Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant open spybot or Malware, infected


  • Please log in to reply
13 replies to this topic

#1 fbird69

fbird69

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 27 April 2009 - 09:39 PM

Hello all,

Hope someone can help me, this is driving me nuts. :thumbsup: This just happond today. First I was not allowed to access the internet at all. My modem and vonage were working fine. Tried to open, spybot and malware with no luck. I could open Adware, which found a browser hijacker and did a full AVG scan which was ok. It allowed me to gain Internet access again, but still could not open any of my spyware programs.

I tried to download some other spyware problems to check for problems, but the computer wont even allow a setup of them.
Next I tried a safe mode scan with spybot and malware. Same thing, it wont let them open. Why I still have internet access for now, I figured I would come here for help. What should I do next to try and solve this program?

I'm running xp, avg free, spybot, malwarebytes, adware.

Thanks

BC AdBot (Login to Remove)

 


#2 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 27 April 2009 - 10:55 PM

Know I cant access the internet or open anything else, inless I'm in safemode.
Rebooting is only working 25%, I'm getting a black screen with the pointer, reboot again.

Any suggestions?

#3 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 12:04 AM

For MBAM

here's a random renamer for the program

http://kixhelp.com/wr/files/mb/randmbam.exe

Here's a link for MBAM definition update

http://www.gt500.org/malwarebytes/database.jsp
Chewy

No. Try not. Do... or do not. There is no try.

#4 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 April 2009 - 09:32 AM

Thanks for the help.
I downloaded the mbam renamer. It allowed me open, but it wouldnt update or do a scan, it would freeze at 3 seconds in-preparing files. So I tried in safe mode, it opened and I did a fast scan. Here is the log

Malwarebytes' Anti-Malware 1.36
Database version: 2043
Windows 5.1.2600 Service Pack 3

4/28/2009 8:38:31 AM
mbam-log-2009-04-28 (08-38-31).txt

Scan type: Quick Scan
Objects scanned: 94360
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\RECYCLER\S-9-7-87-100028491-100018701-100009232-3960.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
_________________________________________________________________________________________________

After that I updated and did a full scan, here is the log,

Malwarebytes' Anti-Malware 1.36
Database version: 2053
Windows 5.1.2600 Service Pack 3

4/28/2009 9:08:28 AM
mbam-log-2009-04-28 (09-08-28).txt

Scan type: Full Scan (C:\|D:\|L:\|)
Objects scanned: 220039
Time elapsed: 25 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
________________________________________________________________________________________________

I rebooted in normal mode. I still cant scan in renamed nbam, open normal nbam, open spybot, cant open control panel or most folders, have to pull power to shut down and the internet takes 2 min to open, but it still works :thumbsup:
What would be the next step?

Thanks for taking the time to help.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 09:54 AM

This is a very nasty infection

You should consider reinstalling windows xp(completely)

To continue removing this infection you will have to follow these directions exactly!


http://rootrepeal.googlepages.com/

http://rootrepeal.googlepages.com/RootRepeal.zip

Just use the file tab at the bottom, scan and paste the report into a reply here please

Do not leave it on the default driver tab

You will need to shut down as many running processes as you can, especially your antivirus

If the scan complete look for a line like this

Path: C:\WINDOWS\system32\drivers\gxvxcnkejwbsivbrfootqalksrgbvbwucfqxt.sys
Status: Invisible to the Windows API!


the letters in the middle will be random

If you get this far, highlight that entry and rightclick and choose wipe

Immediately after reboot and run a quick scan with MBAM

Edited by DaChew, 28 April 2009 - 09:55 AM.

Chewy

No. Try not. Do... or do not. There is no try.

#6 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 April 2009 - 10:21 AM

Can I do this in safemode? I tried downloading, but it does not allow me to put in desktop, cant open my doc's?

#7 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 10:47 AM

Try in safe mode

Try renaming it to scan.com as you save when you download

Use another computer to download and rename?
Chewy

No. Try not. Do... or do not. There is no try.

#8 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 April 2009 - 10:57 AM

In safe mode I was able to get it one my desk top. I extracted in SM & tried to open. Got a message about using in safemode, opened it anywayand got a error message "invalid pe image". I hit ok , I was able to scan. It just showed the drivers and said found 182 drivers & 1 hidden. It didnt show any message like you said "scan complete quote".
I dont think it opened correct because of the error.

I tried in normal mode from the desktop, it wont open the extracted file from SM or It wont let me extract the files again.

Also what processes should I leave to operate normal?

#9 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 11:01 AM

There's a file tab at the bottom next to the driver tab

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\system32\gxvxccounter
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxcpwrvkiexdkpyyldamwrfhxbfpmgcmtmp.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxcnkejwbsivbrfootqalksrgbvbwucfqxt.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Nhan\Local Settings\Temp\etilqs_DJ6INKPsgRV8oECgH36h
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: C:\Documents and Settings\Nhan\Application Data\Mozilla\Firefox\Profiles\mhl579r9.default\sessionstore.js
Status: Could not get file information (Error 0xc0000008)


Chewy

No. Try not. Do... or do not. There is no try.

#10 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 April 2009 - 11:30 AM

Here is the log, should I wipe all of them?

ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/28 11:23
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\WINDOWS\system32\gxvxcaoxwbhfvfskmuplvioayhjcpyuffdghs.dll
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\gxvxccounter
Status: Invisible to the Windows API!

Path: C:\WINDOWS\system32\drivers\gxvxccgquhodyqdjcbiivjwscobgrtfwxkeir.sys
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Desktop\Visualizing\Standing back from a book to reflect on images as we stand back from a painting permits us to create an amalgam.doc
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LSL;!c=LH;!c=LHL;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\interimsearch[1].aspx;frp=9;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LSL;!c=LH;!c=LHL;ord=2920086594941
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\dref=http%253A%252F%252Fwww.realtor.com%252Foptions%252Finterimsearch[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LSL;!c=LH;!c=LHL;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\transition[1].aspx;frp=8;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=TRANS;sz=336x280;ord=2920086566308
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\thumb.d9367d7f4cdd496693fb9945c08b5439.hannah_montana_best_of_both_worlds_nyet680[1].jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\2F%252Fwww.realtor.com%252Fsearch%252Fsearchresults[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7%2526sid%253De3ef28a948544e1e820a136143a575e1%2526pg%253D2
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\dref=http%253A%252F%252Fwww.realtor.com%252Fsearch%252Fsearchresults[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=PUN;sz=720x300;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\miley-cyrus_dot_com-newyorktimes-artandleisureweekend-2007jan7-f006[1].jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\fairytopia\fairytopiaData.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fashion\styledbyme\styledbyme.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\common\Code.swf\urlGetAvatarListPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\common\Code.swf\urlGetMatchStatisticsPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\sapframe\sapframe.swf\ActivePlayerPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\pixelchix.everythinggirl.com\us\home\home.swf\homepageDecoration.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion6_cv.swf\fspSettings.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\princess\pegasus\shell.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fashion\styledbyme\styledbyme.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\everythinggirl.com\activities\fashion\makeover\makeover.swf\Makeover.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\everythinggirl.com\activities\fashion\makeover\makeover.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\princess\pegasus\shell.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf\yup_embed_module.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf\POP_meta.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf\yup_embed_module.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf\POP_meta.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\us.yimg.com\i\ligans\kids\common\flash\nav-1.8.swf\navData.sol
Status: Locked to the Windows API!

#11 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 28 April 2009 - 02:13 PM

I wiped clean
"Path: C:\WINDOWS\system32\drivers\gxvxccgquhodyqdjcbiivjwscobgrtfwxkeir.sys
Status: Invisible to the Windows API!"

Rebooted in normal mode, tried scan on renamed MBAM, gets stuck on 2 seconds again. But I was able to open the original MBAM, but not scan either.

I tried to open rootrepeal in normal, it did. Ran the scan again;
here is the log
ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/28 12:19
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\WINDOWS\Debug\UserMode\userenv.log
Status: Size mismatch (API: 170374, Raw: 169456)

Path: C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log
Status: Size mismatch (API: 640806, Raw: 638802)

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Desktop\Visualizing\Standing back from a book to reflect on images as we stand back from a painting permits us to create an amalgam.doc
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut1_15377C3E9655400FB441E69F0A6BEAFE.exe
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut2_15377C3E9655400FB441E69F0A6BEAFE.EXE
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Default User\Application Data\Microsoft\Installer\{15377C3E-9655-400F-B441-E69F0A6BEAFE}\NewShortcut3_15377C3E9655400FB441E69F0A6BEAFE.EXE
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LSL;!c=LH;!c=LHL;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\interimsearch[1].aspx;frp=9;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LSL;!c=LH;!c=LHL;ord=2920086594941
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\dref=http%253A%252F%252Fwww.realtor.com%252Foptions%252Finterimsearch[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\CVQWOOA8\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\NJBDKCX7\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LSL;!c=LH;!c=LHL;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\transition[1].aspx;frp=8;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=TRANS;sz=336x280;ord=2920086566308
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\thumb.d9367d7f4cdd496693fb9945c08b5439.hannah_montana_best_of_both_worlds_nyet680[1].jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SKY;sz=120x600;ptile=2;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=VBAN;sz=120x240;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\QLI3KRPU\2F%252Fwww.realtor.com%252Fsearch%252Fsearchresults[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7%2526sid%253De3ef28a948544e1e820a136143a575e1%2526pg%253D2
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\dref=http%253A%252F%252Fwww.realtor.com%252Fsearch%252Fsearchresults[1].aspx%253Fzp%253D60142%2526mnp%253D31%2526typ%253D7
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL1;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\interimsearch[1].aspx;frp=0;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=PUN;sz=720x300;ord=29200864885932
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\miley-cyrus_dot_com-newyorktimes-artandleisureweekend-2007jan7-f006[1].jpg
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;dcopt=ist;pos=LB;sz=728x90;ptile=1;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=LB2;sz=728x91;ptile=3;!c=LH;!c=LHL;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL2;sz=125x30;ord=2920086554748
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=5;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL3;sz=125x30;ord=2920086587948
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Local Settings\Temporary Internet Files\Content.IE5\UNLFSJAN\searchresults[1].aspx;frp=7;cm=MCHENRYCOUNTYIL;st=IL;ZP=60142;abr=!webtv;pos=SRPL4;sz=125x30;ord=29200865035829
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\pagead2.googlesyndication.com\pagead\googleadplayer.swf\mediaPlayerUserSettings.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\fairytopia\fairytopiaData.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fashion\styledbyme\styledbyme.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\common\Code.swf\urlGetAvatarListPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\common\Code.swf\urlGetMatchStatisticsPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\en.www.bonus.com\sapbox\sapframe\sapframe.swf\ActivePlayerPlugIn.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\pixelchix.everythinggirl.com\us\home\home.swf\homepageDecoration.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\assets.espn.go.com\motion\fsp\FSPRoot\espnmotion6_cv.swf\fspSettings.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\btv\raven\raven_landing.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\princess\pegasus\shell.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fashion\styledbyme\styledbyme.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\everythinggirl.com\activities\fashion\makeover\makeover.swf\Makeover.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\everythinggirl.com\activities\fashion\makeover\makeover.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\barbie.everythinggirl.com\activities\fantasy\princess\pegasus\shell.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf\yup_embed_module.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf\POP_meta.swf
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.6\embed-2007-12-18-1554\swf\yup_embed_module.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\cosmos.bcst.yahoo.com\ver\251.7\popup-2008-01-24-1101\swf\POP_meta.swf\TestMovie_Config_Info.sol
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Owner\My Documents\My Backup -- 08-03-05 1047AM\My Backup -- 08-03-05 1047AM\Documents and Settings\Guest\Application Data\Macromedia\Flash Player\#SharedObjects\56XJHKS4\l.yimg.com\us.yimg.com\i\ligans\kids\common\flash\nav-1.8.swf\navData.sol
Status: Locked to the Windows API!
________________________________________________________________

After that I booted in safemode and ran MBAM quick scan:

Malwarebytes' Anti-Malware 1.36
Database version: 2053
Windows 5.1.2600 Service Pack 3

4/28/2009 12:28:39 PM
mbam-log-2009-04-28 (12-28-39).txt

Scan type: Quick Scan
Objects scanned: 94859
Time elapsed: 2 minute(s), 35 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gxvxccounter (Trojan.DNSchanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gxvxcaoxwbhfvfskmuplvioayhjcpyuffdghs.dll (Trojan.Agent) -> Quarantined and deleted successfully.
____________________________________________________________

Still in SM, I I tried to download spybot again and was sucessful this time. Did a updated and scan, it found a win32.tdss.rtk,
mediaplex and 3 adrevoler. Scan MBAM again still ok.

Rebooted in NM, Ran spybot again- OK, ran rootrepeal- file still wiped, ran adware- ok, ran avg- ok. But still cant open either mbam, they get stuck at 2 seconds, only works in SM. Also still cant open control panel or documents.

Thanks for getting me to this point!! :thumbsup: What else do you recomend?

#12 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 08:26 PM

You are getting good at this,

now try this program

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download DrWeb-CureIt and save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on launch.exe to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All.
  • When complete, click Select All, then choose Cure > Move incurable.
    (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • Now put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and UNcheck "Heuristic analysis" under the "Scanning" tab, then click Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • When the scan is complete, a message will be displayed at the bottom indicating if any viruses were found.
  • Click "Yes to all" if asked to cure or move the file(s) and select "Move incurable".
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
We need to uninstall MBAM and run it's clean tool
Chewy

No. Try not. Do... or do not. There is no try.

#13 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:04:42 PM

Posted 28 April 2009 - 08:28 PM

1. Uninstall Malwarebytes' Anti-Malware using Add/Remove programs in the control panel.
2. Restart your computer (very important).
3. Download and run this utility.
http://www.malwarebytes.org/mbam-clean.exe
4. It will ask to restart your computer (please allow it to).
5. After the computer restarts, install the latest version

http://www.download.com/Malwarebytes-Anti-...&tag=button
Chewy

No. Try not. Do... or do not. There is no try.

#14 fbird69

fbird69
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:42 PM

Posted 29 April 2009 - 11:22 AM

After my last reply, I noticed a problem with my AVG. It was saying I had no componets and it wouldnt allow me to update or do a repair from the setup. Also it wouldnt allow me to uninstall either.

So back to safe mode, I uninstalled AVG and all it folders.
Downloaded new AVG 8.5, updated and reboot to normal. Same thing as before, no componets, no reapir and cant uninstall.

Uninstalled in Safe mode again. Reboot in normal, no A/V.

Then, HOLY CRAP :flowers: everything is working again normally. I can open folders, control panel, all spyware open's and works and even shuts down when I tell it to.

After another problem with avast, I ended up for now with nod32 A/V. Did a full scan, it found a worm in spybot. Updated MBAM, Spybot, adware and all scans were ok. Ran ccleaner and Did a a defrag. No problems for now.

Now that I have seen your last 2 posts, I will try DrWeb to make sure. Here is the log, it wouldnt allow me to quarantine,
so I deleted it.

SDFix.exe\SDFix\apps\Process.exe;C:\Documents and Settings\Owner\My Documents\fix computer stuff\SDFix.exe;Tool.Prockill;;
SDFix.exe;C:\Documents and Settings\Owner\My Documents\fix computer stuff;Archive contains infected objects;Deleted.;
___________________________________________________________________________________________________


Did the MBAM clean and reinstall, scan ok. Everything is OK :thumbsup: now.


Again, thanks for your time helping me out. I thought for sure I would be doing a unistall of windows. Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users