Results 1 to 4 of 4

Thread: Pc infected with trojan

  1. 2008-06-05, 11:43 #1
    krissy997
    krissy997 is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    Default Pc infected with trojan

    Hi
    I have been experiencing problems when using Google and clicking on links. The links take me to random pages which mostly appear to be other search engines. I have also noticed that when you hover over these links they have the alt text appear that says Z_:. I ran trends house call virus scan and it said that I had a trojan called bkdr_ciadoor.bc and it cleaned it up. But after running Kaspersky it still says I have a trojan but it is somewhere different from the last one. Please can you help. I have followed the instructions and my hijack log and Kaspersky scan is below.

    Thanks.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:35:41, on 05/06/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16643)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Winamp Remote\bin\OrbTray.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe
    C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
    C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe
    C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files (x86)\Computer Associates\InoculateIT\Realmon.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files (x86)\Winamp Remote\bin\Orb.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Kristen Doherty\AppData\Local\Trend Micro\HCMS\tsafe\en-US\tgui.exe
    C:\Users\Kristen Doherty\AppData\Local\Trend Micro\HCMS\tsafe\en-US\tgsvc.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\googletoolbar1.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Codec pack - {b448d946-3623-42ab-ba32-c08651e36980} - C:\Program Files (x86)\Common Files\System\sys_vd4.dat
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\googletoolbar1.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "c:\Program Files (x86)\Java\jre1.6.0\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\apdproxy.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
    O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files (x86)\Computer Associates\InoculateIT\realmon.exe"
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\RunServices: [InoTask] "C:\Program Files (x86)\Computer Associates\InoculateIT\InoTask.exe"
    O4 - HKLM\..\RunServices: [InoRT] C:\Program Files (x86)\Computer Associates\InoculateIT\InoRT9x.exe
    O4 - HKLM\..\RunServices: [InoRPC] "C:\Program Files (x86)\Computer Associates\InoculateIT\InoRpc.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [1&1 EasyLogin] C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe
    O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files (x86)\DisplayFusion\DisplayFusion.exe"
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files (x86)\uniblue\registrybooster 2\StartRegistryBooster.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: update.exe
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\ProgramData\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files (x86)\Java\jre1.6.0\bin\ssv.dll
    O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    O13 - Gopher Prefix:
    O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (Lotus Quickr Class) - http://domino.rockteam.com/qp2.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
    O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework...ex/TmHcmsX.CAB
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn...tDetection.cab
    O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanage...ex-2.2.1.6.cab
    O20 - AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~2\GOEC62~1.DLL
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
    O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (X86)\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files (x86)\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\Windows\LogWatNT.exe
    O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files (x86)\lotus\notes\nslsvice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15931 bytes


    Kaspersky scan

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Thursday, June 05, 2008 10:21:24 AM
    Operating System: Microsoft Windows Vista, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 4/06/2008
    Kaspersky Anti-Virus database records: 828960
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 278773
    Number of viruses found: 1
    Number of infected objects: 15
    Number of suspicious objects: 0
    Duration of the scan process: 01:57:23

