Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Avast4.8 Picked Up Win32:trojan-gen. {upx!} Infection.


  • Please log in to reply
1 reply to this topic

#1 BungleFeet

BungleFeet

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:02:13 AM

Posted 22 April 2008 - 03:37 PM

A couple of days ago I upgraded my Avast antivirus-software to version 4.8, and decided to do a deep scan of my entire system. It picked up a trojan - Win32:Trojan-gen. {UPX!} (along with another one, W32/Horst.AAF, although I am sure that file has never been executed on my system).

Recently I have experienced a massive increase in the amount of spam hitting my inbox (from zero, to a few messages every minute). I am wondering if this is a symptom of my system being compromised?

I am unfamiliar with this trojan, and not sure how to tell if my system has been compromised. I have performed scans using HijackThis, Deckard, and the online Kaspersky scanner tool, and would appreciate some assistance in interpreting the results.

Here are the results of the HijackThis scan:

Run by Ewan on 2008-04-21 21 _linenums:29'>Deckard's System Scanner v20071014.68Run by Ewan on 2008-04-21 21:29:24Computer is in Normal Mode.---------------------------------------------------------------------------------- Last 5 Restore Point(s) --11: 2008-04-20 23:01:12 UTC - RP258 - Scheduled Checkpoint10: 2008-04-20 01:06:16 UTC - RP257 - Scheduled Checkpoint9: 2008-04-18 23:23:11 UTC - RP256 - Scheduled Checkpoint8: 2008-04-18 00:47:52 UTC - RP255 - Windows Update7: 2008-04-17 13:14:18 UTC - RP254 - Windows Update-- First Restore Point -- 1: 2008-04-12 01:12:42 UTC - RP248 - Windows UpdateBacked up registry hives.Performed disk cleanup.-- HijackThis (run as Ewan.exe) ------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 21:30:56, on 21/04/2008Platform: Windows Vista SP1 (WinNT 6.00.1905)MSIE: Internet Explorer v7.00 (7.00.6001.18000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Java\jre1.6.0_05\bin\jusched.exeC:\Program Files\Alwil Software\Avast4\ashDisp.exeC:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeC:\Program Files\EverNote\EverNote\UniClipper.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\EverNote\EverNote\EverNote.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXEC:\Program Files\Hamachi\hamachi.exeC:\Program Files\Last.fm\LastFMHelper.exeC:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\Last.fm\LastFM.exeC:\Program Files\Skype\Phone\Skype.exeC:\Program Files\Skype\Plugin Manager\skypePM.exeC:\Program Files\TortoiseSVN\bin\TSVNCache.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Kontiki\KHost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\taskeng.exeC:\Program Files\Orbitdownloader\orbitdm.exeC:\Program Files\Orbitdownloader\orbitnet.exeC:\Users\Ewan\Downloads\dss.exeC:\Windows\system32\conime.exeC:\PROGRA~1\TRENDM~1\HIJACK~1\Ewan.exeC:\Windows\system32\SearchFilterHost.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url="http://go.microsoft.com/fwlink/?LinkId=69157"]http://go.microsoft.com/fwlink/?LinkId=69157[/url]R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dllO2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO2 - BHO: IE Developer Toolbar BHO - {CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exeO4 - HKLM\..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exeO4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"O4 - HKLM\..\Run: [Skytel] Skytel.exeO4 - HKCU\..\Run: [UniClipper] "C:\Program Files\EverNote\EverNote\UniClipper.exe"O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimizedO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - Startup: EverNote.lnk = C:\Program Files\EverNote\EverNote\EverNote.exeO4 - Startup: Hamachi.lnk = C:\Program Files\Hamachi\hamachi.exeO4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exeO8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204O8 - Extra context menu item: Add to EverNote - res://C:\Program Files\EverNote\EverNote\enbar.dll/2000O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dllO9 - Extra button: IE Developer Toolbar - {48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dllO9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dllO9 - Extra button: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dllO9 - Extra 'Tools' menuitem: Add to EverNote - {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - C:\Program Files\EverNote\EverNote\enbar.dllO13 - Gopher Prefix: O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - [url="http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx"]http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx[/url]O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - [url="https://bgsn2.bgs.ac.uk/dana-cached/setup/JuniperSetup.cab"]https://bgsn2.bgs.ac.uk/dana-cached/setup/JuniperSetup.cab[/url]O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - AppInit_DLLs:  O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exeO23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exeO23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exeO23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exeO23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exeO23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exeO23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: CarboniteService - Carbonite, Inc. (www.carbonite.com) - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exeO23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exeO23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe--End of file - 7583 bytes-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------backup-20080421-212232-999 O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R3 SbieDrv - \??\c:\program files\sandboxie\sbiedrv.sys-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 Bonjour Service (##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##) - "c:\program files\bonjour\mdnsresponder.exe" <Not Verified; Apple Computer, Inc.; Bonjour>R2 SbieSvc (Sandboxie Service) - c:\program files\sandboxie\sbiesvc.exe <Not Verified; tzuk; Sandboxie>S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" <Not Verified; Macrovision Europe Ltd.; FLEXnet Publisher (32 bit)>-- Device Manager: Disabled ----------------------------------------------------Class GUID: {4d36e97d-e325-11ce-bfc1-08002be10318}Description: High precision event timerDevice ID: ACPI\PNP0103\4&3550268&0Manufacturer: (Standard system devices)Name: High precision event timerPNP Device ID: ACPI\PNP0103\4&3550268&0Service: -- Files created between 2008-03-21 and 2008-04-21 -----------------------------2008-04-21 21:14:14         0 d-------- C:\Program Files\Trend Micro2008-03-27 23:22:55    185215 --a------ C:\wubildr2008-03-27 23:22:07    110237 --a------ C:\Windows\Uninstall.exe <Not Verified; ; Wubi>2008-03-26 22:49:13         0 d-------- C:\PerfLogs2008-03-24 22:06:06         0 d-------- C:\Users\All Users\ATI2008-03-24 19:34:35         0 d--h----- C:\Users\All Users\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}2008-03-24 19:34:32         0 d-------- C:\Program Files\Eraser2008-03-24 19:30:16         0 -rahs---- C:\MSDOS.SYS2008-03-24 19:30:16         0 -rahs---- C:\IO.SYS2008-03-24 19:06:09         0 d-------- C:\Program Files\TrueCrypt2008-03-21 01:27:45         0 d-------- C:\Program Files\ActiveState Komodo Edit 4.2-- Find3M Report ---------------------------------------------------------------2008-04-21 21:32:27         0 d-------- C:\Users\Ewan\AppData\Roaming\Hamachi2008-04-21 21:29:16         0 d-------- C:\Users\Ewan\AppData\Roaming\Orbit2008-04-21 21:13:15         0 d-------- C:\Program Files\Orbitdownloader2008-04-21 21:06:01         0 d-------- C:\Users\Ewan\AppData\Roaming\Skype2008-04-19 22:30:48         0 d-------- C:\Users\Ewan\AppData\Roaming\Adobe2008-04-17 15:30:26         0 d-------- C:\Program Files\Windows Mail2008-04-15 22:45:22         0 d-------- C:\Users\Ewan\AppData\Roaming\uTorrent2008-04-01 21:30:22         0 d-------- C:\Users\Ewan\AppData\Roaming\Winamp2008-04-01 21:08:42         0 d-------- C:\Program Files\Winamp2008-03-26 22:57:51       