I'm not sure if I belong here because I don't know if I have malware or simple system corruption.
I have many of the symptoms of malware, in fact, the symptoms are very similar to System Security. I have erratic internet connectivity in which some processes can access the internet and browsers can't, or sometimes can and sometimes can't, or can connect for about 5 seconds and then get cut off. Anti-virus and anti-malware programs refuse to install. On boot up I'm told I have no firewall installed when Windows Firewall is on. System Restore repeatedly tells me it cannot create a restore point. Windows Update works sporadically. Access to shared documents on the other network computers is also sporadic. USB drives plugged in are not recognized, so getting utilities mentioned here onto the system has been difficult. Occasionally I get an error that there are insufficient system resources to connect to the network or access a folder on the local drive. Chrome keeps reporting files are corrupted and asks to run chkdsk. The hard drive hashes constantly, which I don't know if it is Windows trying to fix itself, or indexing, or malware bot activity. A google search on the connectivity irregularities brought me to a Computer Hope thread that directed me here:
http://www.computerhope.com/forum/index.php?PHPSESSID=7314ab665cc151c420ed5557e162ee5a&/topic,46313.0.htmlHere are the results of trying to apply the steps:
Step A - Anti-virus. Unfortunately I got caught up in the expiration of AVG Free on Dec 1. As the deadline approached, I couldn't get an update I suppose because of heavy server traffic, and then I read a review that recommended Avast, so I figured I would just uninstall AVG and get Avast. I installed Avast just as the problems were starting to hit. Then when I read a forum post that solved connectivity by uninstalling Avast, I did that. It actually worked. I had good connections after that. But then I was trapped because the situation had deteriorated to the point that I was no longer able to install any programs, so I have not been able to install any Anti-virus at all. The ones that use the Windows Installer report that the installer is unavailable, and the ones that use their own installer exit with errors. What I can report is that While Avast was installed I did get one clean scan saying no threats detected. I also discovered that my installation of AVG on another computer was able to scan over the network and it also reported no threats detected.
So that makes me wonder if it is just plain corruption and not malware. So this is a good time to explain how I got to this stage. I have an early full install of Windows XP Pro from the initial release with no Service Packs. It has been updated over the years through all the service packs. But recently it has been getting quite slow, which I know is a symptom of malware, but I didn't expect malware firewalled behind a router and Windows Firewall on SP3. But I did read that XP tends to grind to a halt after running several years, so I visited some sites on the topic and applied some recommended system tweaks, particularly to the cache and turned off paging. When I rebooted it corrupted my hard drive and I started getting file corruption error messages from applications like the Google Chrome web browser.
So I wanted to do a Windows Repair from the installation disk, but I had read of errors from starting with the first edition and upgrading up through the service packs, so I downloaded the MSDN Technet distribution of WinXP Pro SP3 which passed all the MS published files hashes, and I used it to launch a system repair. Unfortunately, when it rebooted it would not allow me to log in, saying that it needed to be activated before logging in, and asked me if I wanted to activate now. Clicking Yes led to watching the hard drive light flash for hours, and even overnight without doing anything. So the only thing I could think of was to run the WPA crack. I know - dangerous unknown software. But I figured it was probably a legitimate offering from the hacker community, and if not, I figured the anti-malware programs would take care of it.
Well, that got me in, but I wasn't satisfied as it patched the binary file directly and Windows Explorer reported it as a corrupt file, and the patch seemed to interfere with other aspects MS functionality, including Windows Update. So I thought instead I would try a repair from my original old installation disk. That was a mistake. After rebooting, the computer would boot to a black screen and just hang. So fumbling back and forth with repeated repair attempts from both disks, I was amazed when I accidentally had the SP3 disk in the drive for an original disk repair, and when the installation prompted me for the Windows CD because of files not found, when I put it in, the installation was successful. Apparently the SP3 set up some initialization work that enabled the old original disk to complete installation.
Of course I expected trouble from this combination of Windows editions, but gradually as the system rebooted itself and updated itself, it got healthier and healthier. During this period I discovered System File Checker, and ran it a few times from the original disk to keep things flowing, and after SP3 successfully installed, I did the same with the XP Pro SP3 installer disk.
So, if System File Checker is supposed to get my installation in order, the mixed edition issues I was afraid of should have been straightened out, right? And if AVG, Avast, and Malwarebyte's Anti-Malware are reporting the system as clean, what is the problem?
So on to the next steps.
Step 1 - Add or Remove Programs. I didn't see anything unusual or from the list, but removed anything I wasn't absolutely sure I had put on myself.
Step 2 - House Cleaning - I had been running Glary Utilities instead of CCleaner. Both report the same behavior. About 1100 or 1200 registry errors on the first pass, and again 9 to 20 errors on the second pass. Both report the errors as corrected, but they always come back. First I thought malware was preventing writing the repairs, but after seeing that CCleaner reports on them, I've decided they are unimportant as they are mostly missing .dlls. This brings up another point. When I repaired with the old system disk, the old HD drivers were not compatible with my drive and it immediately launched a check disk and reported that it was recovering all of my orphaned files. When finished I no longer had my third E: partition, an extended partition from D:. Disk Manager reported the correct size for D: and reported what was E: as unallocated space. This caused an initial panic, but a Linux Live CD could see it fine, and as Windows slowly updated itself and straightened itself out, it was able to see it correctly too. Nevertheless, my current symptoms still report file corruption after all the SFCs and chkdsk repairs, so I wonder again, malware or system corruption. And again, maybe hard drive failure? I doubt it as the drive is only one year old and SMART reports itself as healthy.
Step 3 - Super Anti-Spyware - Unfortunately this one also refuses to install, stating that Windows Installer is not available.
Step 4 - MBAM - Reports no malicious items detected.
Step 5 - Update Your Java - Ran all the utilities here, current version already installed, old versions removed.
Step 6 - Hijack This - Log is submitted. Application installation error messages also seemed informative and are submitted separately.
Step 7 - Self-help Tool - Log report here:
http://www.computerhope.com/cgi-bin/process.pl?o=872131I remember looking at HJT many years ago, but without an interpreter like this excellent tool, the results were not meaningful to me. Interesting call on vistadrive.exe. It has been on my computer 2 years. I had thought it was just one of those customizing tweaks people add on to XP to make it behave like Vista. After reviewing all of the results, I feel satisfied that malware is not the cause of my problem. I think more to look at the "Missing" section on line 3. I don't understand why so many things are missing from the system when I have run System File Checker so many times. I wonder if running it more would restore these things, or if they really are present, but Registry doesn't know it. I'm afraid that continually running SFC will just put me into a loop where the CD restores old versions and Windows Update replaces them with new ones.
I should add that I have performed all of the fixes recommended by the Self-help Tool.
Thanks,
John
[Saving space, attachment deleted by admin]