TechSpot

Have spyware infection Abebot

By 549Omaha
Mar 26, 2008
  1. Dear Experts

    Yesterday while browsing a few websites i accidently obtained a virus or spyware that I feel is connected to some culprit calling itself " Security System Protection Control Panel " TrojanDownloader.XS. and spent most of my day off from work trying to resolve the situation and eliminate the blasted thing.

    It is a White and Blue window that says 'Security system Waring"

    Alert Details
    File: C:\WINDOWS\wml.exe

    Threat:Abebot

    Click here to visit PC-Antispyware web site..

    There is also another similar one;

    System Integrity Scan Wizard
    Warning: Your ocmputer may have critical errors in Windows registry and file system!

    I must also point out that i also receive a pop up in the the right system tray which alerts the following

    To scan your computer for errors please click the 'Next' button below

    In addition an exclamation mark still appears in the bottom right system tray that says click here to fix problem .

    I did download deckard System scan ( formaly " Comboscan " which is very much like Combofix ) and have consequently an image made by Hijack this.

    Hope this is enough information and really look forward to receiving some sort of help/advice that can help elimnate this pain in the backside and destroy it forever.

    Thanks alot

    Bill
     
  2. kritius

    kritius TS Guru Posts: 2,084

    Would need to see the logs.
     
  3. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Trouble responding

    I just tried to post the log , both as a direct response to you, as well as ( when that was refused due to it being so large , WAY over the max. 10,000 like 23,000? ) I tried editing my first post to include it, and same error, TO LARGE !!

    What do I do ?

    Thank you,

    Bill

    I even tried to attatch the wordpad copy to this, to NO AVAIL
     
  4. kritius

    kritius TS Guru Posts: 2,084

    Post a reply to this message, not just using the quick reply box.

    Attach the HijackThis log as a text file by using the paperclip icon above the reply box.
     
  5. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Hey kritius

    I did really appreciate how fast you responded the first thread, and second,

    However I hope you hav'nt thrown in the towel because of my inability to send you the hijack log through this medium,

    I REALLY did try so many ways and times ,and got nowhere, do you have a problem with doing this through direct e-mail?
     
  6. kritius

    kritius TS Guru Posts: 2,084

    Sorry, I dont help through e mails, just on the boards

    Have you tried HERE?

    If that doesnt work then split the log into two pieces and paste them into a post.
     
  7. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Here I go again,

    I went to the link you sent me, and basically all that happened is I repeaated everything I had done before with the exception of renaming the program, HOWEVER, on the carefull posted directions it said that under NO cercumstances can a log be cut and pasted, and for some peculiar reason , I can NOT attatch anything by way of the paper clip,

    So as I'm writing I'm thinking along the line of breaking the log down and posting as a reply to you in maybe 3 segments, So, here goes ( several minutes have past )

    After alot of effort , I can still not attatch ANYTHING PERIOD,, no matter which buttons I click on

    PLEASE HELP !!

    Bill
     
  8. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    segment 1

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 9:34:22 AM, on 3/27/2008
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16609)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\zgvwnink\defkxola.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Windows\System32\hgjanqpm.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\a-squared Anti-Malware\a2service.exe
    C:\Program Files\a-squared Anti-Malware\a2guard.exe
    C:\Windows\notepad.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\System32\calc.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe
     
  9. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Segment 2

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=73&bd=Pavilion&pf=laptop
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: MorpheusToolbar BHO - {3F3714A1-89A4-46be-8AF3-D0C9D1FB03F9} - C:\Program Files\MorpheusBar\bar\1.bin\MORPHBAR.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe" /d=60
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKLM\..\RunOnce: [MyWebSearch bar Uninstall] rundll32 C:\PROGRA~1\UNINST~1.DLL,O -2
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [kjbtxweh] C:\Windows\system32\hgjanqpm.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKLM\..\Policies\Explorer\Run: [MbPJUQbALs] C:\ProgramData\zgvwnink\defkxola.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O
     
  10. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    segment 3

    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support.cox.com/sdccommon/download/tgctlcm.cab
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
    O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
    O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
    O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Roxio UPnP Renderer 10 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 10\RoxioUPnPRenderer10.exe
    O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUPnPRenderer9.exe
    O23 - Service: Roxio Upnp Server 10 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 10\RoxioUpnpService10.exe
    O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Roxio MyDVD Basic v9\Digital Home 9\RoxioUpnpService9.exe
    O23 - Service: LiveShare P2P Server 10 (RoxLiveShare10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe
    O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
    O23 - Service: RoxMediaDB10 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: Roxio Hard Drive Watcher 10 (RoxWatch10) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
    O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
    O23 - Service: SessionLauncher - Unknown owner - C:\Users\Bill\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)
    O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

    --
    End of file - 13338 bytes
     
  11. kritius

    kritius TS Guru Posts: 2,084

    Ill post a fix tomorrow, thats a big log file.

