I then tried to run Spybot but the file wasn't found. I re-downloaded it and the computer rebooted immediately after installation. It would not then reconnect to the net. Again, trying to run Spybot returned a 'file not found'. Subsequent investigation proved that ALL the exe files of various anti-malware software (Ccleaner, RegistryMechanic, TrojanHunter, Microsoft AntiSpyware, Ad-aware) were all missing.
I then tried copying the spybot exe file from my laptop onto floppy with the intention of copying it across to the infected computer .... only to find that whilst device manager shows both the floppy drive and combo drives are present and working correctly, neither is operational and don't show up as drives on explorer.
Thankfully, Hijackthis is still operational. The following is an abridged version of the log (known safe entries omitted to save typing)
02 BHO: (no name) {F5938714-BD46-408A-9842-4058206D37E3} - C:\PROGR~default\LOCALS~1\Temp\~00754.tmp (file missing)
010 - Broken Internet access because of LSP provider 'c:\windows\system32\ispair.dll' missing
020 - AppInit_DLLs:zxfpri.dll
023 - Service: Remote Help Session Manager(Rasautol) - unknown owner - C:|Windows\system32\ntsokele.exe (file missing)
023 - Service:Windows Media Conect Service (WMConnectCDS) - Unknown owner - C:\Program Files\Windows Media Conect 2\wmccds.exe (file missing)
I've tried 'fixing' all those entries (running in safe mode) but without success.
AVG's advice forum suggests running spybot, ccleaner etc in safe mode, but obviously I can't do this if I've got no method of loading/downloading the necessary files onto the machine .... any ideas please?
Edit: Further investigations suggests that AVG is operating incorrectly in that all the 'missing' files are actually in the virus vault - 'restoring' them, after 'healing' just brings back the virus alert and 'healing' then simply moves the file back to the virus vault, without any further notification.
Edited by ashtonian, 04 August 2007 - 12:33 PM.