wintest.exe

**xianwei** · 10-17-2007, 06:58 AM

I read the problem posted by Jackinthebox (or something like that), and decided to get some help of my own.

Here's my problem description:

A laptop infected my thumbdrive with the wintest.exe virus. I took back the thumbdrive, and my Norton Antivirus 2006 detected W32.SillyDC as a threat and removed it. My thumbdrive then appeared to be free from virus, as I scanned it with AVG 7.5 and Norton Antivirus 2006 again to ensure it was fine.

However, my thumbdrive now has a shell extension that says Auto when I right click on it, and it tries to run the file wintest.exe (which has since been deleted) when I run it.

I've tried using registry edit to remove this extension, but the moment I remove the thumbdrive and reinsert it, the extension comes back. I'm perturbed and I want to know how to remove this. =)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:02:13 PM, on 17/10/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\PowerForPhone\PowerForPhone.exe
C:\Windows\ASScrPro.exe
C:\Windows\system32\igfxsrvc.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Infineon\Security Platform Software\PSDrt.exe
C:\Program Files\Infineon\Security Platform Software\SpTna.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Grisoft\AVG7\avgwb.dat
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Tools\ThisisGood.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone.exe
O4 - HKLM\..\Run: [IFXSPMGT] C:\Windows\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AVG7_CC] d:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] d:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: TeaTimer - Shortcut.lnk = D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6...ws-i586-jc.cab
O16 - DPF: {BF0D51A8-3A73-4CEC-8B1C-58CDAB8244D5} (ActiveChart.ActiveXChart) - https://www.dbsvonline.com/English/ActivexChart.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - d:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Windows\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Windows\system32\ifxtcs.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Windows\system32\IfxPsdSv.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 10526 bytes

I just renamed Hijackthis to Thisisgood.exe; so that's why the logfile has an app with that name.

Please let me know if you need other information.

P.S. I'm running the Kaspersky Online scan and AVG at the moment; just downloaded the latter.

**xianwei** · 10-18-2007, 06:15 AM

Here is my Kaspersky report.

I scanned with AVG Anti-Spyware initially, but the report didn't generate, and I installed AVG Internet Security, but that didn't seem to generate a report either.

Actually, all I want to ask is if I can remove the way my Computer adds in a shell extension for my thumb drives. When I right click on any thumb drive I insert, it says Auto as the default top setting i.e. when I double click on it, it attempts to run Thumbdrive:\wintest.exe.

I've tried regedit but it seems to only remove it for that session, and when I remove the drive and reinsert it, the shell extension returns. I just want to know if there's anyway of permanently fixing this lil problem as it's irritating me.

Thanks for any help you can provide.

KASPERSKY ONLINE SCANNER REPORT
Thursday, October 18, 2007 12:26:14 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 17/10/2007
Kaspersky Anti-Virus database records: 437262

Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
C:\
D:\
E:\

Scan Statistics
Total number of scanned objects 78173
Number of viruses found 0
Number of infected objects 0
Number of suspicious objects 0
Duration of the scan process 02:49:13

Infected Object Name Virus Name Last Action
C:\Boot\BCD Object is locked skipped

C:\Boot\BCD.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped

C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr0. dat Object is locked skipped

C:\ProgramData\Microsoft\Network\Downloader\qmgr1. dat Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.4.Crwl Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\GatherLogs\SystemIndex\SystemIndex.4.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSS.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\MSStmp.log Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 007.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 00D.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 012.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 013.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 014.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 016.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 025.ci Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 025.wid Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\00010 025.wsb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX .000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Projects\SystemIndex\SystemIndex.Ntfy12.gt hr Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\tmp.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Applications\ Windows\Windows.edb Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf32B3.tmp Object is locked skipped

C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsv c\Ntf32B4.tmp Object is locked skipped

C:\ProgramData\Symantec\Common Client\settings.dat Object is locked skipped

C:\ProgramData\Symantec\LiveUpdate\2007-10-17_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\ProgramData\Symantec\Shared\QBackup\index.qbs Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBConfig.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDebug.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBDetect.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBNotify.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBRefr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetDev.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetLoc.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBSetUsr.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBStHash.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\BBValid.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPPolicy.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStart.log Object is locked skipped

C:\ProgramData\Symantec\SPBBC\SPStop.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtErEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\10FF2146.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtETmp\81521C3B.TMP Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtScEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped

C:\ProgramData\Symantec\SRTSP\SrtViEvt.log Object is locked skipped

C:\ProgramData\Symantec\SubEng\submissions.idx Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDALRT.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDCON.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDDBG.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDFW.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDIDS.log Object is locked skipped

C:\ProgramData\Symantec\SymNetDrv\SNDSYS.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\SystemRestore\FRStaging\Windows\bthser vsdp.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\H istory\History.IE5\index.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\H istory\History.IE5\MSHist012007101720071018\index. dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\T emporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\T emporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat.LOG1 Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat.LOG2 Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat{16968ea6-7adb-11dc-ad68-001bfc988019}.TM.blf Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat{16968ea6-7adb-11dc-ad68-001bfc988019}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows\U srClass.dat{16968ea6-7adb-11dc-ad68-001bfc988019}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Users\xianwei\AppData\Local\Microsoft\Windows Sidebar\Settings.ini Object is locked skipped

C:\Users\xianwei\AppData\Local\Temp\~DF97F6.tmp Object is locked skipped

C:\Users\xianwei\AppData\Local\Temp\~DF980C.tmp Object is locked skipped

C:\Users\xianwei\AppData\Roaming\Microsoft\Windows \Cookies\index.dat Object is locked skipped

C:\Users\xianwei\NTUSER.DAT Object is locked skipped

C:\Users\xianwei\ntuser.dat.LOG1 Object is locked skipped

C:\Users\xianwei\ntuser.dat.LOG2 Object is locked skipped

C:\Users\xianwei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Users\xianwei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Users\xianwei\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Windows\bthservsdp.dat Object is locked skipped

C:\Windows\Debug\PASSWD.LOG Object is locked skipped

C:\Windows\Debug\sam.log Object is locked skipped

C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped

C:\Windows\ModemLogs\ModemLog_Motorola SM56 Speakerphone Modem.txt Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive0.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\lastalive1.dat Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\AppData\Lo cal\Microsoft\Windows\WindowsUpdate.log Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\ntuser.dat .LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT {3a539869-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG1 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\ntuser.d at.LOG2 Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TM.blf Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Windows\ServiceProfiles\NetworkService\NTUSER.D AT{3a539865-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Windows\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped

C:\Windows\System32\catroot2\edb.log Object is locked skipped

C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped

C:\Windows\System32\config\COMPONENTS Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped

C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped

C:\Windows\System32\config\DEFAULT Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped

C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped

C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped

C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped

C:\Windows\System32\config\RegBack\SAM Object is locked skipped

C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped

C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped

C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped

C:\Windows\System32\config\SAM Object is locked skipped

C:\Windows\System32\config\SAM.LOG1 Object is locked skipped

C:\Windows\System32\config\SAM.LOG2 Object is locked skipped

C:\Windows\System32\config\SECURITY Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped

C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped

C:\Windows\System32\config\SOFTWARE Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped

C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped

C:\Windows\System32\config\SYSTEM Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped

C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regt rans-ms Object is locked skipped

C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regt rans-ms Object is locked skipped

C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped

C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000 000000000001 Object is locked skipped

C:\Windows\System32\Msdtc\KtmRmTmContainer00000000 000000000002 Object is locked skipped

C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped

C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped

C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped

C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped

C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl .003 Object is locked skipped

C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped

C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\HardwareEvents.evt x Object is locked skipped

C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped

C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped

C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped

C:\Windows\WindowsUpdate.log Object is locked skipped

Scan process completed.

**xianwei** · 10-18-2007, 08:05 AM

I've scanned using AVG a few times and it still doesn't generate a report. I have changed the settings to automatically generate a report and removed the check from only if threats are found. =\

Thread: wintest.exe

Thread Tools

Display

wintest.exe

Thread Information

Users Browsing this Thread

Posting Permissions