Think it's a virus... but it survived a clean format!

Got a strange problem that has arisen in the past few days (running WinXP sp2). I keep a fairly tight ship running AVG pro and Spy Bot as well as Windows Defender and usuallly clean out everyting one a month or so (temp folders) or daily history, Internet files, etc. Every so often I do a defrag.
1. When I boot up the PC it operates fine for up to about 30mins then....
2. Windows Explorer can be opened, but any selection reverts back to the default 'My Documents' highlight immediately it is selected. i.e. it is impossible to browse the filing system.
3. Internet Explorer returns back to the homepage (in my case, google.com)
4. If IE is closed and reopened it opens to no page - i.e. it doesn't say 'about blank' there is just an empty window and although you can write to the address bar nothing happens, it does not even search for the url. All of the favorites URLs have the same effect, i.e. none at all.
On reboot everything is OK again until it starts to go awol after a random amound of time.

AVG, CCleaner, MG etc found nothing unusual. The problem is still there and I am tempted to reinstall the operating system.

This is becoming a nightmare, I have done more than a bare metal reformat, I bought a new hard drive and reloaded window XP sp2 and the problem is still here.
Windows Explorer jumps from the selected folder or file right back to the top folder (My Documents) in the tree.
Internet Explorer just fails to find any pages and returns no error of any kind - just silence.
I am completely flummoxed. What can survive a new hard drive and new operating system? Is there any way that I have the bios infected with something? I know nothing about bios infections (if they exist)
Does anyone have any ideas???

 

reformatted with the data deisks disconnected

reinstalled WinXP on clean disk

uploaded all software for anti this and anti that

problem still there!

 

Another thing - when I run the MG program (HJT) after it has finished a javascript type pop up appears with a message saying "the application couldn't initialise correctly ( 0xc0000135). Click OK to close the program"

 

Thanks for your help. I really appreciate it as I'm sure all of the other lost souls do.

Well the situation is this:

I reformatted (again) the new hard drive (thiws was no simple matter, I had to use a floppy with a win98 start up - is there no way of doing this directly? The Win XP CD refused to give me the reformatting option)
I reinstalled windows XP without updating
I used another (hopefully clean) computer to download all of the necessary tools and burned them onto a CD
I copied the tools onto the new windows hard disk
I connnected to internet to update all of the antivirus tools
I ran the tools and found nothing
I updated windows XP

... and so far (after 6 hours ) there is no sign of the problem.

The difference being that this time I did not use the flash drive to upload all of the AV tools. It seems possible that the flash drive is infected with the virus (or whatever it is)

Question - Should I just throw the flash drive away or is there some hope for it (it's a 2Gb flash bought this Xmas)? :confused

Now I'm going to reconnect the data drives and run checks using all of the tools (AVG, AVG rootkit, AVG spyware, Registry cleaner etc etc.) and then I'll run the online tool that you suggest

Happy New Year and Felices Reyes...

PS Sorry for the previously unintelligible language - I'm at my wits end after staring at a computer screen for four days.

 

Trash seems the best option doesn't it? It's hardly worth another entire day of loading and testing.

 

How's that work then? ..

Seriously though ...

I am very impressed with the service that you provide here, but I would like to know what it is that you look for in the logs. What I'm trying to say is that I am pretty computer savvy and would be very happy to help out with the many calls for help if you were able to point me in the right direction.

Cheers and saludos

Charco

 

24 hours into reloading programs and no issues have arisen... I may be clean.

Guess I'll look into the malware training stuff.

Thanks again for your help

 

OK I spoke too soon.

The system was stable for about 24 hours but then this afternoon I closed it down and it returned the message that Windows Update has 84 (yes, eighty four) updates to install. Considering I had updated windows only yesterday this was somewhat surprising. However I let the computer sut down (not having a choice). On start-up the same old problem is back again. Internet Explorer is dead, Windows explorer jumps to 'My Documents'.

I have put nothing into the computer except programs from CD (read-only) all of which are more than two years old. The flash drive has gone nowhere near the computer. How on earth can it have reinfected?

I'll go through the Malware removal process again and attach the logs as soon as they have finished.:hammer

 

here are the logs

 

OK I have written this using notepad as the virus/malware or whatever doesn't give me enough time on internet to write anything before the IE stops working again.
Symptoms:
IE (or firefox) stops working and immediately reverts to the homepage if there is one in cache.
IE occasionally makes new shortcuts of itself on the desktop
Windows explorer jumps from the selected folder directly to the default folder - usually 'My Documents'
In WE I can select a folder using rightclick 'Explore' to see the contents and can select files from there.
On reboot the system operates normally for a variable amount of time (in the order of five minutes) before the problems return.
I have just run:
AVG which has reported nothing
AVG anti spyware - nothing to report
Spybot - nothing to report

 

Do you think that the problem may not be a virus but something to do with the latest updates from Microsoft.

Take a look at this: http://support.microsoft.com/kb/946627

This doesn't describe my symptoms exactly but is fairly similar.

 

I tried to do a system restore but the problem was still there.

When I look at the updated installed there are more than 50 of them. They mostly say 'Security Update'. I have tried deleting all of the updates back to December (when the problem started) but the computer still does not work. It's strange, sometimes I turn it on and IE works fine for five minutes or so then returns to the same old problem of jumping back to the homepage. IE 'tools' is also disabled but can be accessed in other ways.

Likewise Windows Explorer jumps back to the default folder (My Documents) but I can navigate by right clicking and selecting 'explore'. This opens the folder and I can select the contents.

The way I see it (and I'm no expert) there are three possibilities:

1. A Windows Update that is interfering with the files needed for both Explorers
2. A MBR virus that was not wiped during the reformat process
3. Some kind of hardware overheating (yeah not very likely I know)

Any idea where I can go from here?

 

The CD was a RW that I loaded from my laptop (which is clean)

Here's the ComboFix log

Thanksfor all your help - I appreciate that this is a somewhat unusual case. AVG experts have redirected me back to Microsoft and they are maintaining a discrete silence.

I have searched the internet and downloaded a memory test program which caqme up with no problems after 24 hours of testing.

My local computer shop experts are stumped.

Where to go?

 

I ran the online BitDefender scan and it found nothing

I'll do sfc/scannow right away

The Windows XP sp2 CD was bought from a company called Microlyne - website with the same name - a large computer company Madrid. It's the Gold Disk with labels etc etc - the real McCoy unopened

 

Just ran sfc /scannow. It took a long time and then just stopped without returning any log or error of any kind.
Is that expected?

 

No the computer is on a desktop at home. It is not networked, although there is a wireless connection in the house for the laptop, but it doesn't go through the computer.

Mouse USB
Keyboard was USB currently using normal connection
No camera
Epson C64 printer and drivers

Programs loaded:

Windows XPsp2
AVG Antivirus
AVG Spyware
AVG Rootkit
Dreamweaver
Fireworks
Flash
Photoshop
Firefox
CCleaner
Spybot SAD
Registry Booster
Bluetooth
VLC media player


Nothing else that I can think of...

I just ran another PC windows memory test utility fPC wizard and it came up with no problems. I'm out of ideas.

 

No other programs running.

I've posted in the hardware section 'cos I thought it might be a memory problem.

However, the computer seems to be running correctly now after I scanned it using the Windows Boot Disk Utility that I downloaded. It's strange because the utility does not fix memory problems only reports them!

I have absolutely no idea what has been going on, why it started, or how it seems to have fixed itself, all I can say is thanks for your time and efforts. Please be assured that you have helped my massively psychologically knowing that I wasn't battling whatever it was alone.

Cheers

Charco

 

Hi TimW - just to let you know that I have found out the problem, it was the keyboard!

I had a USB multimedia keyboard that was somehow causing the malfunction in programs. I removed this keyboard to do the scans with the Windows Boot disk as the boot disk works directly from the CD without loading an operating system, replacing it with a normal keyboard.

Since that moment the computer has responded correctly.