I have a notebook computer that apparently was infected by some sort of spyware/adware. I was not using the computer at the time of infection, but have a fairly good idea of the sequence of events. User surfed to some website, seems like there was a redirection, possibly to a porn site, then one or more msgs from MS AntiSpyware about chnaging home page or similar IE related settings. User incorrectly replied to the MS Anti Spyware msg, which seems like the point the spyware got in. System probably hung at this time.
Reboot goes the the normal select user screen, then, no matter which user is selected, we get a message 'The application failed to initialize properly (0xc0000005). Click OK to contine' originating from EXPLORER.EXE. The message appears almost immediately. Msg is repeated again after clicking OK, so I need to click OK twice to get to your basic BSOD! Ctrl-Alt_Del brings up the Task Manager from which I can logoff the user, get back to the select user screen, and get to the normal Windows shutdown dialog. Task Manager shows lots of processes running, but no applications.
I can reboot to Safe Mode either with or without networking. MS AntiVirus can find and remove the Trojan "Messenger.VirusWarning". I should probably state that the problem still exists after the spyware is 'removed'. I have looked around and searched both on EE and MS and probably tried Google as well using the msg text in several forms. Get lots of hits, but can't seem to find one that fits my symptoms really well. Many of the 'cures' are rather long and involved, also seem to be a bit of trial and error.
This may be the trojan 'smithfraud' with an emphasis on the 'may'. The user remembers seeing a message somewhat like the 'smithfraud' message, but is not at all sure that it was exactly the smithfraud message.
What else have I forgotten? This is an HP notebook, new last winter, AMD processor, nothing terribly exciting about the hardware config, 512MB, 60GB, WI-FI, etc. Windows XP PRO SP2 - pretty up-to-date on the endless series of fixes from Redmond.
MS KB #873155 seems vaugely related, but refers to an AMD 64-bit processor as well as Norton Clean Sweep which I do not have.
I have a Norton Ghost backup from about a week ago. Have not done anything with System Restore yet.
Anybody have any bright ideas?