Infected laptop

[SuperDave]

C:\Windows\System32\config\SECURITY.LOG2   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG1   Object is locked   skipped
C:\Windows\System32\config\SOFTWARE.LOG2   Object is locked   skipped
C:\Windows\System32\config\SYSTEM   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG1   Object is locked   skipped
C:\Windows\System32\config\SYSTEM.LOG2   Object is locked   skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat   Object is locked   skipped
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat   Object is locked   skipped
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms   Object is locked   skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms   Object is locked   skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM   Object is locked   skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001   Object is locked   skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG1   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\schema.dat.LOG2   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TM.blf   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms   Object is locked   skipped
C:\Windows\System32\SMI\Store\Machine\SCHEMA.DAT{3a53986d-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms   Object is locked   skipped
C:\Windows\System32\spool\SpoolerETW.etl   Object is locked   skipped
C:\Windows\System32\wbem\Logs\WMITracing.log   Object is locked   skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP   Object is locked   skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA   Object is locked   skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.003   Object is locked   skipped
C:\Windows\System32\wfp\wfpdiag.etl   Object is locked   skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Application.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\Security.evtx   Object is locked   skipped
C:\Windows\System32\winevt\Logs\System.evtx   Object is locked   skipped
C:\Windows\Tasks\SCHEDLGU.TXT   Object is locked   skipped
C:\Windows\WindowsUpdate.log   Object is locked   skipped

Scan process completed.

[evilfantasy]

Thats a clean log. Looks like we got everything. I feel better about calling this solved now.

[SuperDave]

I read the articles that you aforementioned. I suspect I was infected while I was searching for some protection programs. Now that I'm clean again I'm puzzled as to what protection to use because most of the free programs I tried did nothing to remove the infections. I noticed in another thread that another moderator suggested the use of Threatfire. I did some reading about it and decided to use it for real time protection. There are so many protection programs and it's hard to determine which ones to use. I would certainly appreciate some advice. I'm now using Norton AV, Threatfire, Spybot S&D, SuperAntiSpyware with
Windows Firewall, Norton Firewall and Windows Defender. It's all so confusing.

[evilfantasy]

Searching for security can be hazardous. I learned the hard way myself so don't feel bad.

Turn off Windows Firewall. Running two isn't good and will cause conflicts with the system.

Safe security tools

Safe download sites. If you are thinking about downloading something then check to see if it is hosted at one of these malware free download sites. If it isn't there, it may not be safe.
http://www.filehippo.com
http://majorgeeks.com

In addition to what you have installed now I would suggest adding Spywareblaster. That should round out your security setup pretty well.

Once a month or so you could also run an online virus scan. I suggest using BitDefender Online Scanner. It is free and removes anything it finds.

Let me know if you need anything else.

[SuperDave]

I still have some programs such as Malwarebytes on my laptop. Is it ok to uninstall them? Everything is working A Ok except that I had one button that I could get to IE but now it doesn't work. Any Ideas?

[evilfantasy]

What button? The Icon on the desktop?

Malwarebytes is free so you can keep it. It checks for rouge programs so is good to run now and then.

[SuperDave]

It's the button between the Power button and the controls for the DVD player.

[evilfantasy]

I am not familiar enough with Vista to make a good determination. You may make a post HERE so someone else can see it and help. Hopefully it is something easy.

[SuperDave]

That's Ok. I'll work at figuring it out. I think I remember reading about it somewhere. I want to thank you for all your help over the last few days. It's nice to know that there are people in the community who are willing to take the time and effort to help someone else out of a jam. Many Thanks

[evilfantasy]

No problem. I'm glad we found a solution. I was nearly ready to throw in the towel until the DSS scan turned up the infections. Odd thing is that I haven't used that scanner in a while, just a stroke of luck!

Safe surfing, let us know if anything else comes up.

[SuperDave]

Evilfantasy for President.

[NJDAVE]

Hi,

I think I have an infection on my laptop similar to what SuperDave had on his.  I'm willing to reformat the harddrive and start all over again by reinstalling Windows XP. However, I'd like to know if it's at all safe to take any of the files off of my infected machine prior to reformatting.  It would be nice if some of my data could be saved.

The files I'd like to save are of the following types.

.txt
.doc
.wma
.mdb
.jpg
.img
.imz
.pdf

[evilfantasy]

Why not start a new thread with the logs from HERE

.doc
.wma
.mdb
.jpg
.img
.imz
.pdf

These are all very easily infected by malware and sometimes cleaning is much easier than you might think.