Cannot get rid of trats virus, generic dropper, and virtumonde
Sure glad you guys are here. I have tried everything! The virus and malware keep coming back. After following the directions in the "before you post" thread, here is a HJT log after a Kapersky scan. I have a log of before the first Kaps scan too. (Kaps scan to follow):
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:18:03 PM, on 1/22/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\CFusionMX\runtime\bin\jrunsvc.exe
C:\CFusionMX\db\slserver52\bin\swagent.exe
C:\CFusionMX\runtime\bin\jrun.exe
C:\CFusionMX\db\slserver52\bin\swstrtr.exe
C:\CFusionMX\db\slserver52\bin\swsoc.exe
C:\WINDOWS\SYSTEM32\GEARSEC.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
c:\program files\mcafee\msk\msksrver.exe
C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe
C:\Program Files\SiteAdvisor\6253\SAService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee.com\Agent\mcagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SEC\Natural Color\NaturalColorLoad.exe
C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://www.yahoo.com<br />
R1 - HKL.../?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URLhttp://go.microsoft.com/fwlink/?LinkId54896[
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://go.microsoft.com/fwlink/?LinkId=54896[
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Yahoo!
F3 - REG:win.ini: load=C:\WINDOWS\system32\awtqn.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\BOB\Application Data\Mozilla\Profiles\default\p0ly8aft.slt\prefs.js)
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6253\SiteAdv.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [McAfee Backup] "C:\Program Files\McAfee\MBK\McAfeeDataBackup.exe"
O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\PRISMSVR.EXE" /APPLY
O4 - HKLM\..\Run: [44abe178] rundll32.exe "C:\WINDOWS\system32\ybbrxonx.dll",b
O4 - HKCU\..\Run: [LDM] "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"
O4 - HKCU\..\Run: [ESPN BottomLine] "C:\Program Files\ESPN\BottomLine\bline.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [McWebDownlMgr] C:\WINDOWS\TEMP\McDMTemp007 (2)\DwnldMgr.exe /runkey (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NaturalColorLoad.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SMC2862W-G EZ Connect g 802.11g Wireless USB Utility.lnk = C:\Program Files\SMC\SMC2862W-G EZ Connect g 2.4Ghz 802.11g Wireless USB 2.0 Adapter\SMCWGUTI.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim .exe
O9 - Extra button: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra 'Tools' menuitem: Vegas Red Casino - {D5AE2D6D-38A7-425c-86C0-E4ABBDB9EC68} - C:\Casino\Vegas Red Casino\casino.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/...riveragent.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: ColdFusion MX Application Server - Macromedia Inc. - C:\CFusionMX\runtime\bin\jrunsvc.exe
O23 - Service: ColdFusion MX ODBC Agent - Unknown owner - C:\CFusionMX\db\slserver52\bin\swagent.exe
O23 - Service: ColdFusion MX ODBC Server - Unknown owner - C:\CFusionMX\db\slserver52\bin\swstrtr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\SYSTEM32\GEARSEC.EXE
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - c:\program files\mcafee\msk\msksrver.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6253\SAService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: VAIO Media Music Server (VAIOMediaPlatform-MusicServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Music\SSSvr.exe
O23 - Service: VAIO Media Music Server (HTTP) (VAIOMediaPlatform-MusicServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Music Server (UPnP) (VAIOMediaPlatform-MusicServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Photo Server (VAIOMediaPlatform-PhotoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Photo\appsrv\PhotoAppSrv.exe
O23 - Service: VAIO Media Photo Server (HTTP) (VAIOMediaPlatform-PhotoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Photo Server (UPnP) (VAIOMediaPlatform-PhotoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Video Server (VAIOMediaPlatform-VideoServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Video\GPVSvr.exe
O23 - Service: VAIO Media Video Server (HTTP) (VAIOMediaPlatform-VideoServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Video Server (UPnP) (VAIOMediaPlatform-VideoServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
--
End of file - 16333 bytes
kaps p1 sooo big have to finish post later
KASPERSKY ONLINE SCANNER REPORT
Tuesday, February 05, 2008 7:09:41 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/02/2008
Kaspersky Anti-Virus database records: 548717
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
Scan Statistics:
Total number of scanned objects: 166589
Number of viruses found: 2
Number of infected objects: 15
Number of suspicious objects: 0
Duration of the scan process: 03:38:23
Infected Object Name / Virus Name / Last Action
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Agent.trc Object is locked skipped
C:\CFusionMX\db\slserver52\tracing\ColdFusion MX ODBC Server.trc Object is locked skipped
C:\CFusionMX\logs\server.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-err.log Object is locked skipped
C:\CFusionMX\runtime\logs\default-out.log Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\consumer.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\destination.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\handle.dat Object is locked skipped
