XP: No programs will run, hijack this, wintasks etc disabled. Adwatch shows activity

Status
Not open for further replies.
Hi,

This problem has been driving me mad. Its happened a good 3 times now and ive just given up and formatted before. Now it keeps coming back its time to knuckle down and find the problem.

Computer setup is as follows:

Windows XP pro, all updates installed
System very regularly scanned for spyware, am running all of the following: Adwatch, Adaware, Microsoft Antispyware, Spybot S+d, Wintasks 5 pro.

Basically upon windows starting adwatch window will show some attempted changes in the registry. They basically look like the normal values are trying to be put back, eg internet start page. Nothing actually hijacks internet use.

However no programs will run atall, and everytime i click on a program, eg hijackthis the icon changes to the 'hidden' style seethrough. At this time my firewall (kerio personal 5) is still running, as is microsoft antispyware. Microsoft one wont respond though.

I cannot open hijack this or anything else to post a log here. I have tried using an online scanner 'Panda' but the window doesnt stay open for more than a second (having to use internet explorer rather than my usual firefox, because its all that is supported)

From previous experience after one or 2 more reboots nothing will be running in the taskbar, and all the icons will go blank, with the .ink extension after them. One or two reboots again will completely screw up and windows wont even load.

Any help very much appreciated.
 
have you got any virus protection on there? if so: what kind, when updated, how often used?
 
Yes i do, sorry forgot to put it in the above info.

I run avast antivirus which updates itself every day. I ran a full check around once a week.

This is what everything looks like, desktop, program folders everything.

1.jpg


also, i can get to some programs eg paint or windows media player by right clicking a media file and clicking 'open with'.

More info:

Upon windows startup, a messagebox pops up with nothing in it but a couple of random keyboard characters. Need to click 'ok' in this messagebox before windows will load. Also seen in titlebar of the box, a file path C:\program files\common files\... it went on further but i couldnt expand the box to see what it was.
 
sounds like your system has gotten infested with malware and other such code. i advise you use the capable avg free edition antivirus, update it, and run a scan in safe mode. your registry is clearly altered or damaged, have you been altering it or was this none of your (direct) doings?
 
Have tried rebooting in safe mode, but once again i cannot click on any icons at all to make anything run.

Tried running programs through the 'run' command box and nothing happens.

Thanks in advance
 
if it's that bad, totally reformat. this means deleting your old partition(s) and/or reformatting everything. i reccomend that you use avg free edition antivirus (www.grisoft.com) and ad aware se as your main protection programs.

your problem could very well have been caused by unwise internet activities and carelessly installing downlaoded software, take the nessesary steps to prevent said actions from occuring.
 
Yeah i understand what youre saying. But the thing is that i already have reformatted completely at least 3 times. I have tried running that combination of programs you suggested and it still happened. Before this latest attack i was running around 5 different programs to prevent it happening but it still did...

Ive tried all combos and windows updates, with and without sp2 installed. Always seems to end up this way after a month or so of use.

Anyone else care to put forward any advice?

ps: I havent installed any programs from the net or visited any 'dodgy' websites that may of made this happen.
 
if you can't pin the problem down, having a local tech actually look at the machine would get to the bottom of this.
 
hi guys, i haven't read the whole thread (which i probably should do) but it looks like you might have coolwebsearch. nasty little thing that, comes in 50 something flavours.

try going here and download the stand-alone program, see how it goes.
 
Status
Not open for further replies.
Back