read and run me didnt work until tdserv.sys deleted (see post 175235)

I either downloaded something nasty on a vid, or it happened when my mcafee loaded but didnt enable on-access scan (a known xp issue) and I didnt notice and accidentally left the comp connected for 2-3 days that way.

INTERNET: yahoo, etc ran, but all links redirected and malware help sites blocked.

SAS: error, must close

SAS ALT boot: ran, found a c:\combofix\creg.dat that I allowed

SSAD: server name or address could not be resolved

MB: DOA, click not acknowleged

CF: didnt bother.


Then I found the post on tdsserv.sys in the non-P&P drivers, deleted it and the net and the malware tools worked.

A Combofix file was caught by McAfee, I dont think it was deleted.
CF started running as soon as I did the drag and drop, they need to update their instructions..also disable the AV software sooner.

 

Eh..I'm looking for my MGTools.zip file and haven't found it yet..but did find these...

WinTDSSrtk.zip
WinTDSSrtk1.zip
WinTDSSrtk2.zip
WinTDSSrtk3.zip
WinTDSSrtk4.zip
WinTDSSrtk5.zip
WinTDSSrtk6.zip

 

my attachments aren't visible:confused

 

mgtools.zip not found, going to re-run it

 

Here's the log, I may have skipped running mg. *shrug* Life with a hyperactive, insomniac, adorable and thoroughly evil two year old little girl

Thank God the twelve year old cat still has good reflexes....

 

confused?

1) If you haven't already, please disable the Guest account in User accounts.

2) Please go to Add or Remove programs and uninstall the following softwares:
• Ad-Aware 2007 <-- old and ineffective
• Java(TM) 6 Update 10

---Done

3) Please disable all anti-virus and anti-spyware programs while we do the following (re-enable when you are finished):

Run C:\MGtools\analyse.exe by double clicking on it (Note: if using Vista, don't double click, use right click and select Run As Administrator). This is really HijackThis (select Do a system scan only) and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') <--- Please be aware that this isn't malware. It relates to Dr Watson which is a program error debugger for Windows, but there is no need for it to be running at start-up so include it in our fix.


After clicking Fix exit HJT.

--- Sorry, but the version of MGTools I have has no MGTools\analyse.exe , it only supplies log files and displays no fix command. I ran it twice to verify this. Instructions I have for MGTools are as follows:
Instructions for all other Windows Users:
• run the MGTools.exe program by double clicking on it.
o It will create a folder named MGTools in the root folder of the hard disk where Windows is installed ( typically C:\MGTools ).
o It will also automatically extract a bunch of files into this folder.
o It will the automatically start running three batch ( .bat files are batch programs ) programs in that folder.
o It will sequentially run GetRunKey.bat, ShowNew.bat, and GetUnKey.bat and then will also run a file named analyse.exe which is a copy of HijackThis.. Each of these programs will create logs respectively named runkeys.txt, newfiles.txt and GetUnKey.txt. You will notice a command prompt window open and messages will appear in this window. This window will close when the scans are complete for all Win 2K and XP users. Win 9x and ME users will have to close this window manually but only when the scans complete.
o You may see a popup window with a license agreement for TrendMicro HijackThis. Make sure you click the I Accept button.
o If you see HijackThis open and/or a log from HijackThis open in notepad, just close HijackThis and the notepad window.
o These log files while be placed in the root folder of your Windows drive. The log file will also automatically be put into a ZIP file named MGlogs.zip which you will be uploading as an attachment to your message in the forum. Unlike older versions of the programs, no popups of the logs will appear when they finish running during this initial installation. At a later time, running any of the individual batch files will still cause the logs to automatically pop up.
o Continue on to the General Information section below.
---If this is different download than MGTools, please provide a link.

Also: 7) Now run the C:\MGtools\GetLogs.bat file by double clicking on it. Then attach the new C:\MGlogs.zip file that will be created by running this and also attach the log from Avenger or combofix

Do you also want me to run ComboFix again? Not mentioned above.

:waveHappy New Year! (I fell asleep getting my dau to bed & missed it all:zzz)

 

Here you go and thanks! Hopefully this will be done with it, the comp seems to be running ok.

 

The groowe toolbar is there intentionally.

Thanks Again,

Here y'go:

 

Hooray!

Winhelp.ini was replaced, I forgot to mention that in my post.

Thanks again, you guys rock!

(I work at a library and probably refer a couple dozen ppl a week to this site)