Spybot Logo
Go Back   Safer-Networking Forums > General Malware > Archives
Reload this Page Zlob DNSchanger has taken over
Register ProjectsBlogs FAQ Search Today's Posts Mark Forums Read Home Support Download Donate

 
Page 1 of 2 1 2
 
Thread Tools Display Modes
Old 2007-11-11, 07:57   #1
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default Zlob DNSchanger has taken over
It started out yesterday, and I kept getting redirected on the internet. So, I ran Spybot S&D, and this kept coming up. I would remove it, but it kept coming back. So, I searched on here, and came up with the 'Fixwareout' download.

Here are the results of running Fixwareout.

---------------------------------------------

Username "luckyinkentucky" - 11/11/2007 0:45:56 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{D96E2BC6-E4EB-46F9-91AC-F9D9447F74CE}
"nameserver"="85.255.116.126,85.255.112.215" <Value cleared.
HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{5785D49D-CF6B-433D-835C-C079A6AB0CF3}
"DhcpNameServer"="85.255.116.126,85.255.112.215" <Value cleared.

Successfully flushed the DNS Resolver Cache.


System was rebooted successfully.

~~~~~ Postrun check
....
....
~~~~~ Misc files.
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)

....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~
luckyinkentucky is offline  
Old 2007-11-11, 18:00   #2
pskelley
In Memoriam -Always in our heart
 
pskelley's Avatar
 
Join Date: Oct 2005
Location: Clearwater, Florida
Posts: 20,558
Default
Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
"BEFORE you POST" (READ this Procedure before Requesting Assistance)
http://forums.spybot.info/showthread.php?t=288
All advice given is taken at your own risk.
Please make sure you have read this information so we are on the same page.

Start with ONLY the Two Logs We Ask For in Our Sticky Topic, NOT CF etc
http://forums.spybot.info/showthread.php?t=16806

Thanks
__________________
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
pskelley is offline  
Old 2007-11-11, 20:17   #3
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
Here is the information you requested.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:15:40 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ABIT\uGuru\uGuru.exe
C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
luckyinkentucky is offline  
Old 2007-11-11, 20:18   #4
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rr.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Road Runner High Speed Online
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R320 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9FA.EXE /P30 "EPSON Stylus Photo R320 Series" /O6 "USB001" /M "Stylus Photo R320"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [ABIT uGuruIII] C:\Program Files\ABIT\uGuru\uGuru.exe
O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe"
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://activation.rr.com/install/downloads/tgctlcm.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189557385890
O17 - HKLM\System\CCS\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{29AACDC6-A452-4DC2-9865-36122C912303}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

--
End of file - 8253 bytes
luckyinkentucky is offline  
Old 2007-11-11, 20:22   #5
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
Here is the link to the report for the Kapersky file.

file:///C:/Documents%20and%20Settings/Home/Desktop/Kaperky%20scan%20111107.html
luckyinkentucky is offline  
Old 2007-11-11, 20:23   #6
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
How can I send you the Kapersky file? It is quite lengthy. Here is a summary

Total number of scanned objects 94740
Number of viruses found 6
Number of infected objects 14
Number of suspicious objects 0
Duration of the scan process 01:12:38


The file is possibly 4 pages long.
luckyinkentucky is offline  
Old 2007-11-11, 20:38   #7
pskelley
In Memoriam -Always in our heart
 
pskelley's Avatar
 
Join Date: Oct 2005
Location: Clearwater, Florida
Posts: 20,558
Default
Thanks for posting the information, the hackers in this case are Ukrainian and this is where they originate:
85.255.116.126 >>>
http://whois.domaintools.com/85.255.116.126
I am not sure how they do it, their numbers used to appear but now they hide behind other numbers to keep from being detected. Follow these instructions:


Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

O17 - HKLM\System\CCS\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{29AACDC6-A452-4DC2-9865-36122C912303}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS2\Services\Tcpip\..\{0528D672-8F03-4CB4-AFAF-F15CE9BD6569}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Close all programs but HJT and all browser windows, then click on "Fix Checked"

Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Fixwareout has
Quote:
Successfully flushed the DNS Resolver Cache
.
You still might want to check with your ISP tech support, make them aware of the hijacking and ask them to check that your settings are back where they should be.

