pentium 4, 1.8 ghz
i have used these programs trying to fix my problem:
spyware blaster, spybot S&D, ad-aware 2008, windows defender, HJT, avira antivir personal, CCleaner, panda anti-rootkit, GMER, dr delete, f secure blacklight,
I might have vundo, i might not. i might have 10 different things. all info im about to give may be out of order.
first let me add that i can tell whatever i have is keylogging everything i say because while im typing it skips letters and lags. my computer has never done this before.
also explorer.exe is messed up. it resets itself every once in a while. its annoying.
I have warning pop-ups come up. theres 2 different ones. they say download cleanup tool, and the other says download antivirus 2009. sometimes random websites just pop-up. in the adressbar, it will sometimes include something i googled or typed and put it into the sites adress.
this is not an exact example: searchme.com/=searchresults"whatever i typed"-entry-aba22
fling.com, searchme.com, registrydefender.com, the list is endless, they truely are random. the site has been different almost everytime.
spybot found like 20 entries of vundo, 4 of smitfraud-c, like 15 webhancer, some other stuff.
spybots tool for LSP had found 4 protocols that were bad, but they are gone now. i did something right.
my dad downloaded an mp3 off limewire, and avira says identified it as a trojan downloader. im guessing this is what caused it all.
ok so theres a BHO not found on HJT but IS found on spybots BHO list. it says the BHO is being run off a .dll file in system 32 folder.
after running all programs possible, and there still being malware, let me just say i took matters into my own hands. i downloaded dr. delete and went into my system32 folder. my dad downloaded the song about 11pm. i search all files created around that time area. i found core.cache.dsk, and a some .dlls with weird random names, along with .ini files with weird random names. i tried deleting. didnt work. went to safe mode. only thing deleteable was core.cache.dsk.
i can be very assured that this randomly named .dll file connected to the BHO only spybot is registering is causing all the problems.
also, i noticed some of them tried to hide under microsoft outlook express library. i know this for a fact because they were created at the same exact time as the other files, and have random names. i dont even use outlook express anyways, so i deleted them.
when i start up, it says that:
primary hard drive 1 cannot be found.
also, after i log in, my computer basically slows down to a snails pace. veryyyyy slow. i open up my task manager, and find out theres hardly anything using up my CPU. but its extremely weird: none of the processes have a username! for instance, svchost and services dont have SYSTEM next to them. so i go to the users tab, there are none! then how am i logged on? after about 5 minutes everything eventually goes to normal.
if im not connected to the internet, my connection manager pops up wanting me to connect, like whatever has infected me is trying to phone home or something.
also, nothing comes up in the icon tray like its supposed to, when i load. no volume control, no teatimer.
thats why i thought i had a rootkit, but all the programs didnt find anything.
even if i manage to delete the .dll and BHO, im pretty sure on start up it will just recreate it.
what do i do.
Edited by ChaDMcBaDD, 05 October 2008 - 06:24 PM.