Okay, so I have a very frustrating problem that I have been unable to solve. I have just about reached the point of a complete re-install of my system, although I want to avoid this if at all possible. So any assistance anyone can provide would be greatly appreciated.
I am currently experiencing a problem loading certain websites online, or making certain types of connections, such as FTP. For example, I am currently unable to access any Microsoft KB articles, certain forums, or lavasoft.com (just to name a few). I am also blocked from updating many of my programs. When I attempt to download/update, I receive an error that the connection to the server has been reset. This has prevented me from updating my AdAware 2008 definitions, as well as from installing SpyBot S&D (as it can not connect to download the installation files). It has also made finding answers extremely difficult as I can not access a lot of the messages boards that discuss such topics.
This is not a problem with my ISP, cable modem, or router. I am fairly network-literate, and I have already eliminated these as possibilities. All have been reset and reconfigured at least 3 times each, all tests confirm no errors, and all other machines on my network are unaffected by this problem.
I am running Windows XP SP2, with a direct ethernet connection to my router. There is no wireless card, so no problem there.
I am fairly certain that I have identified the problem, but so far have been unable to do anything about it. I have located several malicious DLL files on my machine. More specifically, I have located their registry entries. 2 of them load with my startup items, and a couple of them are called from other areas.
I have attempted to remove them from startup using MSConfig, but receive an error message when removing them that says I must be an administrator to make those changes. I am the administrator, and those are the only ones I am unable to change. I have also attempted to manually delete the entries from my registry. While they do delete successfully, they immediately return. It is not an issue of permissions. I have already verified my registry permissions, and I am able to modify/remove everything but these malicious entries.
I have attempted to manually locate the individual dll files referenced in these entries to delete them, but can not seem to find them anywhere on my computer, even though my computer recognizes that they exist.
I am running McAfee AntiVirus and have blocked just about everything possible to try to keep this thing from protecting itself. I have also changed registry change permissions to that every attempted change must be approved. Yet when I delete the entries, they just come right back again.
I have run AdAware several times with no luck. I have run WinSockXPFix, SmitFraudFix, and a registry-doctor (I am forgetting the name of it at the moment), all without success. I have tried the all-powerful Autoruns, but again, the entries/files continue to come back once deleted. I even downloaded a program called Anti-Executable that prevents any program or process from running without 1st being given permission. I turned it on, deleted the files, denied a few things that attempted to run, and yet they still came back.
I just can't seem to get rid of these things. I have run out of ideas. The only other program I wanted to try was HijackThis, but was unable to install it, probably due again to this stupid problem.
I am still able to access the internet, and my computer is running very smoothly otherwise. But being denied access to random sites, and not being able to download most files or update my programs is extremely frustrating.
I would LOVE for someone to read this and give me the Holy Grail answer I have been searching for so that I can avoid a complete system re-install. So, any ideas are extremely welcome!
Edited by Orange Blossom, 04 December 2008 - 09:27 PM.
Moved from HiJack This forum to Am I Infected as there are no logs. ~ OB