C:\CFusionMX\runtime\servers\default\SERVER-INF\jms\db\coremq\message.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MPF\data\log.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\VirusScan\Logs\OAS.Log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\8e31766098082b1b41af627599f835e1_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\b690388aa1292b7fbe341629caa78bc9_51efa46f-1676-4937-b187-21320319e24c Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.Crwl Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.439.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy8239.gthr Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf1.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Ntf2.tmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_9cc.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-12072006-221540.log Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201D2062E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201E08CEC Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\0201E0917F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\030A2D3F9566F8133E7241A792D9D978 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\26827173A32CFD66AE06B2E03C2090B8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\26EC0C5B7114F10875139504DC06CB40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B0000003C Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002065 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002834 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2B00002B40 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C494D53747265657469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C67696C7A6F7469636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2C73706C65616B5F69636F6E Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\2FF3EC05D8D0239C17813A71950FEB39 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\32FD965AA1A6EF4F1E8F4DE14D141A4B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\340011B145208CFBEA76AD088CB728AE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\3D81CBF32B4374900D3161432904B286 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\41F3BF594DDAC6CAA3D2942C3F7FE6FA Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\4916D554C00AB7982229A88F95B5F2ED Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\5DA6BF6279DAA8A81EAB61C5BBC01AFD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\5F1DD9054F9FCB372E9853C77E3F5F90 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\6239FAC128E92C898A32819F776BED26 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\697CB5B0CBDACCE78B827F1A4796E140 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\7E940868FE64CC37B1E4D18982B0CE82 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\902BBA87C11E77570137A1F5A1B145BE Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A455B7F56A7845F8A3BB1DAD4C8ED557 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A4CC7695FD279702F37EDC69829CC639 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\A65B598392822A71E1F1858EF57BCBE7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\B1BD3D6D007DCC7A9685FD2DB47142F8 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1\D47F2681C0ADDC11330F0C2362C6301B Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\1024\2B000001B7 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\129\0201D215F1 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\bart\129\2B0000144F Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\graceebabyxoo\feedbag Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\gracieakersz13\buddyicon Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\caches\users\gracieakersz13\feedbag Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\cert8.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\key3.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\acccore\nss\secmod.db Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\AcroForm\MRUFormsList Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\AdobeComFnt06.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Collab\OfflineDocs Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Collab\Reviews Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\TMGrpPrm.sav Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\6.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\AdobeCMapFnt07.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\AdobeSysFnt07.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Collab\RSS Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\JSADM.exv Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Lori.err Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\favorites.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\files.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\organizer70\folders.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Preferences\AcrobatColorSettings.csf Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Updater\udlog.txt Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\Updater\udstore.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\7.0\UserCache.bin Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\AdobeCMapFnt08.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\AdobeSysFnt08.lst Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\JavaScripts\glob.settings.js Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Lori.err Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\db.opt Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\favorites.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\files.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.frm Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.MYD Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\organizer70\folders.MYI Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Synchronizer\adobesynchronizersu80 Object is locked skipped
C:\Documents and Settings\Grace\Application Data\Adobe\Acrobat\8.0\Synchronizer\metadata\Synchronizer80 Object is locked skipped