Kaspersky: I can not know without looking what the 14 items are. In the case of the HJT log, you split it and probably could have gotten it in one post. Break the Kaspersky scan into as few posts as possible.

Thanks

see this: http://forums.spybot.info/showpost.p...80&postcount=2
Check Java for an update and then uninstall all old versions in Add Remove programs.
__________________
MS-MVP Consumer Security 2007-08-09
Proud Member ASAP
UNITE Member 2006
pskelley is offline  
Old 2007-11-11, 22:00   #8
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
Here is the Kapersky file


C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-171236.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{419554F5-849D-4D63-B5B2-AFD8D62B7F92} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\566c9171e\netlogon.dl_ Object is locked skipped
D:\566c9171e\netman.dl_ Object is locked skipped
D:\566c9171e\netnm.in_ Object is locked skipped
D:\566c9171e\netoc.dl_ Object is locked skipped
D:\566c9171e\netplwiz.dl_ Object is locked skipped
D:\566c9171e\netrtsnt.in_ Object is locked skipped
D:\566c9171e\netsetup.exe Object is locked skipped
D:\566c9171e\netshell.dl_ Object is locked skipped
D:\566c9171e\netwlan.in_ Object is locked skipped
D:\566c9171e\netwlan2.in_ Object is locked skipped
D:\566c9171e\netwlan5.img Object is locked skipped
D:\566c9171e\netwlan5.sys Object is locked skipped
D:\566c9171e\netwv48.in_ Object is locked skipped
D:\566c9171e\new\apph_sp.sd_ Object is locked skipped
D:\566c9171e\new\apps_sp.ch_ Object is locked skipped
D:\566c9171e\new\ati2dvaa.dl_ Object is locked skipped
D:\566c9171e\new\ati2dvag.dl_ Object is locked skipped
D:\566c9171e\new\ati2mtaa.sy_ Object is locked skipped
D:\566c9171e\new\ati2mtag.sy_ Object is locked skipped
D:\566c9171e\new\ati3d1ag.dl_ Object is locked skipped
D:\566c9171e\new\ati3d2ag.dl_ Object is locked skipped
D:\566c9171e\new\atiixpaa.in_ Object is locked skipped
D:\566c9171e\new\atiixpag.in_ Object is locked skipped
D:\566c9171e\new\atinbtxx.sy_ Object is locked skipped
D:\566c9171e\new\atinmdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinpdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinraxx.sy_ Object is locked skipped
D:\566c9171e\new\atinrvxx.sy_ Object is locked skipped
D:\566c9171e\new\atinsnxx.sy_ Object is locked skipped
D:\566c9171e\new\atinttxx.sy_ Object is locked skipped
D:\566c9171e\new\atintuxx.sy_ Object is locked skipped
D:\566c9171e\new\atinxbxx.sy_
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-09182007-171236.log Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\cert8.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\history.dat Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\key3.db Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\parent.lock Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Home\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Home\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{419554F5-849D-4D63-B5B2-AFD8D62B7F92} Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Application Data\Mozilla\Firefox\Profiles\1zu6l8ua.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Home\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Home\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Home\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\566c9171e\netlogon.dl_ Object is locked skipped
D:\566c9171e\netman.dl_ Object is locked skipped
D:\566c9171e\netnm.in_ Object is locked skipped
D:\566c9171e\netoc.dl_ Object is locked skipped
D:\566c9171e\netplwiz.dl_ Object is locked skipped
D:\566c9171e\netrtsnt.in_ Object is locked skipped
D:\566c9171e\netsetup.exe Object is locked skipped
D:\566c9171e\netshell.dl_ Object is locked skipped
D:\566c9171e\netwlan.in_ Object is locked skipped
D:\566c9171e\netwlan2.in_ Object is locked skipped
D:\566c9171e\netwlan5.img Object is locked skipped
D:\566c9171e\netwlan5.sys Object is locked skipped
D:\566c9171e\netwv48.in_ Object is locked skipped
D:\566c9171e\new\apph_sp.sd_ Object is locked skipped
D:\566c9171e\new\apps_sp.ch_ Object is locked skipped
D:\566c9171e\new\ati2dvaa.dl_ Object is locked skipped
D:\566c9171e\new\ati2dvag.dl_ Object is locked skipped
D:\566c9171e\new\ati2mtaa.sy_ Object is locked skipped
D:\566c9171e\new\ati2mtag.sy_ Object is locked skipped
D:\566c9171e\new\ati3d1ag.dl_ Object is locked skipped
D:\566c9171e\new\ati3d2ag.dl_ Object is locked skipped
D:\566c9171e\new\atiixpaa.in_ Object is locked skipped
D:\566c9171e\new\atiixpag.in_ Object is locked skipped
D:\566c9171e\new\atinbtxx.sy_ Object is locked skipped
D:\566c9171e\new\atinmdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinpdxx.sy_ Object is locked skipped
D:\566c9171e\new\atinraxx.sy_ Object is locked skipped
D:\566c9171e\new\atinrvxx.sy_ Object is locked skipped
D:\566c9171e\new\atinsnxx.sy_ Object is locked skipped
D:\566c9171e\new\atinttxx.sy_ Object is locked skipped
D:\566c9171e\new\atintuxx.sy_ Object is locked skipped
D:\566c9171e\new\atinxbxx.sy_
luckyinkentucky is offline  
Old 2007-11-11, 22:05   #9
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
D:\566c9171e\new\atinxsxx.sy_ Object is locked skipped
D:\566c9171e\new\ativdaxx.ax_ Object is locked skipped
D:\566c9171e\new\ativmvxx.ax_ Object is locked skipped
D:\566c9171e\new\atixpwdm.in_ Object is locked skipped
D:\566c9171e\new\c_28603.nl_ Object is locked skipped
D:\566c9171e\new\dsprpres.dl_ Object is locked skipped
D:\566c9171e\new\encapi.dl_ Object is locked skipped
D:\566c9171e\new\encdec.dl_ Object is locked skipped
D:\566c9171e\new\faxpatch.ex_ Object is locked skipped
D:\566c9171e\new\hccoin.dl_ Object is locked skipped
D:\566c9171e\new\hidir.sy_ Object is locked skipped
D:\566c9171e\new\hscupd.ex_ Object is locked skipped
D:\566c9171e\new\hscxpsp1.cab Object is locked skipped
D:\566c9171e\new\irbus.in_ Object is locked skipped
D:\566c9171e\new\logo.gi_ Object is locked skipped
D:\566c9171e\new\logowin.gi_ Object is locked skipped
D:\566c9171e\new\medctrro.ex_ Object is locked skipped
D:\566c9171e\new\msctfime.im_ Object is locked skipped
D:\566c9171e\new\msftedit.dl_ Object is locked skipped
D:\566c9171e\new\mssap.dl_ Object is locked skipped
D:\566c9171e\new\mutohpen.sy_ Object is locked skipped
D:\566c9171e\new\netbeac.in_ Object is locked skipped
D:\566c9171e\new\nettun.in_ Object is locked skipped
D:\566c9171e\new\nv4_disp.in_ Object is locked skipped
D:\566c9171e\new\nvct.in_ Object is locked skipped
D:\566c9171e\new\nvdm.in_ Object is locked skipped
D:\566c9171e\new\nvts.in_ Object is locked skipped
D:\566c9171e\new\oeaccess.in_ Object is locked skipped
D:\566c9171e\new\osloader.nt_ Object is locked skipped
D:\566c9171e\new\ramdisk.in_ Object is locked skipped
D:\566c9171e\new\rtcimsp.dl_ Object is locked skipped
D:\566c9171e\new\sbe.dl_ Object is locked skipped
D:\566c9171e\new\sbeio.dl_ Object is locked skipped
D:\566c9171e\new\secupd.dat Object is locked skipped
D:\566c9171e\new\secupd.sig Object is locked skipped
D:\566c9171e\new\smtpsvc.dl_ Object is locked skipped
D:\566c9171e\new\snchk.ex_ Object is locked skipped
D:\566c9171e\new\sp1.cab Object is locked skipped
D:\566c9171e\new\spgrmr.dl_ Object is locked skipped
D:\566c9171e\new\usbehci.sy_ Object is locked skipped
D:\566c9171e\new\wacompen.sy_ Object is locked skipped
D:\566c9171e\new\winbrand.dl_ Object is locked skipped
D:\566c9171e\new\winhttp.dl_ Object is locked skipped
D:\566c9171e\new\wmaccess.in_ Object is locked skipped
D:\566c9171e\new\wmpocm.in_ Object is locked skipped
D:\566c9171e\new\wmvcore2.dl_ Object is locked skipped
D:\566c9171e\new\wuau.ad_ Object is locked skipped
D:\566c9171e\new\wuauhelp.ch_ Object is locked skipped
D:\566c9171e\new\xpsp1res.dl_ Object is locked skipped
D:\566c9171e\newalert.wa_ Object is locked skipped
D:\566c9171e\newdev.dl_ Object is locked skipped
D:\566c9171e\newemail.wa_ Object is locked skipped
D:\566c9171e\neweula.ht_ Object is locked skipped
D:\566c9171e\nic1394.sys Object is locked skipped
D:\566c9171e\nlhtml.dl_ Object is locked skipped
D:\566c9171e\nmas.dl_ Object is locked skipped
D:\566c9171e\nmasnt.dl_ Object is locked skipped
D:\566c9171e\nmchat.dl_ Object is locked skipped
D:\566c9171e\nmcom.dl_ Object is locked skipped
D:\566c9171e\nmft.dl_ Object is locked skipped
D:\566c9171e\nmmkcert.dl_ Object is locked skipped
D:\566c9171e\nmnt.sy_ Object is locked skipped
D:\566c9171e\nmoldwb.dl_ Object is locked skipped
D:\566c9171e\nmpgmgrp.ex_ Object is locked skipped
D:\566c9171e\nmwb.dl_ Object is locked skipped
D:\566c9171e\npdrmv2.dl_ Object is locked skipped
D:\566c9171e\npdsplay.dl_ Object is locked skipped
D:\566c9171e\nppagent.ex_ Object is locked skipped
D:\566c9171e\npptools.dl_ Object is locked skipped
D:\566c9171e\npwmsdrm.dl_ Object is locked skipped
D:\566c9171e\nt5.ca_ Object is locked skipped
D:\566c9171e\ntdetect.com Object is locked skipped
D:\566c9171e\ntdll.dll Object is locked skipped
D:\566c9171e\ntfs.sys Object is locked skipped
D:\566c9171e\ntio.sy_ Object is locked skipped
D:\566c9171e\ntkrnlmp.ex_ Object is locked skipped
D:\566c9171e\ntkrnlpa.exe Object is locked skipped
D:\566c9171e\ntkrpamp.exe Object is locked skipped
D:\566c9171e\ntlanman.dl_ Object is locked skipped
D:\566c9171e\ntldr Object is locked skipped
D:\566c9171e\ntmarta.dl_ Object is locked skipped
D:\566c9171e\ntmsapi.dl_ Object is locked skipped
D:\566c9171e\ntmsdba.dl_ Object is locked skipped
D:\566c9171e\ntmssvc.dl_ Object is locked skipped
D:\566c9171e\ntoskrnl.ex_ Object is locked skipped
D:\566c9171e\ntprint.cat Object is locked skipped
D:\566c9171e\ntprint.dl_ Object is locked skipped
D:\566c9171e\ntshrui.dl_ Object is locked skipped
D:\566c9171e\ntvdm.ex_ Object is locked skipped
D:\566c9171e\nv4_disp.dll Object is locked skipped
D:\566c9171e\nv4_mini.sys Object is locked skipped
D:\566c9171e\nwprovau.dl_
luckyinkentucky is offline  
Old 2007-11-11, 22:06   #10
luckyinkentucky
Junior Member
 
Join Date: Nov 2007
Posts: 14
Default
Is there any way to send you a txt of this file? it is really closer to 14 posts long. I'm not even 1/10 of the way through.
luckyinkentucky is offline  
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 17:38.

Contact Us - Safer-Networking Limited - Archive - Privacy Statement - Top

Copyright © 2000-2010 Safer-Networking Limited. All rights reserved.