1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

are these real viruses???

Discussion in 'Virus & Other Malware Removal' started by ktg35envy, Jul 16, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    hello, i am now posting a new thread about my desktop. i did an online kaspersky scan and it started saying a lot of my files were locked? i'm not sure why. can you interpret this for me? my C: drive is brand new and the locked files are on there. i have 2 hard drives. the old one is F: drive and shows viruses. i will be reformatting it later today. i also will be installing spysweeper and spyware doctor later today as well once i make a trip to futureshop. i have attached a highjack this log for your viewing as well. my antivirus is avast, my firewall is macafee and i also use spyware blaster, adaware, and spybot S&D.


    Sunday, July 16, 2006 11:16:33 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.83.0
    Kaspersky Anti-Virus database last update: 16/07/2006
    Kaspersky Anti-Virus database records: 207716
    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true
    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    Scan Statistics
    Total number of scanned objects 86377
    Number of viruses found 6
    Number of infected objects 20 / 0
    Number of suspicious objects 0
    Duration of the scan process 01:11:31

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd002.log Object is locked skipped
    C:\Documents and Settings\Keatan\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Keatan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Keatan\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Keatan\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Keatan\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Keatan\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Keatan\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\McAfee.com\Personal Firewall\data\hwcache.xdb Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP46\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_78c.dat Object is locked skipped
    C:\WINDOWS\Temp\sqlite_DBbleCD2r9hYFpk Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000002-00000000-0000000B-00001102-00000004-10071102}.CDF Object is locked skipped
    E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0016195.dll Infected: Trojan-Downloader.Win32.Lemmy.u skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0016199.exe/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0016199.exe/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.a skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0016199.exe NSIS: infected - 2 skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe/data0002/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.b skipped
    F:\System Volume Information\_restore{02341633-526A-41AE-88F0-7761E30596F1}\RP42\A0025320.exe NSIS: infected - 5 skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137697.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137697.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137697.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137697.exe WiseSFX: infected - 3 skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137697.exe WiseSFX Dropper: infected - 3 skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137700.exe/WISE0014.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137700.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137700.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137700.exe WiseSFX: infected - 3 skipped
    F:\System Volume Information\_restore{DCBFBEE7-8C78-4A14-AF92-F7E9422BC633}\RP1112\A0137700.exe WiseSFX Dropper: infected - 3 skipped
    Scan process completed.


    Logfile of HijackThis v1.99.1
    Scan saved at 11:19:13 AM, on 7/16/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    c:\program files\mcafee.com\agent\mcdetect.exe
    c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WMP54GS.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Logitech\SetPoint\SetPoint.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Documents and Settings\Keatan\Desktop\Spyware, Antivirus and Firewall Tools\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [PDF3 Registry Controller] "C:\Program Files\ScanSoft\PDF Professional 3.0\\RegistryController.exe"
    O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
    O4 - Global Startup: APC UPS Status.lnk.disabled
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files\ScanSoft\PDF Professional 3.0\IEShellExt.dll /100
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,90/mcinsctl.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1152221262718
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: WMP54GSSVC - Unknown owner - C:\Program Files\Linksys Wireless-G Wireless Network Monitor\WLService.exe" "WMP54GS.exe (file missing)
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Some of these files are locked by the anti-virus and/or windows defender so no other program can access them (viruses included), others by the operating system and by other programs that are running at the moment.
     
  3. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    oh i see. so then it looks like i have nothing to worry about on my C: drive and i will be reformatting F: drive later today.

    did you notice anything from the highjackthis log?
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    No it's nothing to worry about. And the log looks fine. (y)
     
  5. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    You can clean the infected files out of system restore:

    Go to Start>>Run. Type msconfig and press Enter
    Click Launch System Restore then click System Restore Settings
    Put a checkmark next to Turn off system restore on all drives and click Apply>>OK
    Close System Restore utility and the System Configuration Utility

    Restart your computer

    Go to Start>>Run. Type msconfig and press Enter
    Click Launch System Restore then click System Restore Settings
    Uncheck Turn off system restore on all drives and click Apply>>OK
    Close System Restore utility and the System Configuration Utility

    You might also want to think about choosing between McAfee and Avast, as two antivirus programs can sometimes conflict with each other.
     
  6. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    actually, i only use mcafee for firewall, not antivirus. i use avast for AV protection. thanks for the help.
     
  7. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
  8. ktg35envy

    ktg35envy Thread Starter

    Joined:
    Apr 24, 2005
    Messages:
    67
    thanks a lot for your help. (y) my system is clean now. i bought spysweeper and spyware doctor last night and they seem to work well together. i use spysweeper for real-time protection because i like it better than spyware doctors on-guard protection. I only use spyware doctor when i need to do an ad hoc scan because it always picks up what spysweeper left behind. This set up seems to be pretty good so far with avast for AV and mcafee for firewall. lets hope it stays good. although i am wondering whether i should try a different firewall.

    my last question would be about registry maintenance. i was wondering if you recommend a regular maintenance of your registry to keep your PC running optimally. i tried the downloadable version of registry mechanic for my work laptop and it found over 800 items that needed attention, many of which were high priority. any comments about registry maintenance for a home PC?
     
  9. brendandonhu

    brendandonhu

    Joined:
    Jul 8, 2002
    Messages:
    14,681
    I wouldn't bother with a registry cleaner, its more likely to cause problems than fix them.
     
  10. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/483661

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice