Virus/Malware Infection - winlogon.exe?

Hi, I'm new to these forums, and am not quite sure I'm posting my problem in the right place or manner. If not, any assistance and/or (re)direction would be appreciated.

The laptop I'm using (Dell Inspiron 9300 running Windows XP service pack 3) seems to have acquired an infection of some sort. As recently as a week ago, it was operating without problems, but three or four days ago, it began behaving strangely. It would generate error messages on boot ("Services.exe - Application Error: The instruction at '0x00380664' referenced memory at '0x00380664'..."). It would also demand user login/password at startup -- something it had not done before.

Over the last few days, these problems have gotten worse. At this point it will not boot in Standard Mode -- I can only get it to boot in Safe Mode or Directory Services Repair Mode.

Winlogon.exe sometimes suddenly balloons up to consume all system resources, freezing the machine -- this primarily in Safe Mode, whether I'm logged in as "Administrator" or under my ordinary user identity.

Finally, and most troublingly, I have been effectively locked out of my own computer: when I attempt to install software (such as virus detection programs), I receive messages indicating that, "The Systems Administrator has set policies to prevent this installation," or, "This installation is forbidden by system policy." This is my own home computer, and I supposedly have full admin rights. Installing new programs has never been a problem in the past, but now anything involving Windows Installer fails for some reason (.msi files).

I ran all programs recommended in the MajorGeeks Malware Removal Guide, in the order indicated. Logs are appended here. Got a bluescreen crash on shutdown after running SUPER AntiSpyware: "A problem has been detected and Windows has been shut down: IRQL_NOT_LESS_OR_EQUAL. Technical Info - Stop: 0x0000000A (0xEE985038, 0x00000002, 0x00000001, 0x804DBC9A)." This didn't interfere with SUPER AntiSpyware, though, and I was able to reboot to Safe Mode and save the log file.

Got another error while running MGTools: "ProcessDll.exe - Application Error: The application failed to initialize properly (0x000007B)." This error apparently due to the fact that I don't have Microsoft.net Framework installed on my machine, but, as indicated above, I can't rectify this: all attempts to install the software fail.

Please help! Any assistance you can provide will be greatly (greatly!) appreciated.

Thanks in advance for everything, anything...

-- Conedust

 

MGTools .zip file attached here...

 

Thanks for getting back to me, Tim.

So, that's it, then? Nothing else to do? Yeesh. Guess it's time to invest in an external hard drive....

While I'm here, do you have any idea how this might have happened, and/or how I might prevent it from happening again?

 

Also, let's say I do buy an external drive, back up all my files, wipe the laptop & reinstall Windows. Won't I then run a high risk of reinfecting my computer when I migrate the files back from the external?

 

Understand why I'd want to back up to CDs rather than an external drive (for safety's sake), but there's so much stuff I'd like to save. Couple hundred gigs of music, for one thing -- and backing all that up to CD seems impractical. Is an external drive completely out of the question/unsafe?

 

oh, and thanks again!

 

Hi Tim (et al). Went on vacation for a couple weeks, hence the delay in responding, but as soon as I got back I bought a 500 gig Verbatim external drive and loaded everything I wanted to keep onto it. I then did a full clean reinstallation of Windows XP (& SP3), and also reinstalled all my software.

Woohoo! It's clean! No infected files on the computer or the external drive. Thanks for all your help in this. Keeping my machine locked up tight as a drum from now on...