Big problems --- PLEASE help

Welcome to Major Geeks!

Before we get started, I have to refer you back to step 3 of the READ ME. You have both TrendMicro and Avira AntiVir installed. You must uninstall one of these now.

I also see signs that you had NOD32 installed but appear to have uninstalled it. Delete the below folder from it:
C:\Program Files\ESET

Also uninstall the Sunbelt CounterSpy trial since we are finished with it now! Then delete the below two folders which may be left behind by the uninstall:
C:\Documents and Settings\All Users\Application Data\Sunbelt Software
C:\Program Files\Sunbelt Software

Delete the below folder too:
C:\Program Files\Easy SpyRemover

Is your copy of Spyware Doctor a free trial version or a paid version?

• Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'.
• On the page that opens, scroll down to LFWSDWHZ
• then right click the entry, select Properties and press Stop Service.
• When it shows that it is stopped, next please set the Start-up Type to 'Disabled'.
• Now repeat the above to Stop and Disable the below two Services (if you do not find them or get any errors, just continue):
  • RA
• Click OK until you get back to Windows.

• Next, run HJT, but instead of scanning, click on the None of the above, just start the program button at the bottom of the choices.
• At the lower right, click on the Config button
• Then click the Misc tools button
• Select Delete an NT Service
• Copy/paste LFWSDWHZ into the box that opens, and press OK
• If you receive any error messages just ignore them and continue.
• Now repeat the above to delete the below two Services (if you do not find them or get any errors, just continue):
  • RA
• Now exit HJT but do not reboot when it tells you it needs to. We will do that further down.

Uninstall the below old versions of software as requested in step 6 of the READ ME:
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 8
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment Standard Edition v1.3.1_18

Make sure you reboot after uninstalling the above!

After reboot attach new logs from ShowNew and GetRunKey!

Are you having anymore malware problems?

 

Exactly what malware problems are you referring too?

Also please answer any questions I ask? You did not answer my quesion about Spyware Doctor.

 

What application were included in "SBC Yahoo! Applications" that you have installed? I thought this included an antivirus, antispyware, firewall....etc?

Please put a copy of the below file into a ZIP file and attach it here:

C:\WINNT\ua2.dll


Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.

 

There are no signs anywhere that your Trend Micro firewall has been replace by a "bogus" one. Why do you say this? If you still believe this is true, uninstall your Trend software, reboot, and then reinstall.

Your logs are clean! Without facts and descriptions of what your problems are, I cannot help you with them. And in this forum, we only address malware issues.

Normal part of Win XP. Don't believe everything you read in links tellling you it is a trojan. What you are referring to is a registry key not a file.

Unknown! But not known to be malware. Right click on it and select Properties and select the version tab. Work you way thru the Item names and see who it belongs too. There could also be an associated daas_s.log file.

Exactly what files and where are you seeing these? If in your Temp folder, then that is what they are ..... temp files used by applications and given random names to avoid possible conflicts with other temp files from other applications.

Because it is System Restore which is a protected part of your OS and you should not be accessing it. Even antivirus program and other scanners cannot access it.

Because you probably initially had HijackThis installed someplace other than where it is located now and the original path to it would therefore not exist if you deleted it. Or if you rename it as we requested, it will also not see the hijackthis.exe file since it does not exist anymore. This is not a problem!

Not malware! This is a Software Forum topic! General comment: Windows Update is and has always been flaky.

Not malware! This is a Software Forum topic! Some of your files are missing or not registered. General comment: Windows Update is and has always been flaky.

I still don't see why you think this is bogus. They sound valid to me.

Thousands of people every week have problems running all kinds of online scanners just like Symantec's. The reasons are not always obvious. It could just be a minor setting change on your system from the defaults or it could even be due to protection software (like Trend Micro) getting in your way.

Unknown but based on your issues with Windows Update and Symantec Online, perhaps you have some windows system files missing or unregistered. Also you could still have some security settings or Trend Micro complicating the matter.

Unknown and you are not being specific enough as to exactly when it happens and what you were doing in that window. Also I seriously doubt it has anything to do with malware.

Unknown but again sounds more like a Windows system problem. If it were malware, you would never get to the security site to begin with.

Yes and they should not be there after you finish running the program.

Nothing that you mention sounds like malware. Perhaps you should try the software forum or you should look into a repair install or a totally reinstall.

Another problems that points towards problems within your Windows OS not malware. This means you have an incorrect fileassociation for registry files (.reg files). It also could mean you have othe file associations wrong.


Save the below quote box to a file name fixRA.reg (save it the same way as you did the fixME.reg file. Once saved, click Start, Run, and enter regedit and click OK. This will open the Registry Editor. Click File and Select Import. Navigate to the fixRA.reg file and double click it to import it.

After doing the above, reboot your PC. Now see if you can double click the fixME.reg patch to import it automatically.