Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MSIE browser (only) hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 11th, 2008, 10:29 pm

Try booting into Safe Mode. You can go in Safe Mode by restarting your computer, then continually tapping F8 until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

The search for and delete:

C:\WINDOWS\system32\kmbl.dll

Empty your Recycle bin.

Reboot Windows normally.

Using Internet Explorer Go to http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer" and then put the kettle on!
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply along with a fresh HJT log and a description of how your PC is behaving.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 11th, 2008, 11:08 pm

wow, this thing is ridiculous. I keep getting the same error message, even under safe mode--

What do you suggest I do from here?

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 11th, 2008, 11:25 pm

I read something online suggesting that HJT could be utilized to delete file(s) upon reboots--

What do you think of this approach? I'm rather desperate to 1) get this computer up and running again, and 2) for Microsoft to mail us SP2 so that such spyware/malware issues hopefully won't come up again!

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 11th, 2008, 11:37 pm

Ok, I think I deleted it using HJT (wow, that program sure has a lot of uses!); webscan report upcoming--

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 12th, 2008, 1:21 am

Ok, I did everything. I tried using MSIE and windows explorer, and for the first time in more than a week I did NOT get any sort of hijack messages, BUT according to Kaspersky this machine is apparently still infected. Not only that, but I think with some of the same bugs that I swear I've "cleaned" before...

What do I do from here?

Thanks again for all the help,

Good night!!!

Miguel V.

----------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:15, on 01/12/08
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2459300968
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O21 - SSODL: pXxVNNfIklzR - {0468A015-AEC2-0ABF-3861-7B3A4BCA52DC} - C:\WINDOWS\system32\kmbl.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 8249 bytes


---------------------------

next up is online scanner report:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, January 12, 2008 12:11
Operating System: Microsoft Windows XP Home Edition, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/01/2008
Kaspersky Anti-Virus database records: 508259
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 56445
Number of viruses found: 4
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 01:12:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\cert8.db Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\history.dat Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\key3.db Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\parent.lock Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\search.sqlite Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\BELLA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\BELLA\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\BELLA\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\BELLA\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temp\~DFD192.tmp Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\ntuser.dat Object is locked skipped
C:\Documents and Settings\BELLA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M9ANR8EO\runfile[1].exe Infected: Trojan-Clicker.Win32.Small.cc skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP17\A0003377.dll Infected: Trojan-Downloader.Win32.Agent.byz skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP17\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{2F73FF63-5D06-458A-A6BD-D797D450F33A}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YP63E16P\runfile[1].exe Infected: Trojan-Clicker.Win32.Small.cc skipped
C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.dat Object is locked skipped
C:\WINDOWS\system32\drivers\fidbox2.idx Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\lsass.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\services.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\spoolsv.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\svchost.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.aa skipped
C:\WINDOWS\Temp\JETC6CA.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\1394bus.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\61883.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\6to4svc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ac97ali.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ac97via.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acgenral.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aclayers.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aclua.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acpi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acspecfc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\activ.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\activsvc.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\actlan.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\actshell.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acverfyr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acxtrnal.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adeskerr.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admjoy.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsldp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsldpc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsmsext.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsnt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\advapi32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\advpack.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aec.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\afd.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ahui.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\alg.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\amdk6.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\amdk7.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\an983.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apphelp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apphelp.sdb Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apps.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\appwiz.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\arial.ttf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\arp1394.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asctrls.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asferror.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asfsipc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\policy\msft\windows\gdiplus\gdiplus.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\policy\msft\windows\gdiplus\gdiplus.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\comctl32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\controls.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\controls.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\policy\60100\comctl\comctl.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\policy\60100\comctl\comctl.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\msvcirt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\msvcrt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\mswincrt.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\mswincrt.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\policy\msft\mswincrt\mswincrt.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\policy\msft\mswincrt\mswincrt.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\at.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atapi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2dvaa.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2dvag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2mtaa.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2mtag.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati3d1ag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati3d2ag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinbtxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinmdxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinpdxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinraxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinrvxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinsnxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinttxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atintuxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinxbxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinxsxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atiradn1.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ativdaxx.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ativmvxx.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atmlane.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\audiosrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\author.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\author.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\autochk.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\autolfn.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\auupdate.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\avc.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\avifil32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\basesrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\batt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\bridge.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browselc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browser.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browseui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browsewm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cabinet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\callcont.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\catsrvut.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ccdecode.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdfs.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdrom.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\certcli.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cewmdm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cfgbkend.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cfgwiz.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cimwin32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ciodm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\classpnp.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\clipbrd.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\clusapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmbatt.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmdial32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmdl32.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comadmin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comctl32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comdlg32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\compatui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comsvcs.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\conf.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\conime.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\copymar.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\courtney.acs Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\credui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\crusoe.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\crypt32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptdlg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cscui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\csrsrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ctfmon.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\custdial.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\d3d8.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\danim.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbghelp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsadsn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsrpcn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsvinn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbnetlib.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbnmpntw.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dcache.bin Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dcap32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ddraw.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\defrag.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\desk.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\devmgr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgfat.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgntfs.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgsnap.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfsshlex.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dgnet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dhcpcsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dhtmled.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\digest.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dinput.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dinput8.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\disk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\diskdump.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dlimport.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmband.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmcompos.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmime.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmloader.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmscript.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmstyle.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmusic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dnsapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\docprop2.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\download\lang\imjp81.ime._p Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnhpast.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnhupnp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpvoice.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpvsetup.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpwsockx.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmclien.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmkaud.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmstor.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmv2clt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drvmain.sdb Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ds32gt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dshowext.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dsprop.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dsquery.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dssenh.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dumprep.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\duser.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dw.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dwwin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxdiag.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxg.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxmasf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxmrtp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxtmsft.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxtrans.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\earl.acs Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\els.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ersvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\es.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\esscli.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\essm2e.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\eudcedit.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\eventlog.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\evntrprv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\explorer.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\expsrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fastfat.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fastprox.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\faultrep.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\filelist.xml Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fldrclnr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\flpydisk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fontview.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.cab Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4amsft.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4anscp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4apws.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4areg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4atxt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4avnb.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4avss.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4awebs.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4awel.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp98sadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp98swin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpadmcgi.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpadmdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpcount.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpencode.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpexedll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpmmc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpmmcsat.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpremadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpsrvadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\framebuf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ftp.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsclnt.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxscomex.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxscover.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsdrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsext32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsocm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsocm.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsperf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsres.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsst.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxssvc.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxst30.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxstiff.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxswzrd.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsxp32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\g400.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gameenum.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gckernel.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gdi32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\georgia.ttf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\guitrn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\guitrn_a.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\h323cc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hal.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halaacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halapic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halmacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halmps.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hccoin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\helpctr.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\helpsvc.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hhctrl.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hhsetup.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidclass.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidir.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidserv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\highcont.mar Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hmmapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hnetcfg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\homepage.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\i8042prt.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\acpi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\au.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\battery.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\bda.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\cdrom.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\cpu.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\disk.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\dpcdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\dpup.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\drvindex.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\hiddigi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\hidserv.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ie.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ieaccess.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\iis.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ims.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\input.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\intl.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\keyboard.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\kscaptur.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\layout.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\miscp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\mshdc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\msoe50.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netip6.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netrass.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\nt5inf.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ntprint.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pchealth.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pidgen.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pnpscsi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\scsi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\swflash.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\sysoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\syssetup.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\tape.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\tsoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\usbport.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\whatnewp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icaapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icm32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icsmgr.js Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icwconn1.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\idq.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ie4uinit.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieakeng.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieaksie.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iedkcs32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iepeers.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iesetup.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieuinit.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iexplore.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iis.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ils.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imaadp32.acm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imagehlp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imapi.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imapi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imeshare.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imgutil.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imm32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inetcomm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inetcpl.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\input.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inseng.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\instcat.sql Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\intelide.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\intl.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipconfig.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iphlpapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipnat.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipnathlp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ippromon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0001.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0002.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0004.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0006.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0013.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0014.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_util.inc Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipsec.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipsecsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipv6.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipv6mon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\irbus.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\irmon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\itircl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\itss.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iuctl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iuengine.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ixsso.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\joy.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kbdclass.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kd1394.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kerberos.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kernel32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\keyboard.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kmixer.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ks.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ksxbar.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\l3codeca.acm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chajei.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtmbx.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtskdic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtskf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintime.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintlgnt.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintsetp.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cplexe.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\dayi.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\imekr61.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\imekrcic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\pintlgl.imd Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\licdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\licwmi.mfl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lvback.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\mailtmpl.txt Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\msdtctr.mof Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\mstsc.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\logo.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\logowin.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\rtcimsp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\secupd.dat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\secupd.sig Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\wuauhelp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\newalert.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\newemail.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\online.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\readmesp.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\secdrv.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\spmsg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\spuninst.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\tagfile.1 Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\type.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\eula.txt Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\sp1.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\spcustom.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.url Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.ver Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\winxp_logo_horiz_sm.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\xenroll.dll Object is locked skipped
D:\c3a337362af89d526c3112d8\msxml4-KB927978-enu.log Object is locked skipped

