Slos scanspeed

**LonnyRJones** · 2006-03-22, 13:01

woodchips
http://forums.spybot.info/showpost.p...45&postcount=6
In that post a download link is missing for aboutBuster, I thought i had posted it , was it there prior or did you find aboutbuster on your own ?

Download Pocket Killbox to the desktop
http://www.downloads.subratam.org/KillBox.exe
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\SYSTEM\bdedata2.dll
C:\WINDOWS\SYSTEM\bdeinsta2.dll
C:\WINDOWS\SYSTEM\bdeinstall.exe
C:\WINDOWS\SYSTEM\howiper.exe
C:\WINDOWS\SYSTEM\favset.exe
C:\WINDOWS\SYSTEM\sdkxp32.exe
C:\WINDOWS\SYSTEM\xdldr24.exe
C:\WINDOWS\SYSTEM\crhz32.dll
C:\WINDOWS\SYSTEM\syssy.dll
C:\WINDOWS\SYSTEM\PZRKD.DLL

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/file...Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

**woodchips** · 2006-03-22, 13:10

Similar to the problem with My Computer\C: drive access, but now with Internet explorer. Can navigate to main home page of sites, but cannot view auxillar pages.

**woodchips** · 2006-03-23, 00:42

Can't view soma;slkdjf;

**woodchips** · 2006-03-23, 01:14

Found Aboutbuster on own

Ran Killbox, everything went OK

Report.txt

Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please

Reg Entries that were deleted

Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...

Logfile of HijackThis v1.99.1
Scan saved at 5:07:45 PM, on 3/23/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

**LonnyRJones** · 2006-03-23, 09:03

Try Killbox delete on reboot again for file:
C:\WINDOWS\SYSTEM\PZRKD.DLL

It appears you have no antivirus protection

Install atleast a free anti virus program
Dont make the common mistake of installing more than one anti virus program!!!!
AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php
AntiVir Personal Edition: http://www.free-av.com/
avast! 4 Home - Free antivirus software :
http://www.asw.cz/eng/free_virus_protectio.html

Install one, update it and do a full system scan, If it has problems removing any virus/trojan's do a scan while the PC is in safe mode

**woodchips** · 2006-03-23, 13:15

I have the Cox Hi-Speed Internet Security Suite. It hasn't been able to load successfully since we've started the remedies. I was going to reinstall it after everything was working properly again.

But, I have had it up and running with automatic updates and still had the problems you've helped get rid of. Would you recommend that I use one of the anti-virus programs that you listed instead. Please advise.

Will run Killbox again.

**woodchips** · 2006-03-23, 13:55

It appears killbox can't find the the file C:\WINDOWS\SYSTEM\PZRKD.DLL

Ran killbox in safe mode and searched for the file myself, but didn't find it either way. I have include a new hijack this log, which now says the fill is just missing.

Also, I am still running a selective startup because when I run msconfig and go to the startup tab, windesktop.exe (listed three times) and sp (rundll32) still appear and are marked to run. Should they still be there?

Logfile of HijackThis v1.99.1
Scan saved at 5:38:10 AM, on 3/24/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL (file missing)

**woodchips** · 2006-03-23, 15:38

Is there any way I can delete files in log for virus scan. Scanner says it can't quarantine or delete these files. Please advise

Report file date: Friday, March 24, 2006 06:29

Jobname: 'Local Drives'

Scanning for 341280 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows Me
Windows version: (plain) [4.90.3000] (Windows Me)
Username: unknown
Computer name: OFFICE

Version informations:
AVSCAN.EXE : 7.0.0.28 393256 3/15/2006 19:18:58
AVSCAN.DLL : 7.0.0.28 40488 3/15/2006 19:18:58
LUKE.DLL : 7.0.0.28 110632 3/15/2006 19:18:58
LUKERES.DLL : 7.0.0.28 25600 3/15/2006 19:18:58
ANTIVIR0.VDF : 6.32.0.60 4323840 3/15/2006 15:46:22
ANTIVIR1.VDF : 6.34.0.11 1424384 3/15/2006 15:46:24
ANTIVIR2.VDF : 6.34.0.75 207872 3/24/2006 12:57:30
ANTIVIR3.VDF : 6.34.0.89 26112 3/24/2006 12:57:30
AVEWIN32.DLL : 7.0.0.3 1167872 3/1/2006 00:06:46
AVPREF.DLL : 6.34.0.0 33320 1/18/2006 20:05:46
AVREP.DLL : 6.34.0.50 1712168 3/24/2006 12:57:30
AVPACK32.DLL : 6.33.0.6 331816 1/9/2006 17:03:38
AVREG.DLL : 6.31.0.90 25128 7/28/2005 18:06:12
NETNT.DLL : No Informations!
NETNW.DLL : 6.32.0.0 9768 9/27/2005 15:56:46

Start of the scan: Friday, March 24, 2006 06:30

Start scanning boot sectors:

Boot sector 'A:'
[NOTE] In the drive 'A:' no data medium is inserted!
Boot sector 'E:'
[NOTE] In the drive 'E:' no data medium is inserted!

Starting to scan the registry.

The registry was scanned ( 8 files ).

Starting the file scan:

C:\WINDOWS\WIN386.SWP
[WARNING] The file could not be opened!
C:\My Documents\SpybotSD.Report.txt
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\My Documents\HijackThis\hijackthis.log
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\_RESTORE\TEMP\A0002492.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002418.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002618.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002630.0
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002644.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002968.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003207.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003395.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003479.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003582.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0004582.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0004596.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005596.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005597.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005606.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005607.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006002.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006075.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006253.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006485.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0007485.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0007613.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0008613.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0008707.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0009707.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] The file could not be wiped!
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0009984.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010401.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010519.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010527.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010639.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011639.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011663.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011872.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012872.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012958.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012982.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013002.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013003.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013004.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013009.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013239.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013312.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013573.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0014400.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0015400.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0015898.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016070.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016090.CPY
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016092.CPY
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016273.CPY
[DETECTION] Is the Trojan horse TR/StartPage.abg
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016285.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016286.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016443.CPY
[DETECTION] Contains signature of the dial-up program DIAL/301140
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016445.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Delf.CB
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016471.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016473.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mediket.S.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016475.CPY
[DETECTION] Is the Trojan horse TR/Drop.Agent.RI.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016479.CPY
[DETECTION] Is the Trojan horse TR/Small.ev.308.A
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016481.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016485.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016491.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R

End of the scan: Friday, March 24, 2006 07:19
Used time: 49:42 min

The scan has been canceled by the user!

1064 Scanning directories
100250 Files were scanned
63 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1005 Archives were scanned
125 Warnings
0 Notes

**LonnyRJones** · 2006-03-24, 01:05

Have hiajckthis fix this item if you havent already done so
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL (file missing)

[WARNING] The file could not be opened!
C:\My Documents\SpybotSD.Report.txt
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\My Documents\HijackThis\hijackthis.log

Obviously Fasle possitives , for those other have windows delete the old system restore points

System Restore win ME
Purge the old System Restore points to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, put a check mark in the 'Turn Off System Restore' check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. Repeat steps 1 - 3, this time clearing the box beside 'Turn Off System Restore'

Im not familur with Cox's software, offhand i suggest keeping it(if you get it to work correctly) and doing suplimental free Onlines scan's weekly or byweekly.

**woodchips** · 2006-03-24, 01:23

I followed the steps to turn off system restore, but it was already turned off. So to check it, I turned it back on, but as soon as I closed it, restarted the computer and opened it up again it was turned off again. Could something be disable the system restore. Please advise.

Thread: Slos scanspeed

Thread Tools

Display

Internet Exploerer Affected Also

FixWareout results

Anti-virus protection

Killbox Results

Virus scan

System Restore Hijacked?

Posting Permissions