Steviebone

got ur pm reply... thank you... I await ur latest words of wisdom... and as always thanks a million!

Ok Im mad now... lol, I set spyware detector to run again every few hours for a while... the trojan zapchast resurfaced in a restore point file... to my knowledge I have not rebooted since the last scan... so this bugger is re-asserting itself somehow... in fact the only thing run inbetween scans was dss... c:\system volume information\_restore{2201e7e1-07c6-42bd-9a3d-8ec03be3ea1a}\rp479\a0107864.dll#@#2DBB00F5E171FF1101C350516116DCBC next to last one added.... this sucker was added minutes before dss was run while I was gone (I was not home at the time). In all my years of computing I have

ok I ran the scan... can I upload this file to u rather than post the results to the world? There's some sensitive data there... Steve ---- edit ----- ok you have a private message with instructions how to find the log...

thanks,,, I will do as u instructed... one update... I ran an indepth scan using Spyware Detector... it found the Zapchast trojan and a keylogger again. I'm getting bounce backs from mail I havent sent so I'm pretty sure theres another dam mailbot on here again. Funny, avast and nod32 dont pick any of this stuff up! Will get back to u... shortly Thanks again!

Hello again... thanks for your previous help... no more rootkits that I know of, however, I have discovered that since disinfection I am having problems with Windows Firewall. After each reboot, some important entries are lost and Remote Assistance is enabled again. I have always had Remote Assistance disabled. In fact, even in services I have all the Remote entries disabled. The services are not being re-enabled, but the Remote Assistance checkbox in Windows Firewall IS being reset each time I reboot as well as most of the other exceptions that had already been set are lost altogether. This s

couldnt find a way to restrcit the scan to c: so I let it run until most of c & d were done and the stopped it. It found three threats, all of which were identifiable by me: pskill - I use it to kill local process from a batch file before running games ipscan - I use it to scan my network for open ports lzx32 - quarantined by combofix (this was the culprit and is zipped up inside the combo quarantine folder) couple of comments, couple of questions first, I think I'll hold on to all the handy tools I have used during this process, don't see any need to to trash them... any reason I shouldn'

lol, will do....

kapersky on-line was slower than dog... 1% complete after 6 hours... fook that... donwloaded the latest kaspesky but it wouldnt install as long as I had avast installed... sorry I already paid for avast and I like the script monitoring feature...

oops, forgot I had run avenger where I had already killed those files: Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\fjobmayi ******************* Script file located at: \??\C:\Program Files\kroancfe.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\XP\system32\71430B71.exe deleted successfully. File C:\chdir.bat not found! Deletion of file C:\chdir.bat failed! Could not process line: C

ok, will do... the newtasks I created... I was just trying to get the task scheduler to work... wanted to see if I deleted a task and recreated it... but no luck... i have those tasks backed up so I am prolly about to delete all of them... at present they keep trying to run but just generate 'could not start' messages... will work the java over next... get back to u later today... and as always, thanks

lol, I just saw the vfp start thing in the registry report which u had me fix with the reg file... that should stop that bad boy from resurfacing, thanks. Can't believe I didnt think to scan the report for mentions of vfp... --- On second look, Y is the CD drive and those files are only on the CD... so something else was running first...

************************* Rustock.b-fix v. 1.01 -- By ejvindh ************************* Tue 05/22/2007 13:56:46.09 No Rustock.b-rootkits found ******************************* End of Logfile ********************************

running the rustbfix thingy again next

ok, second combofix scan with all protective programs off did better (see below). Perhaps the combo was picking up on something in spydetector? Anyway it found no lzx32 this time... curious.... As for the task manager thingy: 0x80090016: Keysey does not exist. I have googled the hell out of that one and tried every fix I could find including deletion of the RSA files, etc. There are no registry entries that MS talks about. I did find a few people complaining about this problem after applying updates. "Staypuffer" - 2007-05-22 9:58:48 Service Pack 2 ComboFix 07-05.20.9.V - Running from:

oh and btw, fwiw, somewhere in this whole process my task scheduler got broke... always gives me an 0x80090016 error... tried all the published fixes for it to no avail the taskscheduler can no longer see or set credentials...