    Infected Object Name / Virus Name / Last Action
    C:\Boot\BCD Object is locked skipped
    C:\Boot\BCD.LOG Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.125.Crwl Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.125.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.ci Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.ci Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.ci Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wsb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010010.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010012.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010018.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010020.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010027.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010028.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010029.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002A.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002D.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001002F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010030.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010031.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010032.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010033.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010034.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010037.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010038.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010039.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003B.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003C.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003D.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003E.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001003F.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010040.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010042.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010043.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010044.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010045.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010046.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010053.wid Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0007.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\CiMG0008.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl23.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl24.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Crwl25.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy778.gthr Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAF9F.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAFA0.tmp Object is locked skipped
    C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-073859.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\CabDirectory.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\MiWebServer.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\Orb.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbClient.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbContacts.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbDMS.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbErrors.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbImageProcessing.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbMediaV2.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbPVR.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbRequestProxy.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbStats.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbStreamer.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbTrayIcon.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\OrbTVXml.log Object is locked skipped
    C:\ProgramData\OrbNetworks\Logs\rtspServer.log Object is locked skipped
    C:\ProgramData\OrbNetworks\OrbContacts\OrbContacts.db Object is locked skipped
    C:\ProgramData\OrbNetworks\OrbMediaV2\OrbMedia.db Object is locked skipped
    C:\ProgramData\OrbNetworks\OrbPVR\OrbPVR.db Object is locked skipped
    C:\ProgramData\OrbNetworks\OrbThumbs\OrbThumbsV2.db Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbc2e.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbdam Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbdao Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbeam Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbeao Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbm Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbu2d.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbvm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\dbvmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\fii.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\fiih.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\hp Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\hpt2i.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\rpm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\rpm1m.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\rpm1mh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\rpmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-black-enchashm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-black-urlm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-black-urlmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-malware-domainm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-white-domainm.cf1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Google\Google Desktop\720a2ad1a868\safeweb\goog-white-domainmh.ht1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows Defender\FileTracker\{929A216D-B897-42C7-8DE4-2DC411081B63} Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\Cookies\index.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\History\History.IE5\MSHist012008060420080605\index.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6727.tmp/stream/Script Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6727.tmp/stream Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6727.tmp NSIS: infected - 2 skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6728.tmp/stream/Script Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6728.tmp/stream Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6728.tmp NSIS: infected - 2 skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6729.tmp/stream/Script Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6729.tmp/stream Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6729.tmp NSIS: infected - 2 skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6730.tmp/stream/Script Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6730.tmp/stream Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\jar_cache6730.tmp NSIS: infected - 2 skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\us0105.exe/stream/Script Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\us0105.exe/stream Infected: Trojan-Downloader.NSIS.Agent.at skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\us0105.exe NSIS: infected - 2 skipped
    C:\Users\Kristen Doherty\AppData\Local\Temp\~DFEE52.tmp Object is locked skipped
    C:\Users\Kristen Doherty\ntuser.dat Object is locked skipped
    C:\Users\Kristen Doherty\ntuser.dat.LOG1 Object is locked skipped
    C:\Users\Kristen Doherty\ntuser.dat.LOG2 Object is locked skipped
    C:\Users\Kristen Doherty\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TM.blf Object is locked skipped
    C:\Users\Kristen Doherty\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Users\Kristen Doherty\NTUSER.DAT{865d07f1-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\bthservsdp.dat Object is locked skipped
    C:\Windows\CSC\v2.0.6\pq Object is locked skipped
    C:\Windows\Debug\PASSWD.LOG Object is locked skipped
    C:\Windows\Debug\sam.log Object is locked skipped
    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{865d07e9-6a85-11db-acd0-9270719989e3}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{865d07e9-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{865d07e9-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{865d07e5-6a85-11db-acd0-9270719989e3}.TM.blf Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{865d07e5-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{865d07e5-6a85-11db-acd0-9270719989e3}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
    C:\Windows\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  2. 2008-06-06, 01:48 #2
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    some specialized tools are not supported in vista. run this and post the log it generates;

    Please download Malwarebytes' Anti-Malware to your desktop:

    http://www.besttechie.net/tools/mbam-setup.exe

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform FULL SCAN, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

    you can also navigate here:
    C:\Users\Kristen Doherty\AppData\Local\Temp
    and delete everything in the temp folder
    How Can I Reduce My Risk?
  3. 2008-06-06, 12:22 #3
    krissy997
    krissy997 is offline
    Junior Member
    Join Date
    Jun 2008
    Posts
    2

    Default

    Hi

    Thanks for your help here is the log file generated from Malwarebytes.

    Malwarebytes' Anti-Malware 1.15
    Database version: 833

    11:18:24 06/06/2008
    mbam-log-6-6-2008 (11-18-24).txt

    Scan type: Full Scan (C:\|D:\|)
    Objects scanned: 322887
    Time elapsed: 59 minute(s), 42 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\CLSID\{b448d946-3623-42ab-ba32-c08651e36980} (Trojan.Agent) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Program Files (x86)\Common Files\System\svchost.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


    Do I need to do anything else? Is my pc clear now?
  4. 2008-06-07, 04:58 #4
    shelf life
    shelf life is offline
    Emeritus
    Join Date
    Nov 2005
    Location
    @localhost
    Posts
    6,066

    Default

    hi,

    thanks for the info. you can do a online scan here:
    ESET online scanner:

    http://www.eset.com/onlinescan/

    uses Internet Explorer only
    check "YES" to accept terms
    click start button
    allow the ActiveX component to install
    click the start button. the Scanner will update.
    check both "Remove found threats" and "Scan unwanted applications"
    click scan
    when done you can find the scan log at:C:\Program Files\EsetOnlineScanner\log.txt
    please copy/paste that log in next reply.
    How Can I Reduce My Risk?
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules