windows shuddown busted - just hangs nothing but desktop image on screen

Good day or night,

Earlier today I got a nasty trojan off my computer. And now XP won't shutdown. The shutdown process begins, icons and taskbar disappear, and then it stops, nothing on the screen but my desktop image. The thing even goes into sleep mode this way. But no shutdown.

I have tried some standard troubleshooting. Updated to SP3, updated Dell BIOS (have Vostro 1400). No luck.

Could this have been damage caused by the trojan? Several trojans were removed during safe mode by Malewarebytes [only log with removal info below]. The log means little to me. Not sure if I had a zlob.g, zlob.d or a win32.zafi.b. A fake "windows security alert" was coming up warning about a "win32.zafi.b" and then mozilla stopped working and IE took me to a "safe soft review" website and then shut down.

Anyone have any suggestions? Anything appreciated...

Anthonology

=============================================

Malwarebytes' Anti-Malware 1.30
Database version: 1321
Windows 5.1.2600 Service Pack 2

26/12/2008 2:07:22 AM
mbam-log-2008-12-26 (02-07-22).txt

Scan type: Full Scan (C:\|)
Objects scanned: 112020
Time elapsed: 51 minute(s), 35 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 5

Memory Processes Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msupdate (Rootkit.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.UserInit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ntos.exe,) Good: (userinit.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\NetworkService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\NetworkService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\LocalService\Application Data\wsnpoem\audio.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvcrtd.exe (Rootkit.Agent) -> Delete on reboot.

 

maybe try a repair install, sometimes after a virus/trojan is just best to reinstall.

 

maybe try a repair install, sometimes after a virus/trojan is just best to reinstall.

this might seem like a lame question, but is this something that can be done without deleting all my files and programs? i am traveling so have to wait to obtain the dell/windows disks that came with notebook.

 

http://www.michaelstevenstech.com/XPrepairinstall.htm
go there I will help you with your needs, I done repair install and didn't have any issues.

 

you can do the in-place installation AKA Repair install but remeber to install all the service packs and patch which came after the version which is in the CD/DVD

 

actually came the michaelstevenstech restore site earlier in week. was out of town, back now, so i have access to my XP disks. will let you know how things go. thanks.

 

reinstall worked! all is good now. thanks for help. sorry to get back to thread so late.