computer reboots or freezes at login (win xp)

Are you using a router? That has an ethernet port? Have a Cat5 cable? If no to any of those and wireless is the option left, right click her LAN connection and disable it. Open Internet Options in the Control Panel and select the connections tab. In the dialup section, select 'never dial a connection. Click the LAN button, then select 'Automatically Detect Settings'. Click OK and OK. Disconnect the wireless connection, then re-connect it.

 

i have already done the last awf instructions, will post requested logs

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\COMMON~1\{B04E6~1\BAK

02/18/2007 12:29 AM 14,336 Update.exe.vir
1 File(s) 14,336 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\WEBHAN~1\PROGRAMS\BAK

02/21/2007 04:18 PM 565,248 whagent.exe.vir
1 File(s) 565,248 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\MANTEC~1\BAK

02/18/2007 12:30 AM 70,144 msiexec.exe.vir
1 File(s) 70,144 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
10/21/2001 04:54 PM 36,864 printray.exe
2 File(s) 225,280 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\MYWEBS~1\BAR\1.BIN\BAK

02/26/2007 10:27 PM 28,672 mwsoemon.exe.vir
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\Update.exe.vir "
14336 Jul 26 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~2\Update.exe.vir "
14336 Feb 18 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\bak\Update.exe.vir "
565248 Feb 21 2007 "C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\bak\whagent.exe.vir "
71680 Apr 9 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\msiexec.exe.vir "
70144 Feb 18 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\bak\msiexec.exe.vir "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\lexmarklexmark_x63b8e1\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir "
28672 Feb 26 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir "


end of report

 

Delete the C:\Qoobox folder, then empty the recycle bin.

Run FindAWF option 3 again and paste the following into folders.txt then close and save.

C:\WINDOWS\BAK
C:\WINDOWS\SYSTEM32\BAK
C:\PROGRA~1\HEWLET~1\{45B61~1\BAK
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

The subsequent awf.txt log should be empty of any bak folders. If any are found, try to delete them manually.

 

I am using a usb wireless adapter. I will set it up per instructions... here is the hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 1:32:11 AM, on 8/2/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe "
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe "
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe "
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe "
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZCxdm231YYUS
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} (Support.com Installer) - http://supportsoft.adelphia.net/sdccommon/download/tgctlins.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

 

sorry..please ignore post #62 I believe I posted the wrong log file.


here is what I think is the most recent one:

Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\BAK

0 File(s) 0 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\COMMON~1\{B04E6~1\BAK

02/18/2007 12:29 AM 14,336 Update.exe.vir
1 File(s) 14,336 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\WEBHAN~1\PROGRAMS\BAK

02/21/2007 04:18 PM 565,248 whagent.exe.vir
1 File(s) 565,248 bytes

Directory of C:\QOOBOX\QUARAN~1\C\WINDOWS\SYSTEM32\MANTEC~1\BAK

02/18/2007 12:30 AM 70,144 msiexec.exe.vir
1 File(s) 70,144 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
10/21/2001 04:54 PM 36,864 printray.exe
2 File(s) 225,280 bytes

Directory of C:\QOOBOX\QUARAN~1\C\PROGRA~1\MYWEBS~1\BAR\1.BIN\BAK

02/26/2007 10:27 PM 28,672 mwsoemon.exe.vir
1 File(s) 28,672 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\Update.exe.vir "
14336 Jul 26 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~2\Update.exe.vir "
14336 Feb 18 2007 "C:\QooBox\Quarantine\C\Program Files\Common Files\{B04E6~1\bak\Update.exe.vir "
565248 Feb 21 2007 "C:\QooBox\Quarantine\C\Program Files\webHancer\Programs\bak\whagent.exe.vir "
71680 Apr 9 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\msiexec.exe.vir "
70144 Feb 18 2007 "C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\MANTEC~1\bak\msiexec.exe.vir "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "
37697 Apr 9 2007 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\lexmarklexmark_x63b8e1\printray.exe "
36864 Oct 21 2001 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe "
37697 Apr 9 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\mwsoemon.exe.vir "
28672 Feb 26 2007 "C:\QooBox\Quarantine\C\Program Files\MyWebSearch\bar\1.bin\bak\mwsoemon.exe.vir "


end of report

 

Arghhhh....

There's still one in a bak folder that needs to go home

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\printray.exe


This one is infected.

C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\printray.exe

Try to manually delete the printray.exe file in the \3\ folder, then copy the same file from \3\bak to \3

 

I've got to get some sleep. Will resume tomorrow evening.

Good work!

 

running awf again also did manually try to remove printray.exe and copy

here is the log from awf :
Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~


Directory of C:\WINDOWS\SYSTEM32\BAK

08/14/2002 08:22 PM 28,672 DSentry.exe
06/20/2002 04:05 AM 114,688 hkcmd.exe
08/20/2003 05:15 PM 483,328 hphmon05.exe
06/20/2002 04:14 AM 155,648 igfxtray.exe
03/29/2007 11:10 AM 37,382 lsasss.exe
5 File(s) 819,718 bytes

Directory of C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

08/20/2003 05:23 PM 49,152 hphupd05.exe
1 File(s) 49,152 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

07/25/2003 10:14 AM 188,416 hpztsb09.exe
1 File(s) 188,416 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\DSentry.exe "
28672 Aug 14 2002 "C:\WINDOWS\SYSTEM32\bak\DSentry.exe "
114688 Jun 20 2002 "C:\DRIVERS\VIDEO\HKCMD.EXE "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\hkcmd.exe "
114688 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\hkcmd.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\hphmon05.exe "
483328 Aug 20 2003 "C:\WINDOWS\SYSTEM32\bak\hphmon05.exe "
155648 Jun 20 2002 "C:\DRIVERS\VIDEO\IGFXTRAY.EXE "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\bak\igfxtray.exe "
155648 Jun 20 2002 "C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxtray.exe "
37382 Mar 29 2007 "C:\WINDOWS\SYSTEM32\bak\lsasss.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe "
49152 Aug 20 2003 "C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb09.exe "
188416 Jul 25 2003 "C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\bak\hpztsb09.exe "


end of report

 

have a goodnight, and thank you for putting up with me!

 

double post!

 

it has taken me a bit of time to get it done but here is the first scan with avg...I was out of town and finally ended up with a dial up connection on the infected machine (so everything is a bit slow) I will download whatever possible from here and transfer over, only using dial up when absolutely necessary.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:26:19 PM 8/2/2007

+ Scan result:

I haven't done the panda scan yet, that is next....

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223433.dll -> Adware.MaxSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223432.dll -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223429.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223430.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223431.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223427.exe -> Hijacker.Agent.jh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223428.exe -> Hijacker.Agent.jh : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223422.dll -> Trojan.Baws.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223423.dll -> Trojan.Baws.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223424.dll -> Trojan.Baws.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223425.dll -> Trojan.Baws.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP643\A0223426.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).


::Report end

a second scan after downloading and update to avg revealed only one tracking cookie which I deleted.

 

That report is great! Nothing but some restore points housing infections.

Are there still some bak folders hanging around? If you saved any awf.txt files, either delete them or rename to avoid any confusion, then run FindAWF once more. If any bak folders are found, delete them.

Do the Panda scan when you can and post the log.

 

I don't think there are any bak folders left, but can't check at the moment, the panda scan is running and I don't want to do anything while it is running...it's already slow enough..lol

 

Suggetion from a not so nice experience of my own.

Once you do get the system cleaned up and are satifised that it is clean, shut down and restart System Restore.

That will be added assureance that you will not override/undue all your hard work.

BillyBob

 

thank you, I will... I think I have had enough frustration with this computer over the last week, I don't want to do anything that will undo the work put into it. it really makes me wonder what goes on in the minds of the people who create viruses, trojan, worms, etc....it just seems such a waste to me

 

Thanks BillyBob ......... all part of the plan

I think we're close enough to clean, and the machine is working well enough, that you could clear those restore points now. If further infections are found in subsequent scans, it would just mean doing it again. At least if using a restore point becomes necessary, better to have one from now rather than before we got started.

Right click My Computer and select Properties. On the System Restore tab, check the box to turn System restore off. Click Apply, then OK. Now re-open and turn it back on.

Verify a new restore point was created. Click Start>All Programs>Accessories>System Tools>System Restore. Select 'Restore my computer to an earlier time' and click next. There should be a newly created system checkpoint available. Click cancel, or if no available restore point, click back and select 'create a restore point' and continue.

 

still running panda activescan, wait till it finishes? or can it be done together?

 

Might as well wait.

 

I am twiddling my thumbs while reading other posts here (may as well try to learn something, while I am waiting) 89,000 files scanned and counting.....

 

scan is finished, maybe some nasties still hanging on???


Incident Status Location

Potentially unwanted tool:application/mywebsearch Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\MyWebSearch bar Uninstall
Potentially unwanted tool:application/funweb Not disinfected hkey_current_user\software\Fun Web Products
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/commad Not disinfected Windows Registry
Virus:Generic Trojan Disinfected C:\Documents and Settings\Brent\ComboFix.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brent\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Brent\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Brent\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Hijackthis\backups\backup-20070729-202104-157.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Hijackthis\backups\backup-20070730-233201-488.dll
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\Internet Explorer\msimg32.dll
Adware:Adware/Startpage.ACY Not disinfected C:\Program Files\Support.com\adelphia\scripts\IEconfig.vbs
Virus:Trj/Downloader.MDW Disinfected C:\WINDOWS\certmgr32.ext
Virus:Trj/Multidropper.RCP Disinfected C:\WINDOWS\ntmsapi32.dll