Scan process completed.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 12th, 2008, 2:36 am

Copy/paste the following code box into a new Notepad document.

Code: Select all
@echo off
cd \
dir lsass.exe /s > look.txt
dir services.exe /s > look.txt
dir spoolsv.exe /s > look.txt
dir svchost.exe /s > look.txt
dir winlogon.exe /s > look.txt
notepad look.txt


Save it to your Desktop as "look.bat" including the quotations.

Double click look.bat, a Command window will open, followed shortly after by a Notepad window. When you close Notepad, the Command window will disappear too.
I'd like a copy of the text that appears - the file will be saved as C:\looksee.txt if you need it.

Copy/paste that into your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 12th, 2008, 10:44 am

Hi Kotaguy,

Here's the notepad text you I think spoke of; on my system, though, the file was just saved as look.txt--is that ok?

Miguel V.

---------------------


Volume in drive C has no label.
Volume Serial Number is 0468-A014

Directory of C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819

08/04/04 02:56 502,272 winlogon.exe
1 File(s) 502,272 bytes

Directory of C:\WINDOWS\SoftwareDistribution\Download\S-1-5-18\2cf41f1db14bc8f414e16e1555b77108\backup

08/18/01 07:00 430,080 winlogon.exe
1 File(s) 430,080 bytes

Directory of C:\WINDOWS\system32

08/18/01 07:00 434,176 winlogon.exe
1 File(s) 434,176 bytes

Total Files Listed:
3 File(s) 1,366,528 bytes
0 Dir(s) 6,213,189,632 bytes free
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 12th, 2008, 7:15 pm

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, in the menu, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 12th, 2008, 7:36 pm

Thanks, I'll do that--

By the way, did you want me to keep the look.bat file I created earlier today, or delete it?

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 12th, 2008, 7:38 pm

You can delete it.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 12th, 2008, 8:55 pm

Hi Kotaguy,

Ok, I ran DrWeb on Expressscan, but it found nothing. On a whim I ran it on full scan, and it found a quite a few bugs. Was that ok? Other than that, I followed the instructions, cleaned, rebooted, here's the report--

Let me know where to go from here,

Miguel V.

ps--I see that it viewed part of the SmithFraudFix program as an infection, yet "incurable"... ???

--------

0000002a.bak;C:\Documents and Settings\All Users\Application Data\Kaspersky Lab\AVP7\PdmHist\458.F6D6B81401C851A4.history;Trojan.StartPage.1505;Deleted.;
RegUBP2b-BELLA.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
Process.exe;C:\Documents and Settings\BELLA\Desktop\SmitfraudFix;Tool.Prockill;Incurable.Deleted.;
restart.exe;C:\Documents and Settings\BELLA\Desktop\SmitfraudFix;Tool.ShutDown.11;Incurable.Deleted.;
runfile[1].exe;C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\M9ANR8EO;Trojan.Click.840;Deleted.;
uninstall.exe;C:\Program Files\blstoolbar;Adware.VMN;Incurable.Deleted.;
A0001676.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP11;Trojan.StartPage.1505;Deleted.;
A0001732.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP12;Trojan.StartPage.1505;Deleted.;
A0001792.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP12;Trojan.StartPage.1505;Deleted.;
A0002940.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP14;Trojan.StartPage.1505;Deleted.;
A0003049.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP15;Trojan.StartPage.1505;Deleted.;
A0003084.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP15;Trojan.StartPage.1505;Deleted.;
A0003234.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP15;Trojan.StartPage.1505;Deleted.;
A0003295.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP15;Trojan.StartPage.1505;Deleted.;
A0003354.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP16;Trojan.StartPage.1505;Deleted.;
A0003377.dll;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP17;Trojan.Proxy.1990;Deleted.;
A0003414.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP17;Trojan.StartPage.1505;Deleted.;
A0000176.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP5;Trojan.StartPage.1505;Deleted.;
A0000236.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP6;Trojan.StartPage.1505;Deleted.;
A0000335.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP6;Trojan.StartPage.1505;Deleted.;
A0001335.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP6;Trojan.StartPage.1505;Deleted.;
A0001419.reg;C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP8;Trojan.StartPage.1505;Deleted.;
runfile[1].exe;C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\YP63E16P;Trojan.Click.840;Deleted.;
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 13th, 2008, 12:00 am

Can I get you to upload C:\WINDOWS\system32\winlogon.exe to VirusTotal and copy/paste the results of the scan in your next reply please.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 13th, 2008, 12:25 am

Hi Kotaguy,

I have 2 winlogon.exe files; one is an application and one is an "ex_file"...

Which should I scan?

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 13th, 2008, 12:26 am

Nevermind, I think I found it--

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 13th, 2008, 12:34 am

Ok, here's the VirusTotal's scan result; it seems that this machine can't quite get rid of a few trojans... I'm getting rather desperate for that SP2 cd to arrive...

Miguel V.

-----------

File winlogon.exe received on 01.13.2008 05:28:16 (CET)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 16/32 (50%)

Estimated start time is between 38 and 54 seconds.
Do not close the window until scan is complete.

Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.

Antivirus Version Last Update Result
AhnLab-V3 2008.1.12.10 2008.01.11 -
AntiVir 7.6.0.46 2008.01.11 TR/Patched.AA.4
Authentium 4.93.8 2008.01.12 -
Avast 4.7.1098.0 2008.01.12 Win32:Patched-CK
AVG 7.5.0.516 2008.01.12 Win32/PEPatch.AO
BitDefender 7.2 2008.01.13 Trojan.Patched.U
CAT-QuickHeal 9.00 2008.01.12 -
ClamAV 0.91.2 2008.01.13 Trojan.Agent-5069
DrWeb 4.44.0.09170 2008.01.12 -
eSafe 7.0.15.0 2008.01.10 -
eTrust-Vet 31.3.5451 2008.01.11 -
Ewido 4.0 2008.01.12 -
FileAdvisor 1 2008.01.13 -
Fortinet 3.14.0.0 2008.01.13 -
F-Prot 4.4.2.54 2008.01.13 -
F-Secure 6.70.13030.0 2008.01.12 Trojan.Win32.Patched.aa
Ikarus T3.1.1.20 2008.01.13 Backdoor.Win32.Agent.du
Kaspersky 7.0.0.125 2008.01.13 Trojan.Win32.Patched.aa
McAfee 5205 2008.01.11 W32/PEPatcher.c
Microsoft 1.3109 2008.01.13 Trojan:Win32/Patched.B
NOD32v2 2787 2008.01.13 Win32/TrojanProxy.Agent.NCI
Norman 5.80.02 2008.01.11 -
Panda 9.0.0.4 2008.01.12 W32/PatchLog.gen
Prevx1 V2 2008.01.13 -
Rising 20.26.60.00 2008.01.13 Trojan.Win32.Patched.aa
Sophos 4.24.0 2008.01.13 -
Sunbelt 2.2.907.0 2008.01.12 VIPRE.Suspicious
Symantec 10 2008.01.12 -
TheHacker 6.2.9.186 2008.01.11 -
VBA32 3.12.2.5 2008.01.13 -
VirusBuster 4.3.26:9 2008.01.12 Win32.Agent.IMP
Webwasher-Gateway 6.6.2 2008.01.13 Trojan.Patched.AA.4

Additional information
File size: 434176 bytes
MD5: e2e3cab8c3ae8414532f8eac73ce27b4
SHA1: f3adf0778685a7d67f272999c21b58311d9de1f5
PEiD: -
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware