Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

MSIE browser (only) hijacked

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 12:44 pm

Hi Kotaguy,

Those files keep coming back, even clear them on HJT and reboot the system... Could they be spyware-related?

Miguel V.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:43, on 01/21/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2459300968
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 8299 bytes
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm
Advertisement
Register to Remove

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 21st, 2008, 12:55 pm

No... they aren't spyware related as it is now... just orphaned entries. I still see TeaTimer running in your log. Did you follow the directions I gave you to disable it? I shouldn't see it active in the log if you had.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 1:07 pm

I unchecked the box and rebooted... Do you think it would help if I uninstalled Spybot?

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 21st, 2008, 1:09 pm

For now yes please. You can reinstall it when we're done.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 2:08 pm

Hi Kotaguy,

I uninstalled Spybot, and it seems that those two O2 files went bye-bye with the program as well--

Miguel V.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:07, on 01/21/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\PnkBstrA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
C:\Program Files\Support.com\BellSouth\hcenter.exe
C:\WINDOWS\LTSMMSG.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\adobe\acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: BellSouth Toolbar - {4E7BD74F-2B8D-469E-8CBD-FD60BB9AAE2E} - C:\PROGRA~1\BLSTOO~1\BLSTOO~1.DLL
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\BellSouth\hcenter.exe" /starthidden /tgcmdwrapper
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Personal Coach.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.kaspersky.com
O15 - Trusted Zone: http://download.windowsupdate.com
O16 - DPF: Yahoo! Pool 2 - http://download2.games.yahoo.com/games/ ... poti_x.cab
O16 - DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} (VaioInfo.CMClass) - http://esupport.sony.com/VaioInfo.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 2459300968
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\System32\PnkBstrA.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (Application) (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Music Server\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\sv_httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (Application) (VAIOMediaPlatform-PhotoServer-AppServer) - Unknown owner - C:\Program Files\Sony\Photo Server 20\appsrv\PicAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Media Platform\UPnPFramework.exe

--
End of file - 7547 bytes
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 21st, 2008, 3:31 pm

That looks good :)

How is the computer behaving?
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 3:43 pm

The computer is definitely acting better. I'm going to run a kaspersky online scan and see what it turns up...

I remember those trojan entries from a few days ago... Should I be concerned about them or not?

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 21st, 2008, 4:00 pm

The only other things in the last KAV log were in your System Restore Points... which I will give instructions on how to clean those out right away.

Other than that you should be good to go. So....

Some tips for the future...

Now is a good time to reset your System Restore Points. Doing so will clean any infection that has been saved in them.

Flush the system restore points

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Check (tick) Turn off system restore on all drives box.
  4. Click OK.
  5. Restart your computer.

After restarting your computer, follow these steps:

  1. Right click on My Computer and select Properties.
  2. Select the System Restore tab.
  3. Uncheck (untick) Turn off system restore on all drives box.
  4. Click OK.
  5. Restart your computer.

Note: Do this only ONCE, don't flush it regularly.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Update

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Besides Windows that needs regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files.

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

Make your Internet Explorer safer

For Internet Explorer 6

  1. Open Internet Explorer. Click on Tools > Options.
  2. Click on the Security tab.
  3. Click on the Internet icon.
  4. Click on the Custom Level button.
  5. Under Download signed ActiveX controls, select Prompt.
  6. Under Download unsigned ActiveX controls, select Disable.
  7. Under Initialize and script ActiveX controls not marked as safe, select Disable.
  8. Under Installation of desktop items, select Prompt.
  9. Under Launching programs and files in an IFRAME, select Prompt.
  10. Under Navigate sub-frames across different domains, select Prompt.
  11. Under Allow paste operations via script, select Disable.
  12. Click OK to apply these settings.
  13. If it prompts you as to whether or not you want to save the settings, press the Yes button.
  14. Press OK to exit the Internet Properties page.
For a pictorial guide, please refer to this article.

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

Prevent a re-infection

  1. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.
  2. Spyware Blaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from Javacool.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
  3. SpywareGuard
    Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

    You can download SpywareGuard from Javacool.

    If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
  4. IE-SPYAD
    IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

    You can download IE-SPYAD from Spyware Warrior. Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.
  5. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Malware Removal.
  6. Spybot Search and Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.
  7. a-squared Free
    a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

    You can download a-squared Free from here.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs and Malwarebytes RogueNET. This will save you from a lot of trouble. If in doubt, don't ever download it.
  8. SiteHound Toolbar
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer and Firefox only.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox
Opera
K-Meleon

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares

Surf Safe :)
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 5:09 pm

Hi Kotaguy,

Wow, 68 posts between the two of us!

I went on ahead and got rid of the old system restore points, and but will do a Kaspersky online scan just in case.

The only thing this computer needs (besides a memory upgrade) is something like Norton Systemworks, which I will get asap. Other than that, I went on ahead and installed Opera and Mozilla, which should complement MSIE nicely.

You've been a great help. If anything significant comes up on the Kas scan, I'll post it and get your thoughts--

THANKS A LOT!!!!! I'll make sure to spread your good name anytime anybody I know has spyware/malware issues.

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 21st, 2008, 5:30 pm

Gah... Norton :P

Personally... I don't reccommend it. I find it infests a computer as bad as any virus :D

I'd suggest something like AVG Free Anti-Virus if you want something free. If you would like to pay... either NOD32(I use this on my computers) or Kaspersky. Much better solutions that Norton.

You should also get some form of software firewall installed... ZoneAlarm or Comodo are a couple good free choices.

I'll keep this topic open for a day or so before closing it.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 8:24 pm

Hi Kotaguy,

I already have AVG installed, but I don't know why but I've always liked Norton...

Maybe I'll stay away from it, at least for now:):)

Miguel V.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby miguelvillafana » January 21st, 2008, 9:31 pm

The most beautiful scan--

clean, I think :)

Miguel V.

--------------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, January 21, 2008 8:28
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 21/01/2008
Kaspersky Anti-Virus database records: 526068
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 62503
Number of viruses found: 0
Number of infected objects: 0
Number of suspicious objects: 0
Duration of the scan process: 01:14:56

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.ldb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sony Corporation\SonicStage\Packages\MtData.mdb Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\cert8.db Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\history.dat Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\key3.db Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\parent.lock Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\search.sqlite Object is locked skipped
C:\Documents and Settings\BELLA\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\BELLA\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\ApplicationHistory\hpqgalry.exe.cf8dd223.ini.inuse Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Application Data\Mozilla\Firefox\Profiles\ienyhy91.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temp\~DF48DB.tmp Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\BELLA\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\BELLA\ntuser.dat Object is locked skipped
C:\Documents and Settings\BELLA\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP2\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\JET8165.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\1394bus.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\61883.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\6to4svc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ac97ali.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ac97via.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acgenral.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aclayers.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aclua.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acpi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acspecfc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\activ.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\activsvc.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\actlan.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\actshell.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acverfyr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\acxtrnal.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adeskerr.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\admjoy.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsldp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsldpc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsmsext.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\adsnt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\advapi32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\advpack.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\aec.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\afd.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ahui.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\alg.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\amdk6.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\amdk7.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\an983.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apphelp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apphelp.sdb Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\apps.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\appwiz.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\arial.ttf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\arp1394.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asctrls.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asferror.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asfsipc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\msft\windows\gdiplus\gdiplus.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\policy\msft\windows\gdiplus\gdiplus.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\10100\policy\msft\windows\gdiplus\gdiplus.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\comctl32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\controls.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\msft\windows\common\controls\controls.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\policy\60100\comctl\comctl.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\60100\policy\60100\comctl\comctl.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\msvcirt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\msvcrt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\mswincrt.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\msft\windows\mswincrt\mswincrt.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\policy\msft\mswincrt\mswincrt.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\asms\70100\policy\msft\mswincrt\mswincrt.man Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\at.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atapi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2dvaa.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2dvag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2mtaa.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati2mtag.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati3d1ag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ati3d2ag.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinbtxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinmdxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinpdxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinraxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinrvxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinsnxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinttxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atintuxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinxbxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atinxsxx.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atiradn1.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ativdaxx.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ativmvxx.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\atmlane.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\audiosrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\author.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\author.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\autochk.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\autolfn.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\auupdate.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\avc.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\avifil32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\basesrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\batt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\bridge.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browselc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browser.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browseui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\browsewm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cabinet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\callcont.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\catsrvut.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ccdecode.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdfs.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cdrom.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\certcli.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cewmdm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cfgbkend.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cfgwiz.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cimwin32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ciodm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\classpnp.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\clipbrd.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\clusapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmbatt.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmdial32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cmdl32.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comadmin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comctl32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comdlg32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\compatui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\comsvcs.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\conf.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\conime.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\copymar.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\courtney.acs Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\credui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\crusoe.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\crypt32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptdlg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cryptui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\cscui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\csrsrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ctfmon.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\custdial.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\d3d8.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\danim.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbghelp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsadsn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsrpcn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbmsvinn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbnetlib.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dbnmpntw.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dcache.bin Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dcap32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ddraw.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\defrag.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\desk.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\devmgr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgfat.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgntfs.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgsnap.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfrgui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dfsshlex.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dgnet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dhcpcsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dhtmled.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\digest.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dinput.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dinput8.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\disk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\diskdump.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dlimport.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmband.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmcompos.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmime.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmloader.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmscript.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmstyle.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dmusic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dnsapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\docprop2.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\download\lang\imjp81.ime._p Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnet.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnhpast.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpnhupnp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpvoice.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpvsetup.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dpwsockx.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmclien.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmkaud.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmstor.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drmv2clt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\drvmain.sdb Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ds32gt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dshowext.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dsprop.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dsquery.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dssenh.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dumprep.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\duser.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dw.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dwwin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxdiag.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxg.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxmasf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxmrtp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxtmsft.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\dxtrans.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\earl.acs Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\els.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ersvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\es.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\esscli.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\essm2e.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\eudcedit.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\eventlog.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\evntrprv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\explorer.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\expsrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fastfat.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fastprox.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\faultrep.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\filelist.xml Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fldrclnr.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\flpydisk.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fontview.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.cab Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp40ext.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4amsft.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4anscp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4apws.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4areg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4atxt.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4avnb.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4avss.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4awebs.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp4awel.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp98sadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fp98swin.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpadmcgi.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpadmdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpcount.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpencode.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpexedll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpmmc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpmmcsat.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpremadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fpsrvadm.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\framebuf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ftp.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsclnt.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxscomex.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxscover.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsdrv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsext32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsocm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsocm.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsperf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsres.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsst.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxssvc.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxst30.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxstiff.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsui.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxswzrd.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\fxsxp32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\g400.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gameenum.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gckernel.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\gdi32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\georgia.ttf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\guitrn.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\guitrn_a.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\h323cc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hal.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halaacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halapic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halmacpi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\halmps.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hccoin.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\helpctr.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\helpsvc.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hhctrl.ocx Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hhsetup.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidclass.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidir.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hidserv.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\highcont.mar Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hmmapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\hnetcfg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\homepage.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\i8042prt.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\acpi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\au.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\battery.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\bda.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\cdrom.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\cpu.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\disk.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\dpcdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\dpup.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\drvindex.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\hiddigi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\hidserv.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ie.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ieaccess.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\iis.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ims.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\input.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\intl.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\keyboard.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\kscaptur.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\layout.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\miscp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\mshdc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\msoe50.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netip6.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\netrass.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\nt5inf.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\ntprint.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pchealth.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pidgen.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\pnpscsi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\scsi.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\swflash.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\sysoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\syssetup.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\tape.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\tsoc.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\usbport.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ic\whatnewp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icaapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icm32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icsmgr.js Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\icwconn1.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\idq.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ie4uinit.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieakeng.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieaksie.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iedkcs32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iepeers.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iesetup.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ieuinit.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iexplore.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iis.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ils.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imaadp32.acm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imagehlp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imapi.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imapi.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imeshare.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imgutil.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\imm32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inetcomm.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inetcpl.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\input.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\inseng.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\instcat.sql Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\intelide.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\intl.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipconfig.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iphlpapi.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipnat.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipnathlp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ippromon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0001.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0002.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0004.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0006.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0013.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_0014.asp Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipp_util.inc Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipsec.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipsecsvc.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipv6.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ipv6mon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\irbus.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\irmon.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\itircl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\itss.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iuctl.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\iuengine.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ixsso.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\joy.cpl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kbdclass.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kd1394.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kerberos.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kernel32.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\keyboard.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\kmixer.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ks.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\ksxbar.ax Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\l3codeca.acm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chajei.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtmbx.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtskdic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\chtskf.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintime.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintlgnt.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cintsetp.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\cplexe.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\dayi.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\imekr61.ime Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\imekrcic.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lang\pintlgl.imd Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\licdll.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\licwmi.mfl Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\lvback.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\mailtmpl.txt Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\msdtctr.mof Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\mstsc.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\logo.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\logowin.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\rtcimsp.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\secupd.dat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\secupd.sig Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\new\wuauhelp.chm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\newalert.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\newemail.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\online.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\readmesp.htm Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\secdrv.sys Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\spmsg.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\spuninst.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\tagfile.1 Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\type.wav Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\eula.txt Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\sp1.cat Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\spcustom.dll Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.exe Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.inf Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.url Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\update\update.ver Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\winxp_logo_horiz_sm.gif Object is locked skipped
D:\a89e4fc942557cdc3fccf195648ef061\xenroll.dll Object is locked skipped
D:\c3a337362af89d526c3112d8\msxml4-KB927978-enu.log Object is locked skipped
D:\System Volume Information\_restore{58E30938-66A1-4D08-9DCD-360CE25B3A88}\RP2\change.log Object is locked skipped

Scan process completed.
miguelvillafana
Regular Member
 
Posts: 126
Joined: January 5th, 2008, 8:01 pm

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 22nd, 2008, 12:08 am

Yup.... KAV log looks good.

I already have AVG installed, but I don't know why but I've always liked Norton...


You have AVG Anti-Spyware installed... not AVG Anti-Virus... they are two different products ;)

As for your liking of Norton... well... its a bit masochistic... but whatever floats your boat :D
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada

Re: MSIE browser (only) hijacked

Unread postby 'KotaGuy » January 25th, 2008, 11:16 am

This topic is now closed. If you wish it to be reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

If it has been 10 days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, this topic will not be reopened. If you still require help, please start a new topic and include a fresh HijackThis log and a link to this thread in your new topic.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware