Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23

Thread: How to Remove Win32.NSAnti, amvo.exe ,logs included

  1. #11
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    Quote Originally Posted by Shaba View Post
    Hi

    Yes, now it's gone

    Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then start to download the latest definition files.
    • Once the scanner is installed and the definitions downloaded, click Next.
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:

      o Scan using the following Anti-Virus database:

      + Extended (If available otherwise Standard)

      o Scan Options:

      + Scan Archives
      + Scan Mail Bases
    • Click OK
    • Now under select a target to scan select My Computer
    • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button
    • Save the file to your desktop.
    • Copy and paste that information in your next post.


    Note: This scanner will work with Internet Explorer Only!

    Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the license, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

    Post:

    - a fresh HijackThis log
    - kaspersky report




    hi,

    thanks for the help

    now i am running kaspersky online scan,
    i will post the results tomorrow, as i will leave the office now
    but can i enable counterspy now, or still keep it disabled

  2. #12
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Yes, you can re-enable it now.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  3. #13
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    Quote Originally Posted by Shaba View Post
    Hi

    Yes, you can re-enable it now.
    hi, i need to show this HJT log to you ,this is recent HJT log
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:35:22 PM, on 1/9/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    D:\Software\anti virus\HiJackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

    --
    End of file - 7085 bytes




    the amvo.exe is back in the log file,
    the steps which i take , which might have caused this are
    tools->folder options->view->show hidden files and folders
    i select this as hidden files in my system are not visible,even if i want to see them by this way,

  4. #14
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    I guess why it's back is that CounterSpy is on.

    Please turn it off.

    If it comes back when you again turn it on, you will need to uninstall and re-install CounterSpy.

    As for hidden files, you can try to run this
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  5. #15
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    Quote Originally Posted by Shaba View Post
    Hi

    I guess why it's back is that CounterSpy is on.

    Please turn it off.

    If it comes back when you again turn it on, you will need to uninstall and re-install CounterSpy.

    As for hidden files, you can try to run this

    I have uninstalled CounterSpy and have not re-installed it back or any other antispyware,

    for hidden files issue, i get rid of the problem by executing the file(script), but when i check tools->folders->view->Hidden Files And Folders:- this has two options 1)dont show hidden 2) show hidden, what i see is
    , none of them are selected ,though they are radio buttons,
    this is log file of HJT when none of radio button is selected due to file you give to sort the problem

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:44:09 AM, on 1/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\as\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

    --
    End of file - 6890 bytes



    now when i am installing counterspy after some time, this is HJT log during the installation, one more time amvo.exe is present, (tools->folders->view->hidden files and folders, here do not show hidden files is selected, though i have selected "show hidde files and folders", i dont know how this happened)


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:18:18 AM, on 1/10/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\Program Files\Sunbelt Software\CounterSpy\CounterSpy.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\as\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SBRegRebootCleaner] C:\Program Files\Sunbelt Software\CounterSpy\SBRC.exe
    O4 - HKLM\..\Run: [SBCSTray] C:\Program Files\Sunbelt Software\CounterSpy\SBCSTray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer = 202.54.29.5,202.54.10.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Sunbelt CounterSpy Antispyware (SBCSSvc) - Sunbelt Software - C:\Program Files\Sunbelt Software\CounterSpy\SBCSSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe

    --
    End of file - 7446 bytes




    .

  6. #16
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    this is kaspersky antivirus scan log report, which was done by me yesterday



    KASPERSKY ONLINE SCANNER REPORT
    Wednesday, January 09, 2008 9:52:25 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 9/01/2008
    Kaspersky Anti-Virus database records: 504750


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\

    Scan Statistics
    Total number of scanned objects 88567
    Number of viruses found 7
    Number of infected objects 49
    Number of suspicious objects 0
    Duration of the scan process 02:06:16

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Sunbelt Software\CounterSpy\Quarantine\{2B8E27CE-B09C-4375-818C-DFD9E6BE58FA} Infected: Worm.Win32.AutoRun.bnw skipped

    C:\Documents and Settings\All Users\Application Data\Sunbelt Software\CounterSpy\Quarantine\{51A170DB-E6B9-443B-99B9-990521EB4007} Infected: Worm.Win32.AutoRun.bnq skipped

    C:\Documents and Settings\as\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C\dfsr.db Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C\fsr.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C\tmp.edb Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows Live Contacts\devang@clientdriveninnovation.com\real\members.stg Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows Live Contacts\devang@clientdriveninnovation.com\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\as\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\History\History.IE5\MSHist012008010920080110\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\1199884811.srcsafe Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\7k7codj.dll Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_g2mlauncher.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_msnmsgr.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MOutlookAddin_util.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\log8.tmp\G2MStart.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\log8.tmp\GoToMeeting.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\G2MCodec.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\Perflib_Perfdata_184.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\pku5kehx.dll Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\rkd.dll Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\y8ez.dll Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF6B73.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF6B7E.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF76A9.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF76BD.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temporary Internet Files\Content.IE5\MDKY4WR8\offline[1].png Object is locked skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader\VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader.zip/VDownloader.exe Infected: not-a-virus:Downloader.Win32.VDown.a skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader.zip ZIP: infected - 1 skipped

    C:\Documents and Settings\as\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\as\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_31c.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\DataPointe_1.ndf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_146.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\bowling.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\bowling_log.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\DataPointe.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\DataPointe_log.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\test_db.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\test_db_log.LDF Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\log_146.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Log\FlightRecorderCurrent.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Log\msmdsrv.log Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000050.exe Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000051.dll Infected: Trojan-PSW.Win32.OnLineGames.nij skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000052.exe/file1 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000052.exe/file3 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000052.exe Inno: infected - 2 skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000103.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000104.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000107.dll Infected: Trojan-PSW.Win32.OnLineGames.nij skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP2\A0000544.bat Infected: Trojan-PSW.Win32.OnLineGames.nhx skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP2\A0000545.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP2\A0000548.exe Infected: Trojan-PSW.Win32.OnLineGames.nhx skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000569.bat Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000570.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000594.bat Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000595.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000620.bat Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000621.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001618.bat Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001619.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001622.exe Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001623.dll Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001655.bat Infected: Worm.Win32.AutoRun.bnw skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001656.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001659.exe Infected: Worm.Win32.AutoRun.bnw skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001671.inf Infected: Worm.Win32.AutoRun.bnq skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001674.dll Infected: Worm.Win32.AutoRun.bnw skipped

    C:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_60c.dat Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\Software\anti virus\setup.exe/file1 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped

    D:\Software\anti virus\setup.exe/file3 Infected: not-a-virus:FraudTool.Win32.AntiSpyware.a skipped

    D:\Software\anti virus\setup.exe Inno: infected - 2 skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000105.bat Infected: Trojan-PSW.Win32.OnLineGames.ngm skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP1\A0000106.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP2\A0000546.bat Infected: Trojan-PSW.Win32.OnLineGames.nhx skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP2\A0000547.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000571.bat Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000572.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000596.bat Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000597.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000622.bat Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0000623.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001620.bat Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001621.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001657.bat Infected: Worm.Win32.AutoRun.bnw skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001658.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\A0001673.inf Infected: Worm.Win32.AutoRun.bnq skipped

    D:\System Volume Information\_restore{48D6AD49-2A3C-4008-8F96-2FEBDAD9BD96}\RP3\change.log Object is locked skipped

    Scan process completed

  7. #17
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    CounterSpy might have a "memory"; you may need to manually delete its folders and clean registry before re-installing or it will come back.

    There is no file anymore, registry entry just won't leave.

    If no help, you may need to contact CounterSpy.

    As for hidden files issue, see here
    3rd post, p2u.

    Empty this folder:

    C:\Documents and Settings\All Users\Application Data\Sunbelt Software\CounterSpy\Quarantine

    Delete this:

    D:\Software\anti virus\setup.exe

    Empty Recycle Bin.

    Re-scan with kaspersky.

    Post:

    - a fresh HijackThis log
    - kaspersky report
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

  8. #18
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    hi, thanks for your precious guidance and help,

    this is new HJT log , with KASPERSKY REPORT , (when i ran HJT in hte morning ,amvo.exe was there, i removed

    it,from system32 also, now it has not come back, but today i opserved one more thing (desktop.ini) in my pc,

    was it creating any kind of damage in the sytem..)



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:30:11 PM, on 1/11/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16574)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
    C:\Program Files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe
    c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\sttray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
    C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mcomm.exe
    C:\Program Files\Citrix\GoToMeeting\198\g2mlauncher.exe
    C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\MSN Messenger\livecall.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Spyware Doctor\update.exe
    C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\devenv.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
    C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WebDev.WebServer.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\as\Desktop\HijackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat

    7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -

    C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common

    Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

    files\google\googletoolbar1.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

    Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
    O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [GoToMeeting] C:\Program Files\Citrix\GoToMeeting\198\g2mstart.exe "/Trigger RunAtLogon"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

    Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

    Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -

    http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -

    http://fpdownload2.macromedia.com/ge...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer =

    202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer =

    202.54.29.5,202.54.10.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{4AE3987A-7D89-4B7E-A571-7423AABBB6D9}: NameServer =

    202.54.29.5,202.54.10.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -

    C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
    O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
    O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security

    Suite\CA Anti-Virus\ISafe.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google

    Updater\GoogleUpdaterService.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware

    Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware

    Doctor\pctsSvc.exe
    O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major

    Audio\WDM\STacSV.exe
    O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA

    Anti-Virus\VetMsg.exe

    --
    End of file - 8212 bytes

  9. #19
    Junior Member
    Join Date
    Jan 2008
    Location
    india
    Posts
    13

    Default

    KASPERSKY ONLINE SCANNER REPORT
    Friday, January 11, 2008 5:25:28 PM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 11/01/2008
    Kaspersky Anti-Virus database records: 507502


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    C:\
    D:\

    Scan Statistics
    Total number of scanned objects 91689
    Number of viruses found 1
    Number of infected objects 3
    Number of suspicious objects 0
    Duration of the scan process 01:54:48

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked

    skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked

    skipped

    C:\Documents and Settings\as\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked

    skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Logs\Dfsr00005.log Object is locked

    skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\pending.dat Object is locked

    skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C

    \dfsr.db Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C

    \fsr.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C

    \fsrtmp.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application

    Data\Microsoft\Messenger\devang@clientdriveninnovation.com\SharingMetadata\Working\database_9488_B4AB_88B4_8D6C

    \tmp.edb Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked

    skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is

    locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows Live

    Contacts\devang@clientdriveninnovation.com\real\members.stg Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Application Data\Microsoft\Windows Live

    Contacts\devang@clientdriveninnovation.com\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\as\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\History\History.IE5\MSHist012008011120080112\index.dat Object is

    locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\1200033550.srcsafe Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\1200036210.srcsafe Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_g2mlauncher.log

    Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MIMessenger_msnmsgr.log Object

    is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\G2MOutlookAddin_util.log Object is

    locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\log1.tmp\G2MStart.log Object is

    locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\citrixlogs\gotomeeting\198\log1.tmp\GoToMeeting.log Object is

    locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\G2MCodec.log Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\Perflib_Perfdata_d88.dat Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF2C8D.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF2DD0.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DF941.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DFCBA2.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DFCBE2.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DFCF79.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temp\~DFF02D.tmp Object is locked skipped

    C:\Documents and Settings\as\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked

    skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader\VDownloader.exe Infected:

    not-a-virus:Downloader.Win32.VDown.a skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader.zip/VDownloader.exe Infected:

    not-a-virus:Downloader.Win32.VDown.a skipped

    C:\Documents and Settings\as\My Documents\My Received Files\vdownloader.zip ZIP: infected - 1 skipped

    C:\Documents and Settings\as\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\as\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object

    is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

    Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is

    locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object

    is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG

    Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked

    skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_130.dat Object is locked

    skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object

    is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\DataPointe_1.ndf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\master.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\mastlog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\model.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\modellog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdbdata.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\msdblog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\tempdb.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data\templog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\log_159.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\bowling.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\bowling_log.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\DataPointe.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\DataPointe_log.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\master.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\mastlog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\model.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\modellog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdbdata.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\msdblog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\tempdb.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\templog.ldf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\test_db.mdf Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Data\test_db_log.LDF Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\ERRORLOG Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\LOG\log_159.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Log\FlightRecorderCurrent.trc Object is locked skipped

    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\Log\msmdsrv.log Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{27288C0D-3A96-46F1-9B8C-8BC53F06B7F3}.bin Object is locked

    skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped

    C:\WINDOWS\system32\config\OSession.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\Perflib_Perfdata_344.dat Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.

  10. #20
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi

    Desktop.ini should be visible only when hidden files are visible.

    Does they work ok now?

    Logs look ok to me.

    Any issues left?
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •