Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

multiple trojans, malware, viruses, etc.

Started by anita1973 , Nov 25 2006 02:25 AM

  • This topic is locked This topic is locked

#31
Daemon
Posted 03 December 2006 - 02:58 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
I'm not familiar with the Command program. If you run it there should a tab called quarantine - click it and remove all quarantined items.

The avenger backups should be where I indicated -are you using Windows Explorer to look for it?
  • 0

Advertisements

#32
anita1973
Posted 03 December 2006 - 08:42 PM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I misunderstood what you meant at first. I did delete the Command quarantine files.

Here is the AVG scan:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:45:53 PM 12/3/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{00AC8F9D-A0CB-27D9-59F8-9DBFA4F78894} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0A0FF6B2-F037-E653-9B2C-9C1544FD844C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AD23D8C-6248-D24A-575E-0B3144E2B24C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0E441D98-57FE-B1C9-68B9-D977C0D90AA2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{13B605DF-1E8A-69E3-30F0-9C4603AF0367} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15441FF2-7B4A-9558-4AB1-B594DAA19E8A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A1CA288-E54D-5913-FC5B-3DE50E712600} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB7AD4B-3508-7A5B-14CF-9AD59844A6BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{432A50E4-15E1-B224-9F27-8699E3BE07E3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4541C3A4-BE5B-9B85-1734-EAE35FD0E3AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4EC3BB36-CA1A-D1EA-75AE-7B818DFB27AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{60440569-036A-310C-511A-BE6681BB55C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6291F3D7-5FEA-52E3-3F0F-87652DDA707C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{633C8BFF-B1D2-9627-66F6-74124A682441} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6EC0AEDF-DCC2-3AF3-5964-88EAD9AC4791} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6ED7881C-15E8-9C0E-4F52-AC2FEF0427E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{85E33A54-6481-9784-AEB9-CF853AF309D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{876F25EA-B784-546C-3433-F251F16788C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D87C670-C5F3-53AC-529E-FE0AD1A2C88E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFEDCA47-067A-A991-0E41-D9B6EAD4EFEC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C07B8516-5A0F-1DF7-4D80-CDEB560CF46E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C086A50D-7FBB-97FD-CFF2-05B844A747E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C5F3D119-9DB1-2A8F-366F-9EDB1C992E35} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CEAB74E3-0FE1-C155-5E58-CF204C7204B2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7678144-36BD-CABB-B257-C47FF48322B3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D85435DB-675F-AC8A-A21E-5CE661F7591E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{FCC6A371-DF76-3A3F-2C3F-BA20A0FCDE91} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\WINNT\n_zauwqn.log -> Downloader.Agent.bc : Cleaned with backup (quarantined).
C:\WINNT\n_yvrwor.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zfoatg.txt -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\n_zgarua.dat -> Downloader.Agent.bq : Cleaned with backup (quarantined).
C:\WINNT\Temp\1.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\10.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\11.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\12.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\14.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\15.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\16.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\17.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\18.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\19.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\1F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\20.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\21.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\22.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\23.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\24.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\25.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\27.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\28.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\29.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\2F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\3.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\30.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\31.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\32.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\33.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\34.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\4.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\5.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\6.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\7.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\8.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\9.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\A.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\10_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\11_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\12_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\14_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\15_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\16_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\17_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\18_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\19_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\1_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\20_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\21_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\22_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\23_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\24_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\26_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\27_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\28_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\29_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\2_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\30_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\31_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\32_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\33_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\34_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\3_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\4_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\5_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\6_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\7_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\8_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\9_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\A_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\B_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\C_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\D_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\E_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\F_tmp.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\lkcdmefe_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mcetijni_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\mwssallj_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\njlrmjqn_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\skyctewh_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\slgkdcgc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\uhhccwsc_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wgabvwci_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\wipixspg_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\ASHeuristic\ygevlqqq_dll.vir -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\B.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\C.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\D.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\E.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Temp\F.tmp -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\bkkqnwut.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\elyutudy.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\gkargbkc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\iwukhwmn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\kyjrhyoi.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\lkcdmefe.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mcetijni.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\mwssallj.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\njlrmjqn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\skyctewh.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\slgkdcgc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\uhhccwsc.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wgabvwci.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\wipixspg.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\system32\ygevlqqq.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
[184] C:\WINNT\system32\biyvkfcn.dll -> Not-A-Virus.SpamTool.Win32.Agent.f : Cleaned with backup (quarantined).
C:\WINNT\Cookies\[email protected][2].txt -> TrackingCookie.Web-stat : Cleaned.


::Report end


Here's the new hijackthis scan log:

Logfile of HijackThis v1.99.1
Scan saved at 9:00:00 PM, on 12/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
  • 0

#33
Daemon
Posted 04 December 2006 - 01:00 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, AVG seems to have removed it, except one. Let's tidy up and see if it comes back. Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O20 - Winlogon Notify: biyvkfcn - biyvkfcn.dll (file missing)
O20 - Winlogon Notify: bkkqnwut - bkkqnwut.dll (file missing)
O20 - Winlogon Notify: elyutudy - elyutudy.dll (file missing)
O20 - Winlogon Notify: gkargbkc - gkargbkc.dll (file missing)
O20 - Winlogon Notify: iwukhwmn - iwukhwmn.dll (file missing)
O20 - Winlogon Notify: kyjrhyoi - kyjrhyoi.dll (file missing)
O20 - Winlogon Notify: lkcdmefe - lkcdmefe.dll (file missing)
O20 - Winlogon Notify: mcetijni - mcetijni.dll (file missing)
O20 - Winlogon Notify: mwssallj - mwssallj.dll (file missing)
O20 - Winlogon Notify: njlrmjqn - njlrmjqn.dll (file missing)
O20 - Winlogon Notify: skyctewh - skyctewh.dll (file missing)
O20 - Winlogon Notify: slgkdcgc - slgkdcgc.dll (file missing)
O20 - Winlogon Notify: uhhccwsc - uhhccwsc.dll (file missing)
O20 - Winlogon Notify: wgabvwci - wgabvwci.dll (file missing)
O20 - Winlogon Notify: wipixspg - wipixspg.dll (file missing)
O20 - Winlogon Notify: ygevlqqq - ygevlqqq.dll (file missing)

Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.

Edited by Daemon, 04 December 2006 - 01:03 AM.

  • 0

#34
anita1973
Posted 04 December 2006 - 11:48 AM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ok, here's the latest HijackThis scan. Looks like that one 020 is still there? :whistling:


Logfile of HijackThis v1.99.1
Scan saved at 12:07:08 PM, on 12/4/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
  • 0

#35
Daemon
Posted 04 December 2006 - 05:13 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Yeah, the only one AVG didn't find. Can you zip it up and send it to [email protected] so they can add it to their detections. Let's see if we can delete it. Open HijackThis, scan and when complete, remove the following entry by checking the box to the left and clicking 'fixed checked':

O20 - Winlogon Notify: aqdywclx - C:\WINNT\SYSTEM32\aqdywclx.dll

Exit HijackThis when done.

Please double-click Killbox.exe to run it. Select:
  • Delete on Reboot
  • then Click on the All Files button.
  • Please copy the file path below to the clipboard pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINNT\SYSTEM32\aqdywclx.dll

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt.
If after a while, your computer does not restart automatically, please restart it manually.

Post a new HJT log when done.

Edited by Daemon, 04 December 2006 - 05:15 PM.

  • 0

#36
anita1973
Posted 05 December 2006 - 09:29 AM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
:whistling: Looks likes that did it! I think it's gone:

Logfile of HijackThis v1.99.1
Scan saved at 9:45:15 AM, on 12/5/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe



I will send the zipped file to the the folks at AVG scan. Anything else?
  • 0

#37
Daemon
Posted 05 December 2006 - 01:50 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
These two are back:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm

Fix with HJT, reboot and post a final log.
  • 0

#38
anita1973
Posted 06 December 2006 - 08:10 PM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
They seem to be gone now:

Latest Hijack This log:


Logfile of HijackThis v1.99.1
Scan saved at 8:26:07 PM, on 12/6/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINNT\LTMSG.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe



One other thing, can you tell me how to get IE from opening up when the computer boots? I looked to see if it was in the Start Up menu but wasn't.
thanks :whistling:
  • 0

#39
anita1973
Posted 06 December 2006 - 09:08 PM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Just out of curiosity I ran Command antivirus and it found W32/Internet-Trojan-patched-based!Maximus associated with Avenger.exe. It called it an infection but couldn't disinfect it. Is the Avenger.exe infected? :whistling:
  • 0

#40
Daemon
Posted 07 December 2006 - 12:32 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
No, Avenger is fine - I know the person that wrote it - it will be a false positive. You can delete it now however, as you won't have any further need for it.

Open HijackThis and fix the following:

O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe

Reboot and let me know.
  • 0

Advertisements

#41
anita1973
Posted 08 December 2006 - 08:01 AM

anita1973

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
That fixed the IE problem. All seems well now. All I have to do now is look to see what kind of video controller it has because it keeps telling me here's new hardware and I need the driver. It can't find the driver on the hard drive. The video controller card thingy was not plugged in when I picked up the computer so I plugged it in. The screen is kinda funky looking because it needs that driver.

Anyway, here's the latest Hijack This log:

Logfile of HijackThis v1.99.1
Scan saved at 7:42:41 AM, on 12/8/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\LEXBCES.EXE
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\LEXPPS.EXE
C:\WINNT\system32\netdde.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\pctspk.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINNT\LTMSG.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\NZSearch\nzspc.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NetZero\exec.exe
C:\Program Files\NetZero\qsacc\x1exec.exe
C:\Documents and Settings\Administrator\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scroogle....bin/scraper.htm
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\Toolbar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HP CD-Writer] C:\Program Files\HP CD-Writer\Mmenu\hpcdtray.exe
O4 - HKLM\..\Run: [CreateCD50] "C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" -r
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\exec.exe regrun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\RunOnce: [untd_recovery] "C:\Program Files\NetZero\qsacc\x1exec.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\NetZero\qsacc\appres.dll/227
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - http://support.gatew...rvest/gwCID.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE
O23 - Service: OPCEnum (OpcEnum) - Unknown owner - C:\Program Files\Common Files\OPC Foundation\OPCENUM.EXE (file missing)
O23 - Service: W2K PCtel speaker phone (Pctspk) - PCtel, Inc. - C:\WINNT\system32\pctspk.exe
O23 - Service: PI-Ping Data Measurement Program (basic version) (piping_basic) - Unknown owner - C:\Program Files\pipc\Interfaces\PING_basic\piping_basic.exe (file missing)
O23 - Service: RSLinx Enterprise (RSLinxNG) - Unknown owner - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" /service (file missing)
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe



I REALLY appreciate all the the time you spent helping me and this poor computer. I seem to have a very nice computer now! :blink: I wish I could afford to pay you what your time was worth. This computer will be a very nice addition to the all volunteer genealogy library that I'm the director of. Thank you so very much!!
Anita :whistling:
  • 0

#42
Daemon
Posted 08 December 2006 - 09:31 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :blink: My help is free - I hope the people in your library enjoy their new machine :whistling:

If you wander over to the hardware forum http://www.geekstogo...pherals-f9.html the experts there will probably be able to help you with the video issue.

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP