bluzdude

Deleted previous partial startuplist.txt file (post 10). See post 13 for zipped file.

OK, I attached the zipped file of startuplist.txt. Hope I did it right. Ray startuplist.zip

Danny, This list is huge! Is there an easy way to get the whole thing to post? Ray

Deleted partial posting.

Hi Danny, here is the RootKitRevealer.txt file. Note: the last entry in the file is timestamped with the date and time I started having problems. Ray HKLM\SOFTWARE\Classes\webcal\URL Protocol 6/18/2004 11:12 PM 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet003\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Guest.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 12/26/200

Hi Danny, Thanks for getting back with me. I did as you said and ran both programs. Below are the results of both scans: WinPFind scan: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»

Well, guess I've got worse problems than yopu thought. After installing Ewido and following your instructions I got to the point of clicking "Complete system scan" and when I clicked it Ewido just disappeared. Nothing happened at all. Tryed it several times, same thing , it just goes away. That's the same thing that happens to Yahoo Messenger and Cleanup, they just go away. I think I may have inadvertantly deleted a system file or 2 during my attempts to get control of my computer yesterday. What now?

My computer became infected with viruses and after trying to fix it myself using Ad-aware, Spybot SD, HJT, etc. I think I'm still infected and now some of my applications won't run anymore, such as, SpybotSD, Yahoo Messenger, Cleanup, etc. Here is my latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:56:45 PM, on 2/2/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchos

Hi BT, I did as you asked, HJT did not detect "drexinit" after the Killbox delete sequence so, I assume it's gone for good. Rebooted and ran HJT again. Here's the latest log: Logfile of HijackThis v1.99.1 Scan saved at 2:22:32 PM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j

Here's the HSFIX log: Horseserver Removal Tool v1.05 by Atri - - 1. Registry Fix Started - Registry fix complete - 2. Deleted Services - WINLOW [sC] DeleteService SUCCESS vdmt16 [sC] DeleteService SUCCESS - 3. Finding files Located on system - klogini.dll p2.ini ps.a3d vdmt16.sys winlow.sys drct16.dll mszx23.exe cz.dll w32tm.exe - 4. Deleting files that were found. - unable to remove drct16.dll unable to remove mszx23.exe - 5. Checking for and Removing Winupdate - - -

Here's the latest HJT log. The "HSFIX" log will follow: Logfile of HijackThis v1.99.1 Scan saved at 4:43:11 AM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\Motiv

Man my desktop is giving me fits, it keeps blanking out, also when I'm trying to use windows explorer, it will disappear frequently and i have to start the navigation all over from scratch. the "keep.exe" file was not in the temp folder the "drct16.dll" file was not in the system32 folder the "\svschost.exe" file was not in the "3ecec789-....." folder, only the .dll file was there so I deleted the "3ecec789-..." folder completely how do I send you the c:\WINDOWS\drexinit.dll file to you? It won't open so I can't copy and paste the contents (?) Do I just right click the file in explorer and

OK I'm back using Firefox browser, IE still won't let me access this forum, and will proceed with your instructions.

hi dk, i'm having IE probs accessing this forum and am working with Jeff and Pierce in the chat to resolve that issue first, I am using firefox to post this, can't get here with IE at all

Ok, I finally got Panda's scan to run and it disinfected all of the viruses, I think. I have run another HJT scan and here are the results, the "nowfind.biz" stuff is still there as Panda didn't fix any spyware/adware bugs. My computer is acting quite a bit better now but I still have a desktop that flashes on and off frequently, and my homepage is still hijacked. IE is working much better than before Panda's scan, at least I can access the internet without it freezing up on me now. I have the Panda log if you need it. Here's the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:10:21 AM