    Please be patient as these things need time to research.
     
  12. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Thank you SO MUCH !!
     
  13. kritius

    kritius TS Guru Posts: 2,084

    Fix entries using HiJackThis
    • Launch HiJackThis
    • Click the Do a system scan only button
    • Put a check next to the entries listed below

      O4 - HKCU\..\Run: [kjbtxweh] C:\Windows\system32\hgjanqpm.exe
      O4 - HKLM\..\Policies\Explorer\Run: [MbPJUQbALs] C:\ProgramData\zgvwnink\defkxola.exe
      O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
      O23 - Service: SessionLauncher - Unknown owner - C:\Users\Bill\AppData\Local\Temp\DX9\SessionLauncher.exe (file missing)

    • IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
    • Click the Fix checked button and close HiJackThis
    • Reboot HijackThis if necessary

    There are files I do not recognize, please carry out the following:
    • Please visit Jotti Online Malware Scan
    • Copy the following line into the white text box:
    • C:\Windows\system32\lsm.exe
      C:\ProgramData\zgvwnink\defkxola.exe
      C:\Windows\System32\hgjanqpm.exe
    • Click Submit.
    • Please post the results of this scan to this thread.
    Note: If the server is busy at the above site, try this alternative site:
    • Go to Virus Total-Upload A File.
    • Copy the following line into the white text box:
    • C:\Windows\system32\lsm.exe
      C:\ProgramData\zgvwnink\defkxola.exe
      C:\Windows\System32\hgjanqpm.exe
    • Click Send.
    • Please post the results of this scan to this thread.

    Update your Java Runtime Environment
    • First try going to Start -> Control Panel -> double click Java
    • Select the Update TAb at the top
    • Click the Check for Updates button at the bottom
    • If it finds the newer version (Java 6 Update 5) Follow the on screen instructions
    • After it installs the newest version Go back to Control Panel -> Add/remove programs
    • Uninstall any older versions of Java

    If for some reason you couldn't update through the above instructions.
    • Click the following link
      Java Runtime Environment 6 Update 5
    • The 4th option down is the one you want (click Download)
    • Check the box to agree to terms of service
    • Check the box for your operating system and click 'Download selected'at the bottom
    • After the install Go to Start-> Control Panel-> add/remove programs (Programs and features), and uninstall any old versions
    • Navigate to C:\programfiles\Java -> delete any subfolders except the jre1.6.0_05 folder

    I would like you to do an online scan so that we can what else may be in your system,
    Run Kaspersky online scanner
    With the exception of Internet Explorer, which must be used for this scan, keep ALL programs closed
    Note: It is recommended to disable onboard antivirus program and antispyware programs while performing scans to speed up scan time and to make sure there are no conflicts.
    Do not go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable resident antivirus protection along with whatever antispyware application you use.


    Do an online scan with Kaspersky Online Scanner in Internet Explorer. You will be prompted to install and run an ActiveX component from Kaspersky, Click Yes.
    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75%. Once the licence accepted, reset to 100%.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      o Scan using the following Anti-Virus database:
      o Extended (If available, otherwise use standard)
      o Scan Options:
      o Scan Archives
      o Scan Mail Bases
    • Click OK
    • Under select a target to scan, select My Computer
    • The scan will take a while so be patient and let it run.
    • Please do not use your computer while the scan is running. Once the scan is complete it will display if your system has been infected.
    • Click the Save Report As... button (see red arrow below)

      [​IMG]
    • In the Save as... prompt, select Desktop
    • In the File name box, name the file
    • In the Save as type prompt, select Text file (see below)

      [​IMG]
    • Include the report in your next post.

    Create an uninstall list
    • Launch Hijackthis
    • Click the Open the Misc Tools section button
    • Click the Open Uninstall Manager button.
    • Click the Save list button.
    • attach this log into your next reply
     
  14. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Response

    Thank you so very much, due to the HUGE task, I won't be able to devote that kind of time until late this evevning,( its 5:02 A.M. PDT in San Diego Calif. ) so I will be responding tomorrrow morning

    Thanks again


    Bill
     
  15. kritius

    kritius TS Guru Posts: 2,084

    Ok then,

    just note, whenever you are uploading the files to jotti, do it one at a time and let me know the results of all three seperately.
     
