About to break down over this... x.x;

Okay! But double check to make sure none of the below are in your log now. If they are, you need to follow the READ ME FIRST sticky thread cleaning procedures.

Look for these:


D:\WINDOWS\system32\windir32.exe
D:\WINDOWS\system32\windir32.exe
D:\WINDOWS\etb\pokapoka65.exe


R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.ezwebsearching.com/sp2.php
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [System service65] D:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe

 

If you still have problems (like they keep coming back) make sure you ran ALL of the READ ME FIRST and then follow the below steps:


- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

I cannot fix what I cannot see, so sometimes what is required is to uninstall programs like MS Antispyware and similar so that the problem can show itself completely. Then we can try to clean it. You may have to remove Ewido too because it may also see the problem.

You also need a real firewall to be installed. The one in XP SP2 is not adequate and should be disabled after installing another true firewall. See some of the ones in: How to Protect yourself from malware!

 

Sorry I did not notice the Norton Firewall Serivce in your log before.

The reason I was telling you to fix the lines with windir32.exe is because I knew it was the problem. And yes I also know that it is the W32/Sdbot-ABM worm.

I am trying to help you fix the problem. If it keeps coming back you will need to do what I requested in my previous post. That is, uninstall MS Antispyware and Ewido so we can see the problems manifest themselves and then we can work on removing them.

We already deleted the windir32.exe file once. If it is back (did you look to see if it is back) then there could be another reason for this. Like another infected file is restoring it. Also there could be another registry location trying to Run the process.

Please download WinPFind

Extract it to the root folder of drive C ( C:\ ). This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your clipboard. Then save it to a file using notepad and upload the text file here as an attachment.

 

Not true because installed programs could be blocking it. And also you already said MS Antispyware saw it again! Are you still seeing it? If so, you still have problems. If not, perhaps it is finally gone.

Removing malware and making your computer work properly is hardly a waste of time.

The decisions are yours! If you are not having anymore problems then I assume we are finished.