Slos scanspeed

[woodchips]

Looking for help to increase scanspeed with Spybot S&D and get rid other problems

System Info:

Dell Dimension L933r
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Pentium 3
127.0 MB RAM

Computer won't let me run online scans, due to ActiveX controls
Have not yet been able to complete a Spybot Scan due to time.

Below is my Spybot Log, if HJ log is needed as well, please advise.

 

[LonnyRJones]

Welcome woodchips

Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Post the Hijackthis log here in this thread.
Someone will then take a look at the system and advise you.

 

[woodchips]

Welcome woodchips

Please go here and follow instructions.
http://forums.spybot.info/showthread.php?t=288
Post the Hijackthis log here in this thread.
Someone will then take a look at the system and advise you.

That thread was closed. Please see new thread
http://forums.spybot.info/showthread.php?p=16504#post16504

 

[tashi]

Hello.
The closed link Lonny gave to you contains information for posting in this forum.
It is not open for members to post into.

Please post your log into this topic. Thank you.

 

[woodchips]

HJT Log Per Request

Per your request, here is my HJT Log. Thanks for the help.


Logfile of HijackThis v1.99.1
Scan saved at 6:11:09 PM, on 3/21/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\WINDESKTOP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
R3 - Default URLSearchHook is missing
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: Class - {64CA2686-435D-CB6D-1C4F-78D558954130} - C:\WINDOWS\WINPT32.DLL
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {C6F6E45B-5927-4D51-AE66-FF4E09AC67DB} - C:\WINDOWS\SYSTEM\CHLM.DLL
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O4 - HKLM\..\Run: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKCU\..\Run: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - Startup: Shortcut to SPOOL32.EXE.lnk = C:\WINDOWS\SYSTEM\SPOOL32.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/sext2sp.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://008i.com/pic//x.chm::/open.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18c218783ecbcfcd0e18/netzip/RdxIE601.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe
O18 - Filter: text/html - {1F329E35-E353-4D72-93A6-9048ACDCB67A} - C:\WINDOWS\SYSTEM\CHLM.DLL
O18 - Filter: text/plain - {1F329E35-E353-4D72-93A6-9048ACDCB67A} - C:\WINDOWS\SYSTEM\CHLM.DLL
O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\abirvalg32.dll
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

 

[LonnyRJones]

Start Hijackthis and place a check next to ONLY these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankInternet
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {64CA2686-435D-CB6D-1C4F-78D558954130} - C:\WINDOWS\WINPT32.DLL
O4 - HKLM\..\Run: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O4 - HKLM\..\RunServices: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - HKCU\..\Run: [windesktop] C:\WINDOWS\SYSTEM\windesktop.exe
O4 - Startup: Shortcut to SPOOL32.EXE.lnk = C:\WINDOWS\SYSTEM\SPOOL32.EXE
O16 - DPF: {70522FA2-4656-11D5-B0E9-0050DAC24E8F} - http://www.iwon.com/ct/pm2/iwonpm1,0,2,3.cab
O16 - DPF: {11111111-1111-1111-1111-111111111123} - file://c:\Recycled\1.exe
O16 - DPF: {11111111-1111-1111-1111-111111113457} - file://c:\ied_s7m.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://c:\nosuch.mht!http://2awm.com/pop/chm/sext2sp.chm::/on-line.exe
O16 - DPF: {11111111-1111-1111-1111-222222222222} - ms-its:mhtml:file://d:\foo.mht!http://008i.com/pic//x.chm::/open.exe
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/18c21878...p/RdxIE601.cab
O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {33331111-1111-1111-1111-611111193457} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-611111193458} - file://c:\ex.cab
O16 - DPF: {33331111-1111-1111-1111-622221193458} - file://c:\ex.cab
O16 - DPF: {64311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
O16 - DPF: {11311111-1111-1111-1111-111111111157} - file://C:\Recycled\Q330995.exe

O21 - SSODL: OLE Module - {0656A137-B161-CADD-9777-E37A75727E78} - C:\WINDOWS\SYSTEM\abirvalg32.dll
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Rn aboutbuster, save the log to post later.
If prompted to restart the pc do so

Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\TEMP\se.dll/space.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blankInternet
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {C6F6E45B-5927-4D51-AE66-FF4E09AC67DB} - C:\WINDOWS\SYSTEM\CHLM.DLL
O4 - HKLM\..\Run: [sp] rundll32 C:\WINDOWS\TEMP\SE.DLL,DllInstall
O18 - Filter: text/html - {1F329E35-E353-4D72-93A6-9048ACDCB67A} - C:\WINDOWS\SYSTEM\CHLM.DLL
O18 - Filter: text/plain - {1F329E35-E353-4D72-93A6-9048ACDCB67A} - C:\WINDOWS\SYSTEM\CHLM.DLL
====================================
Hit fix checked and close Hijackthis.

Post a a new hijackthis and that first about buster log.

 

[woodchips]

New hijackthis log and first about buster log

Logfile of HijackThis v1.99.1
Scan saved at 1:14:50 PM, on 3/22/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\TEMP\UECNTBDP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

 

[LonnyRJones]

Scan and fix this item with hijackthis
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

Had you missed it or has it returned ?

Post a report from one or better yet both of these free online scanners

Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Save the report and post it back here please if there are any that it is unable to deal with.


Kaspersky Lab - Free Online scan:
http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended this database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

You have been using msconfig, I need you to re-able anything you have disabled since the problems started then make and post another hijackthis log
But dont restart the PC yet..

 

[woodchips]

It keeps returning

I have deleted it with hijackthis, three times, but it keeps returning.
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

I will try the online scans next

 

[woodchips]

Panda-ActiveScan

Panda-ActiveScan: performed scan, but would not disinfect. See log below

Kaspersky Lab - would not work. It didn't even initalize

Additional issue now: Can open my computer but when I click on the hard drive no icons appear. It says I still have objects in the lower left hand corner, but nothing is visible. My Documents is still OK, and all files and extensions are marked to be visible. Only happened after trying to run Kaspersky Lab. Please advise.


Incident Status Location

Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\SYSTEM\bdedata2.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\SYSTEM\bdeinsta2.dll
Potentially unwanted tool:Application/BrilliantDigital Not disinfected C:\WINDOWS\SYSTEM\bdeinstall.exe
Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM\howiper.exe
Adware:Adware/Spoon Not disinfected C:\WINDOWS\SYSTEM\favset.exe
Adware:adware/searchaid Not disinfected C:\WINDOWS\SYSTEM\sdkxp32.exe
Virus:Trj/Downloader.CME Not disinfected C:\WINDOWS\SYSTEM\xdldr24.exe
Adware:adware/cws.aboutblank Not disinfected C:\WINDOWS\SYSTEM\crhz32.dll
Adware:adware/cws.008k Not disinfected C:\WINDOWS\SYSTEM\syssy.dll

 

[LonnyRJones]

woodchips
http://forums.spybot.info/showpost.php?p=16545&postcount=6
In that post a download link is missing for aboutBuster, I thought i had posted it , was it there prior or did you find aboutbuster on your own ?

Download Pocket Killbox to the desktop
http://www.downloads.subratam.org/KillBox.exe
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.

C:\WINDOWS\SYSTEM\bdedata2.dll
C:\WINDOWS\SYSTEM\bdeinsta2.dll
C:\WINDOWS\SYSTEM\bdeinstall.exe
C:\WINDOWS\SYSTEM\howiper.exe
C:\WINDOWS\SYSTEM\favset.exe
C:\WINDOWS\SYSTEM\sdkxp32.exe
C:\WINDOWS\SYSTEM\xdldr24.exe
C:\WINDOWS\SYSTEM\crhz32.dll
C:\WINDOWS\SYSTEM\syssy.dll
C:\WINDOWS\SYSTEM\PZRKD.DLL

Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc


Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
The fix will begin; follow the prompts.
You will be asked to reboot your computer; please do so.
Your system may take longer than usual to load; this is normal.
Once the desktop loads post the text that will open (report.txt) and a new Hijackthis log in the forum please.

