Hi, I cannot remove winhoo32.dll from my computer. Can you please help? I saw the other thread regarding this, and have attached the hijackthis log. Do I follow the same steps? Thanks again. Logfile of HijackThis v1.99.1 Scan saved at 5:42:43 PM, on 10/2/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\system32\hpzipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hamachi\hamachi.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.com/upload/FujifilmUploadClient.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
Hello tcurreri, Please go here and download KillBox. Note: print these instructions or copy to Notepad and save it, you will be in safe mode and can't access the internet. Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter). Open Killbox.exe. Check "Standard File Kill". In the "Full Path of File to Delete" box, copy and paste each of the following lines below [bold]one at a time[/bold]. Then click the red button with a white X after you enter each file. You will be prompted to confirm, click Yes. [bold]C:\WINDOWS\SYSTEM32\winhoo32.dll[/bold] Restart in normal mode. Open HijackThis. Click "Do a system scan only". Check this(if there). O20 - Winlogon Notify: winhoo32 - C:\WINDOWS\SYSTEM32\winhoo32.dll Close all windows except HijackThis and click Fix checked. I see you've ran ActiveScan before. Please run it to see if there is more infection. When it finishes, save the results. If anything other than cookies is found, post them along with a new HijackThis log.
Hi Niobus, Thanks for help, but I had an issue. When I ran killbox in safe mode, it could not delete winhoo32.dll. Here is the ActiveScan log: Incident Status Location Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll ( 1) Adware:Adware/SuperSpider Not disinfected C:\!KillBox\winhoo32.dll ( 2) Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[www.myaffiliateprogram.com/] Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.perf.overture.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.overture.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.2o7.net/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[servedby.advertising.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.advertising.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.fastclick.net/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.burstnet.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.qksrv.net/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.hitbox.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/91338698] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[data.coremetrics.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.zedo.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.target.com/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/36468410] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.statse.webtrendslive.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[statse.webtrendslive.com/S121135] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[counter.hitslink.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.gostats.com/] Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.entrepreneur.com/] Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.7search.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.atwola.com/] Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.linksynergy.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.as-us.falkag.net/] Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[server.iad.liveperson.net/hc/41409448] Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.com.com/] Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.go.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\zzsijzcu.default\cookies.txt[.phg.hitbox.com/] Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@112.2o7[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ad.yieldmanager[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@bs.serving-sys[1].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt Spyware:Cookie/Hitslink Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@counter.hitslink[1].txt Spyware:Cookie/Coremetrics Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@data.coremetrics[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@ehg-dig.hitbox[1].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@go[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@microsoftwga.112.2o7[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@perf.overture[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@target[2].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt Adware:adware/sidestep Not disinfected C:\Documents and Settings\Administrator\Favorites\SideStep.url Adware:Adware/SuperSpider Not disinfected C:\WINDOWS\system32\winhoo32.dll Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win24.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win48.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win787.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win788.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win78A.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\win7D4.tmp.exe Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\Temp\winA9.tmp.exe I really appreciate your assistance, T
Run KillBox in safe mode, but this time, check "Unregister dll" for winhoo32.dll only. Still in safe mode: find and delete [bold]everything in[/bold] in this folder: C:\WINDOWS\[bold]Temp[/bold] Restart in normal mode. Go here and download [bold]ATF Cleaner[/bold]. Open AFT Cleaner. Check "Select All". Click "Empty Selected". Post a new HijackThis log.
Dear Niobus, I ran killbox in safe mode and checked unregister dll box. It once again said that This file could not be removed, and then it crashed safe mode. That is, a screen came up saying that Windows is running in safe mode, and then the screen turned black with just the "safe mode" white writing at the top and bottom of the screen, but no desktop icons. I retried it and got the same exact response. I then deleted everything in the c\windows\temp folder and ran the AFT cleaner. Here is the Hijackthis log. Logfile of HijackThis v1.99.1 Scan saved at 8:32:40 PM, on 10/3/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\mgabg.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hpzipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\PDesk\PDesk.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Hamachi\hamachi.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\WgaTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Hijackthis\HijackThis.exe O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\system32\PDesk\PDesk.exe /Autolaunch O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: hamachi.lnk = C:\Program Files\Hamachi\hamachi.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://www.ritzpix.com/upload/FujifilmUploadClient.cab O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\system32\mgabg.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe What do you think? And thanks again for your help, I really wouldn't know what to do with this mess. T
Oh, first time I thought you meant that KillBox couldn't delete, not find, sorry. The reason it can't be deleted is because it's missing. Really don't know what the crashes are about. In normal mode, open HijackThis. Click "Run a system scan only". Check this: [bold]O20 - Winlogon Notify: winhoo32 - winhoo32.dll (file missing) [/bold] Close all windows except HijackThis then click "Fix checked". Then, go here and click Kaspersky Online Scanner. Accept the terms. After downloading, click My Computer. After scanning click "Save report as". Save as a text file. Post back with the log.
Good Morning, Here is the Kaspersky Log. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, October 04, 2006 7:55:18 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 4/10/2006 Kaspersky Anti-Virus database records: 215404 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: standard Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 56281 Number of viruses found: 1 Number of infected objects: 7 / 0 Number of suspicious objects: 0 Duration of the scan process: 04:18:46 Infected Object Name / Virus Name / Last Action C:\!KillBox\winhoo32.dll Infected: Packed.Win32.Klone.g skipped C:\!KillBox\winhoo32.dll ( 1) Infected: Packed.Win32.Klone.g skipped C:\!KillBox\winhoo32.dll ( 2) Infected: Packed.Win32.Klone.g skipped C:\!KillBox\winhoo32.dll( 1) Infected: Packed.Win32.Klone.g skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\history.mab Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Inbox.msf Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Junk.msf Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\Mail\Local Folders\Templates.msf Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\panacea.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Thunderbird\Profiles\1cf01dhb.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012006100320061004\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temp\~DFF1E7.tmp Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps1 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00000002.ps2 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\00010003.ci Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.fid Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\cicat.hsh Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiCL0001.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP10000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiP20000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiPT0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSL0001.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiSP0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiST0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\CiVP0000.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\INDEX.000 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk1 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\VISIO\catalog.wci\propstor.bk2 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-04_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped C:\System Volume Information\catalog.wci\00010010.ci Object is locked skipped C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP280\A0040599.dll Infected: Packed.Win32.Klone.g skipped C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\A0040940.dll Infected: Packed.Win32.Klone.g skipped C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\A0040943.dll Infected: Packed.Win32.Klone.g skipped C:\System Volume Information\_restore{CE668CB1-DEE5-4BFC-8906-C4311AA156C0}\RP282\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. T
Looks great. Delete the KillBox backups at C:\!Killbox. Java is out of date. Go here and download [bold]Java Runtime Environment Update 9[/bold]. Uninstall all previous versions of JRE via Add/Remove Programs. Restart then install Update 9.
