit more. I stopped the Gutmann wipe about 1/2 hr. into the activation. Guess it doesn't hurt to try- that's how we learn!
I am very impressed with that Hiren's Boot ISO CD 15.1. Wish I had known about that Tool Box a while ago.
Again, thanks for all the help you afforded me. Have a great New Year!
tim :wave

 

Oh, by the way, Kestrel 13!, I just went to my mailbox and found this article. I don't know if it would interest you or it is of content that you would already know about. It sounds like the wall I ran into with the XP CD boot loop.

http://askbobrankin.com/how_i_got_h..._backup.html?awt_l=G8eOR&awt_m=1qa8fD0jreP6SL