Cannot find "khfed.dll"?

S

saturdayskids

New member
Hey, new user here, not entirely very computer savy, also. I tried the Spyboy program hoping it would get rid of this problem, but to no avail.


I run a windows vista ultimate. It's been running very slowly, and sometimes closes windows randomly for the past few days. Now when I start the computer it says

"error loading khfed.dll" Cannot find file

then follows

"error loading dfqcsxgn.dll" Cannot find file.


Can anyone here help me? I haven't the slightest clue how to fix this problem, I definitely think there's a trojan on my computer, but there's no spyware program that elimates it yet? :oops:

Oh, sorry for the multiple posts, but here's the hijack this file info, thank you in advance for any help offered. I need it bad.


==========






Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:05:23 PM, on 2/27/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Windows\System32\p2phost.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\WTablet\TabUserW.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: free-downloads.net Toolbar - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [CollaborationHost] C:\Windows\system32\p2phost.exe -s
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\brendan\AppData\Local\Temp\khfed.dll,#1
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\brendan\AppData\Local\Temp\khhfg.dll,c
O4 - HKCU\..\Run: [MS Juan] rundll32 "C:\Users\brendan\AppData\Local\Temp\dfqcsxgn.dll",run
O4 - HKCU\..\Run: [767e0d99] rundll32.exe "C:\Users\brendan\AppData\Local\Temp\jjatkyik.dll",b
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKCU\..\Run: [BM754d3e05] Rundll32.exe "C:\Users\brendan\AppData\Local\Temp\lddwnwsg.dll",s
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\Windows\system32\Tablet.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
 
Last edited by a moderator:
Did the online scan, here's the results:








===============================================


KASPERSKY ONLINE SCANNER REPORT
Wednesday, February 27, 2008 10:57:43 PM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 27/02/2008
Kaspersky Anti-Virus database records: 584376
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
Scan Statistics
Total number of scanned objects 129618
Number of viruses found 6
Number of infected objects 31
Number of suspicious objects 0
Duration of the scan process 00:44:36

Infected Object Name Virus Name Last Action
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RBQDJ7O.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RBQDJ7O.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Small.ieg skipped
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RBQDJ7O.exe/data.rar/serial.exe Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RBQDJ7O.exe/data.rar Infected: Trojan-Downloader.Win32.Small.ijp skipped
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RBQDJ7O.exe RarSFX: infected - 4 skipped
C:\$Recycle.Bin\S-1-5-21-3823407711-885320655-315063334-1001\$RS2238J.exe Infected: Backdoor.Win32.Ciadoor.gn skipped
C:\Boot\BCD Object is locked skipped
C:\Boot\BCD.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Device Central CS3\AMT\AUMProduct.cer Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\16bb2e612543739aa0f53d25b7c2cea5_e5a81c1a-a20a-4307-854a-2dc2caf3b194 Object is locked skipped
C:\ProgramData\Microsoft\User Account Pictures\Owner.dat Object is locked skipped
C:\Users\brendan\AppData\Local\AOL\AOLDiag\AOL\IMAppServiceUSBETA\Win32\6.8.1.5\002ab06b.nub Object is locked skipped
C:\Users\brendan\AppData\Local\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
C:\Users\brendan\AppData\Local\AOL OCP\AIM\Storage\data\saturdayskids\localStorage\common.cls Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\InputPersonalization\edb.log Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\InputPersonalization\inkStore.mdb Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\InputPersonalization\tmp.edb Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM7AP4IG\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AM7AP4IG\ptch[1] Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat{b05f57f2-b301-11dc-b080-001a92d794cf}.TM.blf Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat{b05f57f2-b301-11dc-b080-001a92d794cf}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows\UsrClass.dat{b05f57f2-b301-11dc-b080-001a92d794cf}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\brendan\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped
C:\Users\brendan\AppData\Local\Mozilla\Firefox\Profiles\kxns2jfb.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\brendan\AppData\Local\Mozilla\Firefox\Profiles\kxns2jfb.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\brendan\AppData\Local\Mozilla\Firefox\Profiles\kxns2jfb.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\brendan\AppData\Local\Mozilla\Firefox\Profiles\kxns2jfb.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\Adobe_Flash_Keygen.rar/Adobe Flash Keygen/Adobe Flash CS3 Keygen ZWT.exe Infected: Trojan.Win32.VB.bkj skipped
C:\Users\brendan\AppData\Local\Temp\Adobe_Flash_Keygen.rar RAR: infected - 1 skipped
C:\Users\brendan\AppData\Local\Temp\bvsvgppf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\cpwcyhph.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\dfqcsxgn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\femgennp.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\fymwsmef.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\hvvupsqe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\ixvqdbcr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\jbbbakae.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\jjatkyik.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\khhfg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\lddwnwsg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\qaipfnnd.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\qomnk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\qqqixijt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\Server.exe Infected: Trojan.Win32.Small.ud skipped
C:\Users\brendan\AppData\Local\Temp\tmp00005253 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\tmp00005a01 Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\tsqippif.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\ucpvcnxx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\uiavkxbt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\xejqbkbn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\Users\brendan\AppData\Local\Temp\~DF6D7B.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF6D85.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF6DEB.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF7A60.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF7A82.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF8419.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF8CDF.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DF8EC8.tmp Object is locked skipped
C:\Users\brendan\AppData\Local\Temp\~DFE00C.tmp Object is locked skipped
C:\Users\brendan\AppData\Roaming\acccore\nss\cert8.db Object is locked skipped
C:\Users\brendan\AppData\Roaming\acccore\nss\key3.db Object is locked skipped
C:\Users\brendan\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\cert8.db Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\formhistory.dat Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\history.dat Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\key3.db Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\search.sqlite Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\brendan\AppData\Roaming\Mozilla\Firefox\Profiles\kxns2jfb.default\webappsstore.sqlite Object is locked skipped
C:\Users\brendan\NTUSER.DAT Object is locked skipped
C:\Users\brendan\ntuser.dat.LOG1 Object is locked skipped
C:\Users\brendan\ntuser.dat.LOG2 Object is locked skipped
C:\Users\brendan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Users\brendan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\brendan\NTUSER.DAT{0f69446d-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\MEMORY.DMP Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{B51D3695-DECF-49D3-85C4-DBDFDFD457A8}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd Object is locked skipped
Scan process completed.
 
Hi saturdayskids

Download Deckard's System Scanner (DSS) to your Desktop. Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post.
 
Due to the lack of feedback this Topic is closed.

If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.

Everyone else please begin a New Topic.
 
You must log in or register to reply here.
Back
Top