Running XP Pro 32-bit.
Bootable partition is on SSD drive; probably too full for good operation -- 92 GB used, only 5.5 GB free at the moment.
Avast antivirus program running.
The system has been slowish for quite some time, but perhaps just because of the SSD drive being fairly full (we didn't realize until a few days ago that these drives apparently need a higher proportion of free space for efficient operation).
The current problem appeared to start when my husband allowed Avast to do an update, about a week and a half ago. The update never completed, and Avast hung up. After reboot the computer was still very sluggish. Task manager showed Avast often using 50% and higher of CPU cycles. We also noted something called MRT.exe once or twice, using lots of CPU cycles. I was using Firefox browser a few days later (husband had not yet told me about the weird consequence of failed Avast update) and noticed that the system was very sluggish (CPU usage often up near 100% in task manager), and also noticed after a while that the system clock time was stuck - very unusual.
I took a closer look at the system on 6/19. I was able to get to the mode selection screen (with F8 key), and noted that it started OK in Safe Mode with Networking. Tried to install some scan software that we had put on a USB flash drive from another computer... but the ailing machine could not see the flash drive from Safe Mode. I then tried the option of starting in last known good configuration -- that looked pretty good for a while -- Windows appeared to start normally, I was able to use the browser, and CPU usage looked normal in task manager. I started Malwarebytes (already installed on the computer, but not recently updated) -- it went out to the Internet to get its updates, and started running, apparently normally, so I was very optimistic. Came back some time later to find Malwarebytes stuck, on file 36000+ (so it had scanned quite a few objects at that point). It stayed stuck there, which didn't seem a good sign, so I eventually restarted the computer in Safe Mode.
I then ran Malwarebytes in Safe Mode, it ran to completion, and found ~200 threats, pretty much all PUPs. None were reported as major threats. I told the program to go ahead and get rid of all of them. Also ran SuperAntiSpyware in Safe Mode (previously installed on the machine, and recently updated) -- it ran apparently successfully, and reported 18 tracking cookies, which I told it to get rid of. I then downloaded SpyBot Search and Destroy (a program recommended by a family member). I believe I briefly brought the system back up in normal Windows mode to do this download, as I was not able to use the browser from Safe Mode. Back in Safe Mode, I told the SpyBot program to install, and that installation appeared to proceed normally. However, when I then tried to run it, the option to do a system scan was grayed out, so I was unable to run that scan. It did allow me to run a quick rootkit scan, and found nothing
At this point, having found no really dangerous-looking malware, I thought something might have been corrupted during the failed Avast update, and that it might be worth looking at Restore. I opened the Restore utility, and restored to a mid-May restore point -- well before the date of the observed problems. The restore process appeared to complete successfully. However, when I then allowed the machine to boot to regular Windows, it was flakier than before. I then went back to Restore to reverse the process (as it had assured me I could do), but there was no option shown for reversion. I then told it to restore to a June 12 restore point (shortly before the Avast update mishap) -- again, the process seemed to complete successfully, but with no good result. After that second restore, I briefly rebooted into full Windows. At this point, it refused to start the task manager when requested -- an error message came up that that file was corrupted. Also, when I tried to start Firefox as an experiment, the Windows error chime/bleat sounded and the browser did not start. Trying to run Malwarebytes led to the same failure -- although that made some sense if that program had been set back to its earlier not-updated state by the restore... ?
As things were obviously going downhill, we decided to back up personal data as best we could. Although the computer had been unable to see a USB flash drive from Safe Mode, it was able (fortunately) to see an external USB hard drive that we had available. From Safe Mode, I told it copy over everything in My Documents, as well as in Application Data (the latter mainly to preserve our email history -- I think that history is in the Thunderbird Profile directory).
After this partial backup, I turned the computer off until today.
Today, I intended to back up the same data again onto a second (newly purchased) external HDD. My thinking was that an external HDD might be our only way to install new scanning and anti-malware software on the ailing machine, and that I would rather not use our valuable backup HDD to repeatedly connect to a possibly malware-infected computer. Unfortunately, the computer would not access this second external drive in Safe Mode (it was invisible from My Computer, just as the USB flash drives I've tried are invisible).
Since the computer still showed its CD-ROM drive (from the My Computer display in Safe Mode), I then decided to burn a number of scan utilities on CD (from a healthy computer), and try to introduce them in that way. This approach seems workable, although the results haven't been encouraging so far. I was able to run the Malwarebytes cleanup tool (to get rid of the earlier remnants of that software), and then ran Malwarebytes setup. After installation, Malwarebytes then ran successfully -- went out to get updates (apparently) and then ran its scan. It found 58 objects. Those all were in the PUP category. I told the program to get rid of them, and then allowed it to reboot the computer. I let it come up in full Windows on reboot. There was further deterioration in this environment -- the desktop icons still appeared as usual, but nothing appeared at the bottom of the screen this time (no Start menu, nor the usual icons for anti-virus, networking, etc.). Starting task manager led to the same error message about a corrupted file. Task manager then did actually start a moment later, but was unable to kill any processes or reboot the computer.
Back in Safe Mode, I tried to run FRST (Farbar), which also was on the CD. It appeared to install fine, and looked OK (normal welcome screen) on running; however, it got stuck on trying to get updates, and never came back. Task manager appeared to start fine in Safe Mode; it showed the FRST process as not responding, but was unable to kill it. After another forced reboot (power button is getting a lot of use during this process!!!) I tried installing and running AdwCleaner (also carried over on the CD). When I went to run this program, it started and immediately ended. I tried renaming the AdwCleaner program and running it again, but no luck with that either.
At this point I decided to look more closely at the files saved a few days ago on the external USB HDD. I attached the HDD to a healthy computer, and ran an Avast scan on the contents of the HDD. Avast found 4 threats. Three of these were related to PUPs, and were not described as very dangerous by Avast. The fourth was reported as 'high' severity by Avast. It was a file called WombatUpdater.exe, and was found in a My Documents\Downloads subdirectory. Avast reported it as:
Threat: Win32: Wombat-A[Adw]
I did allow the malfunctioning machine to boot into the full Windows environment once more after this, and this time the only thing that came up was the graphic background (the green hillside and clouds of the standard XP display) -- no icons of any kind.
Since the Farbar scan tool was unable to run, I can't attach its report files here...
I've noticed that task manager, even in Safe Mode, seems compromised -- it lets me look at processes, but doesn't allow me to end anything, even seemingly trivial processes.
I would be grateful if you can suggest what to try next.
We are open to reformatting if really necessary (were planning to upgrade to Windows 7 soon anyway). However, I would prefer to fix things if possible, and would also like to know if the machine is indeed infected with malware.
Should I try to clear more space on the partition before proceeding?