PDA

View Full Version : Infected with Keylogger



Grayson Carlyle
2007-12-15, 19:14
Thursday night I lost my sanity for a bit and clicked a link in IE I knew I shouldn't've. I subsequently got a keylogger and lost my World of Warcraft account. I have the account back, but have not yet found the key logger.

I've run Spybot, Adaware, TrendMicro Home...something, Panda, a-squared, Kapersky, etc... and only a-squared found a registry key associated with IoxKeyLogger.

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:03:03 AM, on 15/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
D:\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\AVGFRE~1\avgcc.exe
D:\a-squared\a2service.exe
D:\AVGFRE~1\avgamsvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
D:\Gmail Notifier\gnotify.exe
C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\AVGFRE~1\avgupsvc.exe
D:\BANDWI~1\Bandwidth Monitor Pro.exe
D:\ICQ\ICQ.exe
D:\Spybot S&D\TeaTimer.exe
C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe
D:\Installed Files\G15NetSpeed\G15NetSpeed.exe
D:\NETWOR~1\bin\nSvcIp.exe
D:\NETWOR~1\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe
D:\Logitech\SetPoint\SetPoint.exe
D:\mIRC\mirc.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Mozilla Firefox\firefox.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\DAP\dapbho.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - D:\GetRight\xx2gr.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Mirabilis ICQ] D:\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] D:\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] D:\SBLive\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Common Files\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "D:\BANDWI~1\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Spybot S&D\TeaTimer.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater\AdobeUpdater.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = D:\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: mIRC.lnk = D:\mIRC\mirc.exe
O8 - Extra context menu item: &Download with &DAP - D:\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - D:\DAP\dapextie2.htm
O8 - Extra context menu item: Download with GetRight - D:\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\OFFICE~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - D:\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ui.worldofwar.net
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/webplayer/stage6/windows/DivXBrowserPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15029/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0343B273-4B62-4B2D-A622-13BE9E78DDC6}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{0343B273-4B62-4B2D-A622-13BE9E78DDC6}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - D:\a-squared\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVGFRE~1\avgupsvc.exe
O23 - Service: Bandwidth Monitor Pro - Pro²soft - d:\BANDWI~1\Bandwidth Monitor Pro.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - D:\NETWOR~1\Apache Group\Apache2\bin\apache.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MySQL - Unknown owner - D:\MySQL\bin\mysqld-nt (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - D:\NETWOR~1\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - Unknown owner - D:\NETWOR~1\bin\nSvcLog.exe
O23 - Service: Perforce - Unknown owner - D:\Perforce\p4s.exe
O23 - Service: Perforce Proxy - Unknown owner - D:\PERFOR~1\PROXYC~1\p4ps.exe
O23 - Service: Apache Tomcat (Tomcat5) - Apache Software Foundation - D:\Storage\DoR Source\Tomcat 5.5\bin\tomcat5.exe
O23 - Service: Ventrilo - Unknown owner - D:\VentriloSrv\ventrilo_svc.exe

--
End of file - 8572 bytes

And the Kaspersky scan:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, December 15, 2007 7:51:34 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/12/2007
Kaspersky Anti-Virus database records: 483181
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 122408
Number of viruses found: 2
Number of infected objects: 2
Number of suspicious objects: 0
Duration of the scan process: 01:18:17

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\cert8.db Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\history.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\key3.db Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\parent.lock Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\ApplicationHistory\CLI.EXE.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\Working\database_DADC_F97A_103D_DE82\dfsr.db Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\Working\database_DADC_F97A_103D_DE82\fsr.log Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\Working\database_DADC_F97A_103D_DE82\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Messenger\chris@mcfadyen.ca\SharingMetadata\Working\database_DADC_F97A_103D_DE82\tmp.edb Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Microsoft\Windows Live Contacts\chris@mcfadyen.ca\real\members.stg Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Application Data\Mozilla\Firefox\Profiles\8p5likmk.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\hsperfdata_Chris McFadyen\3820 Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\htba Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\Perflib_Perfdata_224.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\Perflib_Perfdata_41c.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\Perflib_Perfdata_fe0.dat Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\~DF5C39.tmp Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\~DF6566.tmp Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\~DFC6B7.tmp Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\~DFCEC9.tmp Object is locked skipped
C:\Documents and Settings\Chris McFadyen\Local Settings\Temp\~DFCED9.tmp Object is locked skipped
C:\Documents and Settings\Chris McFadyen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris McFadyen\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_151c.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\ICQ\2003b\13957428\Messages13957428.cdx Object is locked skipped
D:\ICQ\2003b\13957428\Messages13957428.dbf Object is locked skipped
D:\ICQ\2003b\13957428\Messages13957428.fpt Object is locked skipped
D:\ICQ\2003b\13957428\O13957428.cdx Object is locked skipped
D:\ICQ\2003b\13957428\O13957428.dbf Object is locked skipped
D:\ICQ\2003b\13957428\O13957428.fpt Object is locked skipped
D:\ICQ\2003b\13957428\Plugin13957428.cdx Object is locked skipped
D:\ICQ\2003b\13957428\Plugin13957428.dbf Object is locked skipped
D:\ICQ\2003b\13957428\Plugin13957428.fpt Object is locked skipped
D:\ICQ\2003b\13957428\Users13957428.cdx Object is locked skipped
D:\ICQ\2003b\13957428\Users13957428.dbf Object is locked skipped
D:\ICQ\2003b\13957428\Users13957428.fpt Object is locked skipped
D:\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
D:\Network Access Manager\Apache Group\Apache2\logs\access_log Object is locked skipped
D:\Network Access Manager\Apache Group\Apache2\logs\error.log Object is locked skipped
D:\Network Access Manager\Apache Group\Apache2\logs\error_log Object is locked skipped
D:\Network Access Manager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\My Documents\Temporary Internet Files\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
G:\RECYCLER\S-1-5-21-789336058-764733703-839522115-1003\Dg6.htm Infected: Exploit.Win32.RealPlr.k skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.