We're having problems with our home PC (Dell P4 / XP Media Center SP2 / running SBC antivirus & firewall) which will only work in safe mode at this point. Here's what happened as far as we can remember...
A couple of weeks ago I believe we got infected with some malware which kept opening windows and telling us to install Malware Alert (or something like that). As far as I know, nobody actually clicked the pop-up, but with 2 kids and 2 adults using the computer, I can only speak for myself. The machine was bogging down and after lots more pop-ups I did a system restore and everything seemed fine for a while.
A few days back, my wife turned on the computer. It booted to the login screen as usual, but when she clicked her login icon several windows labeled "EXPLORER.EXE- Bad Image" opened with the message "<filename>.tmp is not a valid windows image. Please check this against your installation diskette." Another window asked for the install disk, which I loaded and then the windows closed. Everything seemed OK.
The next day I turned on the computer and the same thing happened. THEN multiple blank windows labeled "16 bit MS-DOS Subsystem" opened with the message "The NTVDM CPU has encountered an illegal instruction" and buttons to <CLOSE> or <IGNORE>. My wife noticed that some of her software was not loading (AIM & Myspace IM). I reinstalled them and they worked fine until a logout- each time she logged on, the software needed to be re-installed.
At this point I tried several antispy/antivirus programs which deleted lots of infected files.
Today at power-up, the computer booted normally to the login screen, but when you select an account icon, the user's background appears and then the machine hangs up. I can boot through to an account and reach the internet in Safe Mode With Networking, but I don't know how long that will last...
So I got here and read the "You Must Read This..." post and did the following:
1- Ran ATF Cleaner
2- Tried to create a system restore point, but am not given the option when I open the System Restore Tool.
3- Ran AVG AntiSpyware
4- Unsuccessfully tried to install SuperAntiSpyware; I get the error message "The system administrator has set policies to prevent this installation"
5- Ran Panda Activescan It found a couple of virus files, but didn't indicate that it had removed anything.
6- Checked for Windows updates. None found.
7- Ran HijackThis and saved a log file. Tried to save an uninstall log, but when I click the <SAVE> button, the application closes.
Let me know if I should post the HijackThis file.
Any help is greatly appreciated! Thanks!