 

[woodchips]

Internet Exploerer Affected Also

Similar to the problem with My Computer\C: drive access, but now with Internet explorer. Can navigate to main home page of sites, but cannot view auxillar pages.

 

[woodchips]

Can't view soma;slkdjf;

 

[woodchips]

FixWareout results

Found Aboutbuster on own

Ran Killbox, everything went OK

Report.txt

Fixwareout ver 1.003
Last edited march/15/2006
Post this report in the forums please

Reg Entries that were deleted


Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...



Logfile of HijackThis v1.99.1
Scan saved at 5:07:45 PM, on 3/23/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\NOTEPAD.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRAM FILES\FLASHGET\JCCATCH.DLL
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\PROGRAM FILES\COX\APPLICATIONS\APP\AUTHBHO.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download using FlashGet - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL

 

[LonnyRJones]

Try Killbox delete on reboot again for file:
C:\WINDOWS\SYSTEM\PZRKD.DLL

It appears you have no antivirus protection

Install atleast a free anti virus program
Dont make the common mistake of installing more than one anti virus program!!!!
AVG Anti-Virus-Free: http://www.grisoft.com/us/us_dwnl_free.php
AntiVir Personal Edition: http://www.free-av.com/
avast! 4 Home - Free antivirus software :
http://www.asw.cz/eng/free_virus_protectio.html

Install one, update it and do a full system scan, If it has problems removing any virus/trojan's do a scan while the PC is in safe mode

 

[woodchips]

Anti-virus protection

I have the Cox Hi-Speed Internet Security Suite. It hasn't been able to load successfully since we've started the remedies. I was going to reinstall it after everything was working properly again.

But, I have had it up and running with automatic updates and still had the problems you've helped get rid of. Would you recommend that I use one of the anti-virus programs that you listed instead. Please advise.

Will run Killbox again.

 

[woodchips]

Killbox Results

It appears killbox can't find the the file C:\WINDOWS\SYSTEM\PZRKD.DLL

Ran killbox in safe mode and searched for the file myself, but didn't find it either way. I have include a new hijack this log, which now says the fill is just missing.

Also, I am still running a selective startup because when I run msconfig and go to the startup tab, windesktop.exe (listed three times) and sp (rundll32) still appear and are marked to run. Should they still be there?

Logfile of HijackThis v1.99.1
Scan saved at 5:38:10 AM, on 3/24/2006
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\HIJACK THIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [MSConfigReminder] C:\WINDOWS\SYSTEM\msconfig.exe /reminder
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRAM FILES\JAVA\JRE1.5.0_06\BIN\SSV.DLL
O9 - Extra button: Dell Home - {63D9F689-FA15-4ECF-91BC-C4D0734E14EA} - http://www.dellnet.com (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL (file missing)

 

[woodchips]

Virus scan

Is there any way I can delete files in log for virus scan. Scanner says it can't quarantine or delete these files. Please advise


Report file date: Friday, March 24, 2006 06:29


Jobname: 'Local Drives'

Scanning for 341280 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows Me
Windows version: (plain) [4.90.3000] (Windows Me)
Username: unknown
Computer name: OFFICE

Version informations:
AVSCAN.EXE : 7.0.0.28 393256 3/15/2006 19:18:58
AVSCAN.DLL : 7.0.0.28 40488 3/15/2006 19:18:58
LUKE.DLL : 7.0.0.28 110632 3/15/2006 19:18:58
LUKERES.DLL : 7.0.0.28 25600 3/15/2006 19:18:58
ANTIVIR0.VDF : 6.32.0.60 4323840 3/15/2006 15:46:22
ANTIVIR1.VDF : 6.34.0.11 1424384 3/15/2006 15:46:24
ANTIVIR2.VDF : 6.34.0.75 207872 3/24/2006 12:57:30
ANTIVIR3.VDF : 6.34.0.89 26112 3/24/2006 12:57:30
AVEWIN32.DLL : 7.0.0.3 1167872 3/1/2006 00:06:46
AVPREF.DLL : 6.34.0.0 33320 1/18/2006 20:05:46
AVREP.DLL : 6.34.0.50 1712168 3/24/2006 12:57:30
AVPACK32.DLL : 6.33.0.6 331816 1/9/2006 17:03:38
AVREG.DLL : 6.31.0.90 25128 7/28/2005 18:06:12
NETNT.DLL : No Informations!
NETNW.DLL : 6.32.0.0 9768 9/27/2005 15:56:46


Start of the scan: Friday, March 24, 2006 06:30


Start scanning boot sectors:

Boot sector 'A:'
[NOTE] In the drive 'A:' no data medium is inserted!
Boot sector 'E:'
[NOTE] In the drive 'E:' no data medium is inserted!

