The avenger backups should be where I indicated -are you using Windows Explorer to look for it?
multiple trojans, malware, viruses, etc.
Started by
anita1973
, Nov 25 2006 02:25 AM
#31
Posted 03 December 2006 - 02:58 PM
The avenger backups should be where I indicated -are you using Windows Explorer to look for it?
#32
Posted 03 December 2006 - 08:42 PM
I misunderstood what you meant at first. I did delete the Command quarantine files.
Here is the AVG scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:45:53 PM 12/3/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00AC8F9D-A0CB-27D9-59F8-9DBFA4F78894} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0A0FF6B2-F037-E653-9B2C-9C1544FD844C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AD23D8C-6248-D24A-575E-0B3144E2B24C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E441D98-57FE-B1C9-68B9-D977C0D90AA2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{13B605DF-1E8A-69E3-30F0-9C4603AF0367} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15441FF2-7B4A-9558-4AB1-B594DAA19E8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A1CA288-E54D-5913-FC5B-3DE50E712600} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB7AD4B-3508-7A5B-14CF-9AD59844A6BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{432A50E4-15E1-B224-9F27-8699E3BE07E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4541C3A4-BE5B-9B85-1734-EAE35FD0E3AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EC3BB36-CA1A-D1EA-75AE-7B818DFB27AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{60440569-036A-310C-511A-BE6681BB55C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6291F3D7-5FEA-52E3-3F0F-87652DDA707C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{633C8BFF-B1D2-9627-66F6-74124A682441} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6EC0AEDF-DCC2-3AF3-5964-88EAD9AC4791} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6ED7881C-15E8-9C0E-4F52-AC2FEF0427E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{85E33A54-6481-9784-AEB9-CF853AF309D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{876F25EA-B784-546C-3433-F251F16788C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D87C670-C5F3-53AC-529E-FE0AD1A2C88E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFEDCA47-067A-A991-0E41-D9B6EAD4EFEC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C07B8516-5A0F-1DF7-4D80-CDEB560CF46E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C086A50D-7FBB-97FD-CFF2-05B844A747E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F3D119-9DB1-2A8F-366F-9EDB1C992E35} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEAB74E3-0FE1-C155-5E58-CF204C7204B2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7678144-36BD-CABB-B257-C47FF48322B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D85435DB-675F-AC8A-A21E-5CE661F7591E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FCC6A371-DF76-3A3F-2C3F-BA20A0FCDE91} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINNT\n_zauwqn.log -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINNT\n_yvrwor.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zfoatg.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zgarua.dat -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\Temp\1.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\10.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\11.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\12.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\14.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\15.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\16.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\17.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\18.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\19.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\20.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\21.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\22.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\23.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\24.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\25.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\27.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\28.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\29.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\3.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\30.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\31.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\32.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\33.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\34.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\4.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\5.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\6.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\7.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\8.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\9.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\10_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\11_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\12_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\14_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\15_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\16_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\17_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\18_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\19_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\20_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\21_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\22_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\23_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\24_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\26_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\27_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\28_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\29_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\30_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\31_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\32_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\33_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\34_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\3_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\4_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\5_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\6_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\7_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\8_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\9_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\lkcdmefe_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mcetijni_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mwssallj_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\njlrmjqn_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\skyctewh_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\slgkdcgc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\uhhccwsc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wgabvwci_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wipixspg_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\ygevlqqq_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\bkkqnwut.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\elyutudy.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\gkargbkc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\iwukhwmn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\kyjrhyoi.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\lkcdmefe.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mcetijni.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mwssallj.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\njlrmjqn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\skyctewh.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\slgkdcgc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\uhhccwsc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wgabvwci.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wipixspg.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\ygevlqqq.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
[184] C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
::Report end
Here's the new hijackthis scan log:
Logfile of HijackThis v1.99.1
Scan saved at 9:00:00 PM, on 12/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
Here is the AVG scan:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 8:45:53 PM 12/3/2006
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{00AC8F9D-A0CB-27D9-59F8-9DBFA4F78894} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0A0FF6B2-F037-E653-9B2C-9C1544FD844C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AD23D8C-6248-D24A-575E-0B3144E2B24C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E441D98-57FE-B1C9-68B9-D977C0D90AA2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{13B605DF-1E8A-69E3-30F0-9C4603AF0367} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15441FF2-7B4A-9558-4AB1-B594DAA19E8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A1CA288-E54D-5913-FC5B-3DE50E712600} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB7AD4B-3508-7A5B-14CF-9AD59844A6BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{432A50E4-15E1-B224-9F27-8699E3BE07E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4541C3A4-BE5B-9B85-1734-EAE35FD0E3AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EC3BB36-CA1A-D1EA-75AE-7B818DFB27AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{60440569-036A-310C-511A-BE6681BB55C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6291F3D7-5FEA-52E3-3F0F-87652DDA707C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{633C8BFF-B1D2-9627-66F6-74124A682441} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6EC0AEDF-DCC2-3AF3-5964-88EAD9AC4791} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6ED7881C-15E8-9C0E-4F52-AC2FEF0427E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{85E33A54-6481-9784-AEB9-CF853AF309D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{876F25EA-B784-546C-3433-F251F16788C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D87C670-C5F3-53AC-529E-FE0AD1A2C88E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFEDCA47-067A-A991-0E41-D9B6EAD4EFEC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C07B8516-5A0F-1DF7-4D80-CDEB560CF46E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C086A50D-7FBB-97FD-CFF2-05B844A747E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F3D119-9DB1-2A8F-366F-9EDB1C992E35} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEAB74E3-0FE1-C155-5E58-CF204C7204B2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7678144-36BD-CABB-B257-C47FF48322B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D85435DB-675F-AC8A-A21E-5CE661F7591E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FCC6A371-DF76-3A3F-2C3F-BA20A0FCDE91} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINNT\n_zauwqn.log -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINNT\n_yvrwor.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zfoatg.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zgarua.dat -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\Temp\1.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\10.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\11.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\12.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\14.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\15.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\16.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\17.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\18.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\19.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\20.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\21.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\22.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\23.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\24.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\25.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\27.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\28.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\29.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\3.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\30.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\31.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\32.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\33.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\34.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\4.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\5.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\6.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\7.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\8.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\9.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\10_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\11_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\12_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\14_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\15_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\16_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\17_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\18_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\19_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\20_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\21_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\22_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\23_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\24_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\26_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\27_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\28_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\29_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\30_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\31_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\32_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\33_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\34_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\3_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\4_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\5_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\6_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\7_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\8_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\9_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\lkcdmefe_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mcetijni_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mwssallj_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\njlrmjqn_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\skyctewh_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\slgkdcgc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\uhhccwsc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wgabvwci_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wipixspg_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\ygevlqqq_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\bkkqnwut.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\elyutudy.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\gkargbkc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\iwukhwmn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\kyjrhyoi.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\lkcdmefe.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mcetijni.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mwssallj.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\njlrmjqn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\skyctewh.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\slgkdcgc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\uhhccwsc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wgabvwci.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wipixspg.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\ygevlqqq.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
[184] C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.
::Report end
Here's the new hijackthis scan log:
Logfile of HijackThis v1.99.1
Scan saved at 9:00:00 PM, on 12/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
#33
Posted 04 December 2006 - 01:00 AM
OK, AVG seems to have removed it, except one. Let's tidy up and see if it comes back. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)
Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)
Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
Edited by Daemon, 04 December 2006 - 01:03 AM.
#34
Posted 04 December 2006 - 11:48 AM
Ok, here's the latest HijackThis scan. Looks like that one 020 is still there?
Logfile of HijackThis v1.99.1
Scan saved at 12:07:08 PM, on 12/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:07:08 PM, on 12/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
#35
Posted 04 December 2006 - 05:13 PM
Yeah, the only one AVG didn't find. Can you zip it up and send it to [email protected] so they can add it to their detections. Let's see if we can delete it. Open HijackThis, scan and when complete, remove the following entry by checking the box to the left and clicking 'fixed checked':
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
Exit HijackThis when done.
Please double-click Killbox.exe to run it. Select:
Post a new HJT log when done.
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
Exit HijackThis when done.
Please double-click Killbox.exe to run it. Select:
- Delete on Reboot
- then Click on the All Files button.
- Please copy the file path below to the clipboard pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINNT\SYSTEM32\aqdywclx.dll
- Return to Killbox, go to the File menu, and choose Paste from Clipboard.
- Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.
Post a new HJT log when done.
Edited by Daemon, 04 December 2006 - 05:15 PM.
#36
Posted 05 December 2006 - 09:29 AM
Looks likes that did it! I think it's gone:
Logfile of HijackThis v1.99.1
Scan saved at 9:45:15 AM, on 12/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
I will send the zipped file to the the folks at AVG scan. Anything else?
Logfile of HijackThis v1.99.1
Scan saved at 9:45:15 AM, on 12/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
I will send the zipped file to the the folks at AVG scan. Anything else?
#37
Posted 05 December 2006 - 01:50 PM
These two are back:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
Fix with HJT, reboot and post a final log.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
Fix with HJT, reboot and post a final log.
#38
Posted 06 December 2006 - 08:10 PM
They seem to be gone now:
Latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 8:26:07 PM, on 12/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
One other thing, can you tell me how to get IE from opening up when the computer boots? I looked to see if it was in the Start Up menu but wasn't.
thanks
Latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 8:26:07 PM, on 12/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
One other thing, can you tell me how to get IE from opening up when the computer boots? I looked to see if it was in the Start Up menu but wasn't.
thanks
#39
Posted 06 December 2006 - 09:08 PM
Just out of curiosity I ran Command antivirus and it found W32/Internet-Trojan-patched-based!Maximus associated with Avenger.exe. It called it an infection but couldn't disinfect it. Is the Avenger.exe infected?
#40
Posted 07 December 2006 - 12:32 AM
No, Avenger is fine - I know the person that wrote it - it will be a false positive. You can delete it now however, as you won't have any further need for it.
Open HijackThis and fix the following:
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
Reboot and let me know.
Open HijackThis and fix the following:
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
Reboot and let me know.
#41
Posted 08 December 2006 - 08:01 AM
That fixed the IE problem. All seems well now. All I have to do now is look to see what kind of video controller it has because it keeps telling me here's new hardware and I need the driver. It can't find the driver on the hard drive. The video controller card thingy was not plugged in when I picked up the computer so I plugged it in. The screen is kinda funky looking because it needs that driver.
Anyway, here's the latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 7:42:41 AM, on 12/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
I REALLY appreciate all the the time you spent helping me and this poor computer. I seem to have a very nice computer now! I wish I could afford to pay you what your time was worth. This computer will be a very nice addition to the all volunteer genealogy library that I'm the director of. Thank you so very much!!
Anita
Anyway, here's the latest Hijack This log:
Logfile of HijackThis v1.99.1
Scan saved at 7:42:41 AM, on 12/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
I REALLY appreciate all the the time you spent helping me and this poor computer. I seem to have a very nice computer now! I wish I could afford to pay you what your time was worth. This computer will be a very nice addition to the all volunteer genealogy library that I'm the director of. Thank you so very much!!
Anita
#42
Posted 08 December 2006 - 09:31 AM
You're welcome - glad to help My help is free - I hope the people in your library enjoy their new machine
If you wander over to the hardware forum http://www.geekstogo...pherals-f9.html the experts there will probably be able to help you with the video issue.
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
If you wander over to the hardware forum http://www.geekstogo...pherals-f9.html the experts there will probably be able to help you with the video issue.
To help keep you clean follow the recommendations in Tony's article here:
So how did I get infected in the first place?
As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users