  16. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    response

    Rodger that

    thanks
     
  17. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    online malware scan results

    Jotti's malware scan 2.99-TRANSITION_TO_3.00-R1

    File to upload & scan:
    Service
    Service load: 0% 100%

    File: lsm.exe
    Status: OK
    MD5: 77f52395637906269b91264ffe576b51
    Packers detected: -
    Bit9 reports: No threat detected (more info)

    Scanner results
    Scan taken on 29 Mar 2008 12:58:30 (GMT)
    A-Squared Found nothing
    AntiVir Found nothing
    ArcaVir Found nothing
    Avast Found nothing
    AVG Antivirus Found nothing
    BitDefender Found nothing
    ClamAV Found nothing
    CPsecure Found nothing
    Dr.Web Found nothing
    F-Prot Antivirus Found nothing
    F-Secure Anti-Virus Found nothing
    Fortinet Found nothing
    Ikarus Found nothing
    Kaspersky Anti-Virus Found nothing
    NOD32 Found nothing
    Norman Virus Control Found nothing
    Panda Antivirus Found nothing
    Rising Antivirus Found nothing
    Sophos Antivirus Found nothing
    VirusBuster Found nothing
    VBA32 Found nothing

    Powered by

    Disclaimer
    This service is by no means 100% safe. If this scanner says 'OK', it does not necessarily mean the file is clean. There could be a whole new virus on the loose. NEVER EVER rely on one single product only, not even this service, even though it utilizes several products. Therefore, We cannot and will not be held responsible for any damage caused by results presented by this non-profit online service.

    Also, we are aware of the implications of a setup like this. We are sure this whole thing is by no means scientifically correct, since this is a fully automated service (although manual correction is possible). We are aware, in spite of efforts to proactively counter these, false positives might occur, for example. We do not consider this a very big issue, so please do not e-mail us about it. This is a simple online scan service, not the university of Wichita.

    Scanning can take a while, since several scanners are being used, plus the fact some scanners use very high levels of (time consuming) heuristics. Scanners used are Linux versions, differences with Windows scanners may or may not occur. Another note: some scanners will only report one virus when scanning archives with multiple pieces of malware.

    Virus definitions are updated every hour. There is a 10Mb limit per file. Please refrain from uploading tons of hex-edited or repacked variants of the same sample.

    Please do not ask for viruses uploaded here, unless you work for an anti-virus vendor. They are not for trade. This is a legitimate service, not a VX site. Viruses uploaded here will be distributed to antivirus vendors without exception. Read more about this in our privacy policy. If you do not want your files to be distributed, please do not send them at all.

    Sponsored by HotelScraper.com.
    --------------------------------------------------------------------------------


    Statistics
    Last file scanned at least one scanner reported something about: OGC_Begins_v11_Public_v1.7.rar (MD5: f5e6f8398333b0afb6c8b6234f874318, size: 163777 bytes), detected by:

    Scanner Malware name
    A-Squared X
    AntiVir TR/Crypt.XPACK.Gen
    ArcaVir X
    Avast X
    AVG Antivirus Win32/CryptExe
    BitDefender X
    ClamAV X
    CPsecure Packed.W32.CryptExe
    Dr.Web Exploit.DCom.183
    F-Prot Antivirus Possibly a new variant of W32/Threat-HLLAU-based!Maximus
    F-Secure Anti-Virus X
    Fortinet X
    Ikarus Trojan.Crypt.XPACK
    Kaspersky Anti-Virus X
    NOD32 X
    Norman Virus Control X
    Panda Antivirus X
    Rising Antivirus X
    Sophos Antivirus Sus/ComPack-J
    VirusBuster X
    VBA32 Exploit.DCom.183


    You're free to (mis)interpret these automated, flawed statistics at your own discretion. For antivirus comparisons, visit AV comparatives
    We are not affiliated with any third parties that conduct tests using this service.





    Frequently asked questions - Feedback - Privacy policy



    Page generated by JTPL

    © 2004-2008 Jordi Bosveld <jotti@jotti.org>
     
  18. BioscienceBoy

    BioscienceBoy TS Rookie

    Another computer infected by Abebot spyware

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:31:07 AM, on 3/29/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Documents and Settings\All Users\Application Data\uhehkpor\itgpkvcj.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\WINDOWS\ALCXMNTR.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\antiviirus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\WINDOWS\system32\mvefyvwb.exe
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\eFax Messenger 4.1\J2GTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
    C:\WINDOWS\explorer.exe
    K:\HijackThis.exe

    --

    End of Part 1 of 2
     
  19. BioscienceBoy

    BioscienceBoy TS Rookie

    Is the log attached?

    Is the HiJackThis log attached?
     
  20. kritius

    kritius TS Guru Posts: 2,084

    Can you start your own thread please?

    And attach the log rather than copy and paste it. (see how here)
     
  21. BioscienceBoy

    BioscienceBoy TS Rookie

    Hmmmm...it doesn't seem so.
     
  22. kritius

    kritius TS Guru Posts: 2,084

    Once again I will say,

    Can you start your own thread please? Go to the security and the web forum. and use the new thread button at the top of the page.

    And attach the log rather than copy and paste it. (see how here)

    You do not Hijack another persons thread.
     
  23. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Kaspersky Results part 1

    KASPERSKY ONLINE SCANNER REPORT
    Saturday, March 29, 2008 9:34:23 AM
    Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/03/2008
    Kaspersky Anti-Virus database records: 672287


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\
    E:\
    F:\
    G:\
    Z:\

    Scan Statistics
    Total number of scanned objects 149135
    Number of viruses found 2
    Number of infected objects 3
    Number of suspicious objects 0
    Duration of the scan process 02:07:54

    Infected Object Name Virus Name Last Action
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\sw_ae-20080329-055046.log Object is locked skipped

    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterInstance.lock Object is locked skipped

    C:\ProgramData\avg7\Log\emc.log Object is locked skipped

    C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\ae6f46f98a7a6d517159b99d0e1327b3_a7d9809c-e577-4dd0-890d-f0527c7b5950 Object is locked skipped

    C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.206.Crwl Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.206.gthr Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.ci Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wsb Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000F.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010016.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001D.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010021.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010022.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010023.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010024.wid Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy203.gthr Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped
     
  24. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Kaspersky results #2

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAEE4.tmp Object is locked skipped

    C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\NtfAEE5.tmp Object is locked skipped

    C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050241.log Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008032920080330\index.dat Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat{1ac10618-5e11-11dc-a05d-001b2486528f}.TM.blf Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat{1ac10618-5e11-11dc-a05d-001b2486528f}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows\UsrClass.dat{1ac10618-5e11-11dc-a05d-001b2486528f}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

    C:\Users\Bill\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

    C:\Users\Bill\AppData\Local\Temp\ehmsas.txt Object is locked skipped

    C:\Users\Bill\AppData\Local\Temp\~DF2D81.tmp Object is locked skipped

    C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

    C:\Users\Bill\AppData\Roaming\Roxio\MediaManager10\Album.ldb Object is locked skipped

    C:\Users\Bill\AppData\Roaming\Roxio\MediaManager10\Album.psod Object is locked skipped

    C:\Users\Bill\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-3-29-2008( 5-53-2 ).LOG Object is locked skipped

    C:\Users\Bill\Desktop\Desktop\Get-Torrent-2.0.0.0-setup-0350.exe/file02 Infected: not-a-virus:AdWare.Win32.Lop.bo skipped

    C:\Users\Bill\Desktop\Desktop\Get-Torrent-2.0.0.0-setup-0350.exe/file13 Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Users\Bill\Desktop\Desktop\Get-Torrent-2.0.0.0-setup-0350.exe Inno: infected - 2 skipped

    C:\Users\Bill\NTUSER.DAT Object is locked skipped

    C:\Users\Bill\ntuser.dat.LOG1 Object is locked skipped

    C:\Users\Bill\ntuser.dat.LOG2 Object is locked skipped

    C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

    C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

    C:\Users\Bill\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

    C:\Windows\Debug\PASSWD.LOG Object is locked skipped

    C:\Windows\Debug\sam.log Object is locked skipped

    C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

    C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

    C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

    C:\Windows\SoftwareDistribution\EventCache\{39AD4505-1786-49F6-A9AE-3C14FC55AAB9}.bin Object is locked skipped

    C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

    C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

    C:\Windows\System32\catroot2\edb.log Object is locked skipped

    C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

    C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

    C:\Windows\System32\config\COMPONENTS Object is locked skipped

    C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

    C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

    C:\Windows\System32\config\DEFAULT Object is locked skipped

    C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

    C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

    C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

    C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

    C:\Windows\System32\config\RegBack\SAM Object is locked skipped

    C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

    C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

    C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

    C:\Windows\System32\config\SAM Object is locked skipped

    C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

    C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

    C:\Windows\System32\config\SECURITY Object is locked skipped

    C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

    C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

    C:\Windows\System32\config\SOFTWARE Object is locked skipped

    C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

    C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

    C:\Windows\System32\config\SYSTEM Object is locked skipped

    C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

    C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped

    C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped

    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf
     
  25. 549Omaha

    549Omaha TS Rookie Topic Starter Posts: 19

    Kaspersky results #3

    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped

    C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped

    C:\Windows\System32\drivers\sptd.sys Object is locked skipped

    C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

    C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

    C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped

    C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped

    C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

    C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

    C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

    C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

    C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

    C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

    C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped

    C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

    C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

    C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

    C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

    C:\Windows\Temp\a2cache_56B8F69E.dat Object is locked skipped

    C:\Windows\Temp\HPSLPS001.log Object is locked skipped

    C:\Windows\Temp\JET20C8.tmp Object is locked skipped

    C:\Windows\WindowsUpdate.log Object is locked skipped

    E:\System Volume Information\Desktop.ini Object is locked skipped

    E:\System Volume Information\Folder.htt Object is locked skipped

    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    E:\System Volume Information\Protect.ed Object is locked skipped

    Scan process completed.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...