Starting to scan the registry.

The registry was scanned ( 8 files ).


Starting the file scan:

C:\WINDOWS\WIN386.SWP
[WARNING] The file could not be opened!
C:\My Documents\SpybotSD.Report.txt
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\My Documents\HijackThis\hijackthis.log
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\_RESTORE\TEMP\A0002492.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002418.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002618.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002630.0
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002644.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0002968.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003207.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003395.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003479.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0003582.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0004582.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0004596.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005596.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005597.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005606.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0005607.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006002.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006075.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006253.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0006485.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0007485.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0007613.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0008613.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0008707.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0009707.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] The file could not be wiped!
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0009984.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010401.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010519.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010527.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0010639.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011639.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011663.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0011872.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012872.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012958.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0012982.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013002.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013003.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013004.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013009.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013239.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013312.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0013573.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0014400.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0015400.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0015898.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016070.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016090.CPY
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016092.CPY
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016273.CPY
[DETECTION] Is the Trojan horse TR/StartPage.abg
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016285.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016286.CPY
[DETECTION] Is the Trojan horse TR/Proxy.Agent.DL.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016443.CPY
[DETECTION] Contains signature of the dial-up program DIAL/301140
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016445.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Delf.CB
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016471.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016473.CPY
[DETECTION] Is the Trojan horse TR/Dldr.Mediket.S.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016475.CPY
[DETECTION] Is the Trojan horse TR/Drop.Agent.RI.2
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016479.CPY
[DETECTION] Is the Trojan horse TR/Small.ev.308.A
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016481.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016485.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R
[WARNING] An error has been performed and the file was not deleted. ErrorID: 16003
[WARNING] The file could not be deleted!
C:\_RESTORE\TEMP\A0016491.CPY
[DETECTION] Is the Trojan horse TR/DNSChanger.R


End of the scan: Friday, March 24, 2006 07:19
Used time: 49:42 min

The scan has been canceled by the user!

1064 Scanning directories
100250 Files were scanned
63 viruses and/or unwanted programs was found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1005 Archives were scanned
125 Warnings
0 Notes

 

[LonnyRJones]

Have hiajckthis fix this item if you havent already done so
O21 - SSODL: hbeUYKE - {07D00A18-AD7A-A0B2-CACC-77B04D7E07DE} - C:\WINDOWS\SYSTEM\PZRKD.DLL (file missing)


[WARNING] The file could not be opened!
C:\My Documents\SpybotSD.Report.txt
[DETECTION] Contains signature of the HTML script virus HTML/Exploit.Mhtml
C:\My Documents\HijackThis\hijackthis.log

Obviously Fasle possitives , for those other have windows delete the old system restore points

System Restore win ME
Purge the old System Restore points to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Right-click My Computer, and then click Properties.
2. On the Performance tab, click File System, or press ALT+F.
3. On the Troubleshooting tab, put a check mark in the 'Turn Off System Restore' check box.
4. Click OK twice, and then click Yes when you are prompted to restart the computer.
5. Repeat steps 1 - 3, this time clearing the box beside 'Turn Off System Restore'

Im not familur with Cox's software, offhand i suggest keeping it(if you get it to work correctly) and doing suplimental free Onlines scan's weekly or byweekly.

 

[woodchips]

System Restore Hijacked?

I followed the steps to turn off system restore, but it was already turned off. So to check it, I turned it back on, but as soon as I closed it, restarted the computer and opened it up again it was turned off again. Could something be disable the system restore. Please advise.