bluzdude

Members
  • Content Count

    35
  • Joined

  • Last visited

Everything posted by bluzdude

  1. Deleted previous partial startuplist.txt file (post 10). See post 13 for zipped file.
  2. OK, I attached the zipped file of startuplist.txt. Hope I did it right. Ray startuplist.zip
  3. Danny, This list is huge! Is there an easy way to get the whole thing to post? Ray
  4. Hi Danny, here is the RootKitRevealer.txt file. Note: the last entry in the file is timestamped with the date and time I started having problems. Ray HKLM\SOFTWARE\Classes\webcal\URL Protocol 6/18/2004 11:12 PM 13 bytes Data mismatch between Windows API and raw hive data. HKLM\SYSTEM\ControlSet001\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. HKLM\SYSTEM\ControlSet003\Services\sysbus32 2/8/2006 10:24 AM 0 bytes Hidden from Windows API. C:\Documents and Settings\Guest.RAY-TWA0MACJQU8\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 12/26/200
  5. Hi Danny, Thanks for getting back with me. I did as you said and ran both programs. Below are the results of both scans: WinPFind scan: WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding. If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly. »»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»
  6. Well, guess I've got worse problems than yopu thought. After installing Ewido and following your instructions I got to the point of clicking "Complete system scan" and when I clicked it Ewido just disappeared. Nothing happened at all. Tryed it several times, same thing , it just goes away. That's the same thing that happens to Yahoo Messenger and Cleanup, they just go away. I think I may have inadvertantly deleted a system file or 2 during my attempts to get control of my computer yesterday. What now?
  7. My computer became infected with viruses and after trying to fix it myself using Ad-aware, Spybot SD, HJT, etc. I think I'm still infected and now some of my applications won't run anymore, such as, SpybotSD, Yahoo Messenger, Cleanup, etc. Here is my latest HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:56:45 PM, on 2/2/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchos
  8. Hi BT, I did as you asked, HJT did not detect "drexinit" after the Killbox delete sequence so, I assume it's gone for good. Rebooted and ran HJT again. Here's the latest log: Logfile of HijackThis v1.99.1 Scan saved at 2:22:32 PM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\j
  9. Here's the HSFIX log: Horseserver Removal Tool v1.05 by Atri - - 1. Registry Fix Started - Registry fix complete - 2. Deleted Services - WINLOW [sC] DeleteService SUCCESS vdmt16 [sC] DeleteService SUCCESS - 3. Finding files Located on system - klogini.dll p2.ini ps.a3d vdmt16.sys winlow.sys drct16.dll mszx23.exe cz.dll w32tm.exe - 4. Deleting files that were found. - unable to remove drct16.dll unable to remove mszx23.exe - 5. Checking for and Removing Winupdate - - -
  10. Here's the latest HJT log. The "HSFIX" log will follow: Logfile of HijackThis v1.99.1 Scan saved at 4:43:11 AM, on 4/9/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\Motiv
  11. Man my desktop is giving me fits, it keeps blanking out, also when I'm trying to use windows explorer, it will disappear frequently and i have to start the navigation all over from scratch. the "keep.exe" file was not in the temp folder the "drct16.dll" file was not in the system32 folder the "\svschost.exe" file was not in the "3ecec789-....." folder, only the .dll file was there so I deleted the "3ecec789-..." folder completely how do I send you the c:\WINDOWS\drexinit.dll file to you? It won't open so I can't copy and paste the contents (?) Do I just right click the file in explorer and
  12. OK I'm back using Firefox browser, IE still won't let me access this forum, and will proceed with your instructions.
  13. hi dk, i'm having IE probs accessing this forum and am working with Jeff and Pierce in the chat to resolve that issue first, I am using firefox to post this, can't get here with IE at all
  14. Ok, I finally got Panda's scan to run and it disinfected all of the viruses, I think. I have run another HJT scan and here are the results, the "nowfind.biz" stuff is still there as Panda didn't fix any spyware/adware bugs. My computer is acting quite a bit better now but I still have a desktop that flashes on and off frequently, and my homepage is still hijacked. IE is working much better than before Panda's scan, at least I can access the internet without it freezing up on me now. I have the Panda log if you need it. Here's the HJT log: Logfile of HijackThis v1.99.1 Scan saved at 1:10:21 AM
  15. Oh man, my comp acts like it's going to crash. I could only get the Trend scan to run and it found 49 infections and it couldn't clean any of them. The file names were covered up so I don't even know what they are, so i can't try to delete them manually. The Panda site wouldn't work at all, wouldn't even start scannning, plus my browser kept shutting down and my desktop blanks out for a few seconds. This thing is really infested with some bad stuff. I have Javas, trojans, and worms. I will try to go back to the Panda site and run their scan. The trend one can't clean the infections. I'll get b
  16. ok, i got your last post and will do as you suggest, i am being knocked off IE from time to time by one of these bugs, i guess, so this might take a while, i'll post as soon as i get the online scans done, thanks!
  17. OK, I reinstalled HJK and ran a new scan. I have gotten much more sruff on here since your reply, I don't know where it's all coming from. I haven't even been surfing the web except here since I posted this thread. My machine is running extremely slow now and I'm getting Internet Optimizer pop ups, there's a new search bar on IE, UC more XP search accelerator, etc. There is stuff popping up on the task manager and moving up and down the listing of running processes. My home page is still hijacked and I've run Ad-Aware SE, SpyBot S&D, CW Shredder. I've been waiting for your help all day, do
  18. I rebooted and ran HJK again. I have a dialer it looks like too, I'm getting a pop-up window on my desktop that is titled "WebSiteViewer" and has this message "Dialing Failed (error #680)", also there's a new shortcut on my desktop of some woman, the icon is named "XXX", it's on my start menu too. Here's the latest scan log: Logfile of HijackThis v1.99.1 Scan saved at 2:25:19 PM, on 4/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.e
  19. Yes, as far as I know. I ran the scan with log option
  20. Also, I had notifications using ad-aware se that coolwwwsearch is on my machine Here's my HJK log, thanks: (I tried the "fix" with HJK but they the stuff just comes right back on the next scan.) Logfile of HijackThis v1.99.1 Scan saved at 11:37:27 AM, on 4/7/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C
  21. Thanks Tj, I really appreciate your help. Thanks also for the security suggestions.
  22. new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:58:36 AM, on 2/23/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\PROGRA~1\SPRINT~1\SMARTB~1\MotiveSB.exe C:\WINDOWS\SYSTEM32\3cshtdwn.exe
  23. new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 7:57:37 AM, on 2/23/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\WINDOWS\SYSTEM32\3cmlink.exe C:\Program Files\Common Files\Micros
  24. new HJT log: Logfile of HijackThis v1.98.2 Scan saved at 6:37:09 AM, on 2/23/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Java\j