Help... done with the preliminaries...

hey guys.. can you please interpret these logs i have with mine.. i have done what you said in the sticky forums.. and these logs are what i got...

... what am i gonna do next???

thanks..

 

Welcome to MajorGeeks.com!

Please see the below thread on how to install and run Ewido Anti-Malware.

• Running Ewido Anti-Malware...

 

hey.. sorry for the slow reply.. anyway, here are the logs.... [ewido and hijackthis(just in case you need the later, i posted this too...)]

 

Please look in Add/Remove Programs for the following and uninstall them if found:

Ewido

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22efcc5f64218fd77703/netzip/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_si te.cab?1120919498859

Again, make sure ALL browser windows are closed when you click FIX.

Now, Please boot into Safe Mode, be sure you have the Viewing of Hidden Files & Folders Enabled per the tutorial. Now, navigate to and DELETE the following if they should remain:

C:\Program Files\Yahoo!\YPSR\Quarantine ← Delete everything in this folder!

C:\WINDOWS\system32\ttt

C:\WINDOWS\system32\o

C:\WINDOWS\switchagreement.txt

C:\WINDOWS\Downloaded Program Files\start134.inf

C:\WINDOWS\Downloaded Program Files\start135.inf

C:\WINDOWS\Downloaded Program Files\sysnetsvc32.inf

Next, run CCleaner to clean up cookies and temp files.

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

i have done the steps, however most of the things you told me to fix and delete were not there. here is the list of the things which are not there.....

O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - (no file)

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/22efcc5f64218fd...p/RdxIE601.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...lient/muweb_si te.cab?1120919498859
C:\WINDOWS\system32\ttt

C:\WINDOWS\system32\o

C:\WINDOWS\Downloaded Program Files\start134.inf

C:\WINDOWS\Downloaded Program Files\start135.inf

C:\WINDOWS\Downloaded Program Files\sysnetsvc32.inf

one more thing.... my computer, when connected in the net, experiences crashes after some time (it runs, but in a verrrry verrry slow way; the mouse pointer is even affected with what happens, but when im not in the internet im not experiencing the problem). is this somewhat related to malware??
thnx

 

Download Pocket KillBox

• Save it to your desktop or a place easy to find.
• Do not run it yet

Now scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

O4 - HKLM\..\Run: [microsft windows updates] mswupdate32.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Win32 LSA Driver] lsa.exe

Again, make sure ALL browser windows are closed when you click FIX.

Locate PocketKillbox
(Procede with this step even if they do not show in blue)

Now, Copy and Paste C:\WINDOWS\system32\mswupdate32.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click NO.

Now, Copy and Paste C:\WINDOWS\system32\lsa.exe into the box – If it exists, it will show up in Blue. Check the option to Delete on Reboot and Click the Red X and Yes to the confirmation message. A message will ask if you want to reboot now – Click YES and allow your PC to reboot.

• If you get an error message about Pending Operations, just reboot your computer manually.

After you complete the above attach a fresh HJT log.

 

here's the log. O4 - HKLM\..\Run: [MSConfig]
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto was not in the first hijackthis log, so it was not fixed nor deleted.

 

Your log looks good, are you having any further problems?

 

uhmmm... the problems did not go out.... it was just like it was not touched by anything...
* the computer suddenly crashes after a period of time after logging on the internet. it was like having a soooooooooper slooooooow computer and internet.. i suspect that something ( a program, script or something) that blocks the connection and the cpu process.
* the computer continously recieves infection notices ( like win32.sdbot. something.. was just like when i first posted in the forums) and deletes files that are infected... when i run the virus scan (mcafee 2005, i think, with updated virus definitions), it cannot find viruses...
*however, when i'm not in the internet, or when i am not logging in, the errors don't come out, computer runs normal...

waaah... i really don't know what to do.. even though i can still run it without the internet, i really use the internet much like a necessity..
... waaah plz plz help...^_^

 

Download the following two files, create a folder on your desktop, call it TSC. Save these 2 files there.

Note: They must be in the same directory for it to work properly!

Sysclean Package

Pattern.zip

After you complete the above, locate the file "lpt139.zip", right click to extract the contents to the same directory.

Once you complete the steps above, REBOOT INTO SAFE MODE!

Once in Safe Mode double click the file sysclean.com. When the system cleaner loads, click SCAN to start the scanner. After you complete the scan reboot and attach a fresh HJT log along with the Trend SysClean Log.

 

uhmmm.... i have finished the steps, however the lpt139.. something was not lpt139... instead it was lpt225. dot, dot, something...
...anyway, here are the logs of the scans....

 

Now please attach a fresh HJT log.

 

here is the log. sorry

 

Are you familiar with any of the information below?

 

i'm not familiar with the second one. the first one's my isp.

 

Okay, your HJT log looks ok, are you still having problems?

 

yes, the problem still persists. is it really malware or something else?

 

Can you explain what problems your having?

 

- first, when i log on to the internet, after a certain period, it stucks (meaning that it runs soooooo slow) that i cannot browse to the internet nor open applications in windows. when i look into the network connections, i saw that the timer was frozen(it doesn't move). beforehand i am looking there, and i saw that the timer was frozen... suddenly it moves... and then it's frozen again... and then it's frozen forever. this was the latest problem. and this does not happen when i'm not online.

-up to now i was receiving virus messages from mcaffee that they were detecting w32.sdbot.worm... from files on my computer; they deleted those. however when i started doing what you told on the forums the occurence of these problems lessened.

so that's it... my problems... hope we can work it out to remove this..hope....

 

- also i noticed that the internet connection was slowed by... i think half of the previous rate... i used to download things at about 4.35 something kbps but now it was down to 2, or even 1 kbps...

 

Let's start by running SS, please see the below thread on how to install and run Spy Sweeper.

• Running Spy Sweeper...

 

here are the logs...

 

Before we do anything else, surf into Windows Updates and install Service Pack 2. Once you install this update, reboot and get any critical updates then post a fresh HJT log and the detection from McAfee.