can't delete winhoo32.dll

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Thursday 23.1.2025 / 00:11

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > can't delete winhoo32.dll

Browse by topic

Forums

Start a new thread

can't delete winhoo32.dll

Jump to:

Posted

Message

tcurreri

Newbie

2. October 2006 @ 16:52

Link to this message

Hi,
I cannot remove winhoo32.dll from my computer. Can you please help? I saw the other thread regarding this, and have attached the HijackThis log. Do I follow the same steps?
Thanks again.
Logfile of HijackThis v1.99.1
Scan saved at 5:42:43 PM, on 10/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BU..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.com/upload/FujifilmUploadClient.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

[ + quote]

Niobis

Senior Member

2. October 2006 @ 20:38

Link to this message

Hello tcurreri,

Please go here and download KillBox.

Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet.

Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
Open Killbox.exe.
Check "Standard File Kill".
In the "Full Path of File to Delete" box, copy and paste each of the following lines below one at a time. Then click the red button with a white X after you enter each file.
You will be prompted to confirm, click Yes.

C:\WINDOWS\SYSTEM32\winhoo32.dll

Restart in normal mode.
Open HijackThis.
Click "Do a system scan only".
Check this(if there).

O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll

Close all windows except HijackThis and click Fix checked.

I see you've ran ActiveScan before. Please run it to see if there is more infection. When it finishes, save the results.
If anything other than cookies is found, post them along with a new HijackThis log.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 2. October 2006 @ 20:39

tcurreri

Newbie

3. October 2006 @ 06:58

Link to this message

Hi Niobus,

Thanks for help, but I had an issue. When I ran killbox in safe mode, it could not delete winhoo32.dll.

Here is the ActiveScan log:

Incident Status Location

Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll
Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll ( 1)
Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll ( 2)
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[www.myaffiliateprogram.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.overture.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.advertising.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.qksrv.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[www.burstbeacon.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/91338698]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[data.coremetrics.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.target.com/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/36468410]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[statse.webtrendslive.com/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[statse.webtrendslive.com/S121135]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[counter.hitslink.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.gostats.com/]
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.entrepreneur.com/]
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.7search.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.247realmedia.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.linksynergy.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/41409448]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.com.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.go.com/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.bluestreak.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.phg.hitbox.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt
Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt
Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@data.coremetrics[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt
Adware:adware/sidestep Not disinfected C:\Documents and Settings\Administrator\Favorites\SideStep.url
Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winhoo32.dll
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win24.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win48.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win787.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win788.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win78A.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win7D4.tmp.exe
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\winA9.tmp.exe
I really appreciate your assistance, T

[ + quote]

Niobis

Senior Member

3. October 2006 @ 09:06

Link to this message

Run KillBox in safe mode, but this time, check "Unregister dll" for winhoo32.dll only.

Still in safe mode: find and delete everything in in this folder: C:\WINDOWS\Temp

Restart in normal mode.

Go here and download ATF Cleaner.

Open AFT Cleaner.
Check "Select All".
Click "Empty Selected".

Post a new HijackThis log.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

This message has been edited since posting. Last time this message was edited on 3. October 2006 @ 09:09

tcurreri

Newbie

3. October 2006 @ 19:41

Link to this message

Dear Niobus,
I ran killbox in safe mode and checked unregister dll box. It once again said that This file could not be removed, and then it crashed safe mode. That is, a screen came up saying that Windows is running in safe mode, and then the screen turned black with just the "safe mode" white writing at the top and bottom of the screen, but no desktop icons. I retried it and got the same exact response.

I then deleted everything in the c\windows\temp folder and ran the AFT cleaner. Here is the HijackThis log.

Logfile of HijackThis v1.99.1
Scan saved at 8:32:40 PM, on 10/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\mgabg.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hpzipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\PDesk\PDesk.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hamachi\hamachi.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BU..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.com/upload/FujifilmUploadClient.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe

What do you think?
And thanks again for your help, I really wouldn't know what to do with this mess.
T

[ + quote]

Niobis

Senior Member

3. October 2006 @ 19:56

Link to this message

Oh, first time I thought you meant that KillBox couldn't delete, not find, sorry. The reason it can't be deleted is because it's missing.

Really don't know what the crashes are about.

In normal mode, open HijackThis.
Click "Run a system scan only".
Check this:

O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing)

Close all windows except HijackThis then click "Fix checked".

Then, go here and click Kaspersky Online Scanner.
Accept the terms.
After downloading, click My Computer.
After scanning click "Save report as".
Save as a text file.

Post back with the log.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

tcurreri

Newbie

4. October 2006 @ 07:18

Link to this message

Good Morning,
Here is the Kaspersky Log.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 04, 2006 7:55:18 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 4/10/2006
Kaspersky Anti-Virus database records: 215404
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 56281
Number of viruses found: 1
Number of infected objects: 7 / 0
Number of suspicious objects: 0
Duration of the scan process: 04:18:46

Infected Object Name / Virus Name / Last Action
C:\!KillBox\winhoo32.dll Infected: Packed.Win32.Klone.g skipped
C:\!KillBox\winhoo32.dll ( 1) Infected: Packed.Win32.Klone.g skipped
C:\!KillBox\winhoo32.dll ( 2) Infected: Packed.Win32.Klone.g skipped
C:\!KillBox\winhoo32.dll( 1) Infected: Packed.Win32.Klone.g skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\history.mab Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Inbox.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Junk.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Templates.msf Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\panacea.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006100320061004\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF1E7.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010003.ci Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
C:\System Volume Information\catalog.wci\00010010.ci Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP280\A0040599.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\A0040940.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\A0040943.dll Infected: Packed.Win32.Klone.g skipped
C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

T

[ + quote]

Niobis

Senior Member

4. October 2006 @ 10:08

Link to this message

Looks great. Delete the KillBox backups at C:\!Killbox.

Java is out of date.
Go here and download Java Runtime Environment Update 9.
Uninstall all previous versions of JRE via Add/Remove Programs.
Restart then install Update 9.

[ + quote]

Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related

tcurreri

Newbie

4. October 2006 @ 10:41

Link to this message

Thanks again, Niobis!

[ + quote]

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > can't delete winhoo32.dll


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.