MS Windows XP will not load when connected to internet

[cul8rman]

SP2 installed, firewall active. Online game is working better than before.

Thanks, I feel better about the condition of this Pc.

[cul8rman]

Missed the past post, did not see Pg9

[Ried]

Yeah...we've been at this a while.

Ok, let's see what happens when we re-enable the File Sharing....

Print or save these instructions to Notepad for reference.

***************************************************

Open notepad and copy/paste the entire text in the quotebox below: (don't forget to copy and paste REGEDIT4)

Quote:

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanserver\parameters]
"AutoShareWks"=dword:00000001
"AutoShareServer"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\lanmanworkstation\parameters]
"AutoShareWks"=dword:00000001
"AutoShareServer"=dword:00000001

Goto File on the top bar and choose Save As... , Name it Fixshares2.reg then change the save as type to all files and save it to your desktop, double click Fixshares.reg and allow it to be merged into the registry.

------------------------------------------------------------

Click Start> Run> and type services.msc

• Press OK and the services screen will open,
• Scroll down to the Server service then double click it to open the properties pane (or right click and choose properties)
• On the Service Status area click Start then click Yes at the prompt for also starting the Computer Browser service.
• Now, on the Server service that you started, make sure the Startup type is set to Automatic.
• Click Apply and OK.

Reboot your system and reconnect to the internet. Please let me know what happens....

[cul8rman]

I see a reconnect to the internet, when did I disconnect?

[Ried]

Sorry, poor choice of words by a dial up user.

I just meant for you to surf the net and see what happens.

[cul8rman]

The updates worked just fine, I can watch streaming TV with no issues. I will be offline the next two days so I won't reply any time soon. Is there anything else to do with this PC? The past files in question are still not present, which is a good thing.

[cul8rman]

I forgot about you using dial-up. After a reboot you would need to reconnect. I will not be checking in again until Friday evening.

Thanks for the help.

[Ried]

No--just wait and see. After a few days, run an online scan at Panda and save the results. Then run dss.exe on Molly's account and post the Panda results along with the main.txt from dss.exe.

Enjoy some time away from fixing computer isssues.

[cul8rman]

The PC issues may have been easier to deal with. I had a couple that had a bit of an issue of dealing with authority. For the most part it went well, just a couple bumps in the road to deal with. I will free this one up to my son and his friends and report back in two weeks with Panda results.

Thank You

[Ried]

I hear ya'...

I look forward to seeing those results after 'son and friends' have at it.

[cul8rman]

The PC is doing pretty good. I have not heard any complaints about speed or performance. Panda still shows two viruses but AVG has not had any popups about them.

Panda Scan

Incident Status Location

Adware:adware/wupd Not disinfected Windows Registry
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[.systemdoctor.com/]
Spyware:Cookie/Systemdoctor Not disinfected C:\Documents and Settings\Cody\Application Data\Mozilla\Firefox\Profiles\o4r7omoo.default\cookies.txt[www.systemdoctor.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Cody\Cookies\cody@apmebf[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Duane\Desktop\SmitfraudFix\Process.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.target.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Molly\Application Data\Mozilla\Firefox\Profiles\ayzs70gt.default\cookies.txt[.atwola.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Molly\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc1.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1005\Dc2.exe
Virus:W32/Sdbot.ftp.worm Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc1\requested-files[2007-04-06_22_59].cab[C:\windows\system32\i]
Virus:W32/Sdbot.ftp.worm Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc1\requested-files[2007-04-06_23_10].cab[C:\windows\system32\i]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1784762916-2740901186-3389046013-1006\Dc1\VirtumundoBeGone.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\SmitfraudFix\Process.exe

DSS Main

Deckard's System Scanner v20070318.32
Run by Molly on 2007-05-05 at 09:23:51
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Molly.exe) -----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 9:25:18 AM, on 5/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Molly\Desktop\dss.exe
C:\HIJACK~1\Molly.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_3_16_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Ulead AutoDetector] C:\Program Files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [OFFICEKB] C:\Program Files\Micro Innovations\Keyboard\kbdap32a.EXE
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Micro Innovations\Mouse\mouse32a.exe
O4 - HKLM\..\Run: [PC Pitstop Optimize Scheduler] C:\Program Files\PCPitstop\Optimize\PCPOptimize.exe -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.exe 1
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: Video Poker - http://download.games.yahoo.com/game...s/y/vpt0_x.cab
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Yahoo! Bingo - http://download.games.yahoo.com/game...ts/y/xt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/game...ts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/game...ts/y/kt4_x.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/game...ts/y/ct2_x.cab
O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/game...ts/y/it1_x.cab
O16 - DPF: Yahoo! Dice - http://download.games.yahoo.com/game...s/y/dct4_x.cab
O16 - DPF: Yahoo! Go Fish - http://download.games.yahoo.com/game...ts/y/zt3_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/game...ts/y/pt3_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/game...s/y/pyt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {4620BC29-8B8E-4F4E-9D92-1DB6633D6793} (SurferNETWORK Plugin) - http://rd1.surfernetwork.com/surferplugin.ocx
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/14939218...p/RdxIE601.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://maricopa.gov/assessor/gis/plugin/mgaxctrl.cab
O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidc...downloader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/game.../gpcontrol.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v6.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


-- Files created between 2007-04-05 and 2007-05-05 -----------------------------

2007-05-05 06:37:09 0 d-------- C:\WINDOWS\LastGood
2007-05-03 20:11:26 312820720 --a------ C:\Program Files\X12-30107.exe<X12-30~1.EXE>
2007-04-28 21:38:22 2560 -----n--- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-04-28 21:38:22 2432 -----n--- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-04-22 14:03:35 0 d-------- C:\Program Files\MSXML 4.0<MSXML4~1.0>
2007-04-22 13:11:09 0 d-------- C:\WINDOWS\Prefetch
2007-04-22 1129 221184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-04-22 11:05:00 0 d-------- C:\WINDOWS\peernet
2007-04-22 11:04:59 0 d-------- C:\WINDOWS\provisioning<PROVIS~1>
2007-04-22 11:02:25 0 d-------- C:\WINDOWS\ServicePackFiles<SERVIC~1>
2007-04-22 10:53:34 0 d-------- C:\WINDOWS\EHome
2007-04-21 21:52:44 0 d--h----- C:\Documents and Settings\Molly\Application Data\Move Networks<MOVENE~1>
2007-04-20 22:24:06 51328 --a------ C:\WINDOWS\system32\drivers\inspect.sys
2007-04-20 22:24:06 75520 --a------ C:\WINDOWS\system32\drivers\cmdmon.sys
2007-04-15 20:58:40 0 d-------- C:\Documents and Settings\Duane\Application Data\Comodo
2007-04-14 08:54:06 0 d-------- C:\Documents and Settings\Molly\Application Data\Sun
2007-04-13 20:51:37 21312 --a------ C:\WINDOWS\choice.exe
2007-04-13 20:50:27 0 d-------- C:\ie-spyad
2007-04-11 20:58:18 0 d-------- C:\Documents and Settings\Molly\Application Data\Comodo
2007-04-11 20:58:15 0 d-------- C:\Documents and Settings\All Users\Application Data\Comodo
2007-04-11 20:45:32 0 d-------- C:\Program Files\Comodo
2007-04-10 20:15:17 305 --a------ C:\Fixshares.reg<FIXSHA~1.REG>
2007-04-10 18:53:56 705370 --a------ C:\SDFix.exe


-- Find3M Report ---------------------------------------------------------------

2007-05-05 07:19:45 0 d-------- C:\Program Files\Picasa2
2007-05-05 07:17:37 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-05-05 07:11:04 0 d-------- C:\Program Files\iTunes
2007-05-05 07:08:43 0 d-------- C:\Program Files\Google
2007-05-05 07:04:19 0 d-------- C:\Program Files\BigFix
2007-05-04 18:00:29 0 d-------- C:\Documents and Settings\Molly\Application Data\WeatherBug<WEATHE~1>
2007-04-28 22:37:39 0 d-------- C:\Documents and Settings\Molly\Application Data\AVG7
2007-04-28 21:51:13 0 d--h----- C:\Program Files\InstallShield Installation Information<INSTAL~1>
2007-04-22 11:05:01 0 d-------- C:\Program Files\Movie Maker<MOVIEM~1>
2007-04-22 11:01:59 0 d-------- C:\Program Files\Windows NT<WINDOW~1>
2007-04-22 10:59:06 250032 -r-hs---- C:\ntldr
2007-04-15 12:56:25 0 d-------- C:\Program Files\Hijack This<HIJACK~1>
2007-04-12 17:13:05 147 --a------ C:\FixServices.bat<FIXSER~1.BAT>
2007-04-01 10:33:26 3446 --a------ C:\WINDOWS\system32\tmp.reg
2007-03-25 10:02:03 6469352 --a------ C:\Program Files\avgas-setup-7.5.0.50.exe<AVGAS-~1.EXE>
2007-03-17 06:43:01 292864 --a------ C:\WINDOWS\system32\winsrv.dll
2007-03-13 20:51:18 136 --a------ C:\WINDOWS\system32\dgjun.bat
2007-03-12 18:20:22 491768 --a------ C:\ie6setup.exe
2007-03-11 09:25:11 0 d-------- C:\Program Files\Java
2007-03-11 09:25:11 0 d-------- C:\Program Files\Common Files\Java
2007-03-08 19:47:09 0 d-------- C:\Program Files\Common Files\Symantec Shared<SYMANT~1>
2007-03-08 08:36:28 577536 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 08:36:28 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 08:36:28 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 06:47:48 1843584 --a------ C:\WINDOWS\system32\win32k.sys
2007-02-21 21:42:31 129 --a------ C:\fix.bat
2007-02-10 20:00:13 14201 --a------ C:\Program Files\hijackthis.log<HIJACK~1.LOG>
2007-02-05 13:17:02 185344 --a------ C:\WINDOWS\system32\upnphost.dll


-- Registry Dump ---------------------------------------------------------------


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"Weather"="C:\\PROGRA~1\\AWS\\WEATHE~1\\Weather.exe 1"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Ulead AutoDetector"="C:\\Program Files\\Ulead Systems\\Ulead Photo Explorer 8.0 SE Basic\\Monitor.exe"
"HPDJ Taskbar Utility"="C:\\WINDOWS\\System32\\spool\\drivers\\w32x86\\3\\hpztsb10.exe"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"HP Software Update"="\"C:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWuSchd2.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVG7\\avgcc.exe /STARTUP"
"OFFICEKB"="C:\\Program Files\\Micro Innovations\\Keyboard\\kbdap32a.EXE"
"FLMOFFICE4DMOUSE"="C:\\Program Files\\Micro Innovations\\Mouse\\mouse32a.exe"
"PC Pitstop Optimize Scheduler"="C:\\Program Files\\PCPitstop\\Optimize\\PCPOptimize.exe -boot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\Comodo\\Firewall\\CPF.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-05 at 09:25:51 ---------

Is this finished, is it time for cleanup, or are there some things left to do?

Thanks

[Ried]

Hi,

Just a couple things to tidy up and we're through here.

Run a scan with HijackThis and fix this entry:

O3 - Toolbar: (no name) - {74DD705D-6834-439C-A735-A6DBE2677452} - (no file)

----------------------------------------------------------------

Delete the following as they are no longer needed:

Delete SDFix.exe from your desktop and it's folder located at C:\SDFix
Delete SmitfraudFix.exe from your desktop and it's folder located at C:\SmitfraudFix
C:\WINDOWS\system32\dgjun.bat

----------------------------------------------------------------

Empty your recycle bin.

----------------------------------------------------------------

To clear those undesirable cookies, run AVG A-S or clear them with ATF Cleaner. Bear in mind that ATF Cleaner will delete all cookies--even the 'good' ones.

This entry found by Panda: Adware:adware/wupd Not disinfected Windows Registry, is an entry in your Registry that references a non existant file. It's perfectly harmless without the accompanying file. (Panda) detects it but does not pinpoint the location of the entry. If it had provided the location, we could remove via manual Registry editing. As we do not have the exact location, it's best not to go rummaging through the Registry looking for it and risk causing irrepairable damage to the Registry.

----------------------------------------------------------------

And now--the long awaited 'Clean Speech'.

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
Windows XP
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

It's been a pleasure working with you.