174 --ahs---- C:\Program Files\desktop.ini2008-03-26 22:49:56         0 d-------- C:\Program Files\Windows Sidebar2008-03-26 22:49:56         0 d-------- C:\Program Files\Windows Calendar2008-03-26 22:49:56         0 d-------- C:\Program Files\Movie Maker2008-03-26 22:49:55         0 d-------- C:\Program Files\Windows Photo Gallery2008-03-26 22:49:55         0 d-------- C:\Program Files\Windows Journal2008-03-26 22:49:55         0 d-------- C:\Program Files\Windows Defender2008-03-26 22:49:55         0 d-------- C:\Program Files\Windows Collaboration2008-03-26 00:57:03         0 d-------- C:\Users\Ewan\AppData\Roaming\FireShot2008-03-24 22:02:30         0 d-------- C:\Program Files\ATI Technologies2008-03-24 19:15:23         0 d-------- C:\Users\Ewan\AppData\Roaming\TrueCrypt2008-03-24 15:59:02         0 d-------- C:\Users\Ewan\AppData\Roaming\DVD Flick2008-03-21 03:02:49         0 d-------- C:\Users\Ewan\AppData\Roaming\OpenOffice.org22008-03-21 02:49:54         0 d-------- C:\Users\Ewan\AppData\Roaming\FileZilla2008-03-21 02:44:29         0 d-------- C:\Program Files\KeePass Password Safe2008-03-21 01:31:48         0 d-------- C:\Users\Ewan\AppData\Roaming\ActiveState2008-03-17 09:38:49         0 d-------- C:\Program Files\FileZilla Client2008-03-15 03:50:27         0 d-------- C:\Program Files\Mozilla Thunderbird2008-03-15 02:32:02         0 d-------- C:\Program Files\PicLens Publisher2008-03-15 02:12:31         0 d-------- C:\Users\Ewan\AppData\Roaming\gtk-2.02008-03-13 23:00:11         0 d-------- C:\Program Files\Sandboxie2008-03-12 10:24:24         0 d-------- C:\Program Files\Java2008-03-10 21:44:15      1310 --a------ C:\Windows\mozver.dat2008-03-09 13:01:52         0 d-------- C:\Users\Ewan\AppData\Roaming\Google2008-02-26 00:03:23         0 d-------- C:\Program Files\DVD Flick2008-02-24 19:44:46         0 d-------- C:\Program Files\OpenOffice.org 2.32008-02-18 00:22:38    233472 --a------ C:\Windows\system32\REX Shared Library.dll <Not Verified; Propellerhead Software AB; REX SDK>2008-02-18 00:22:38    368640 --a------ C:\Windows\system32\ReWire.dll <Not Verified; Propellerhead Software AB; ReWire>2008-01-31 00:51:59    147456 --a------ C:\Windows\system32\WMIMPLEX.dll2008-01-31 00:51:59     36864 --a------ C:\Windows\system32\maplec.dll-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [19/01/2008 08:38]"RtHDVCpl"="RtHDVCpl.exe" [19/09/2007 15:50 C:\Windows\RtHDVCpl.exe]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [22/02/2008 05:25]"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [29/03/2008 18:37]"Carbonite Backup"="C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe" [09/02/2008 08:04]"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [10/11/2006 13:35]"Skytel"="Skytel.exe" [03/08/2007 14:22 C:\Windows\SkyTel.exe][HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"UniClipper"="C:\Program Files\EverNote\EverNote\UniClipper.exe" [11/12/2007 15:20]"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [19/01/2008 08:33]"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [13/09/2007 14:31]C:\Users\Ewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EverNote.lnk - C:\Program Files\EverNote\EverNote\EverNote.exe [11/3/2007 4:14:03 PM]Last.fm Helper.lnk - C:\Program Files\Last.fm\LastFMHelper.exe [11/2/2007 10:13:10 AM][HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"=2 (0x2)"EnableUIADesktopToggle"=0 (0x0)[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"appinit_dlls"= [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]@="Service"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]@="Driver"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]@="Volume shadow copy"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]@="IEEE 1394 Bus host controllers"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]@="SBP2 IEEE 1394 Devices"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]@="SecurityDevices"[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalService	nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient SstpSvcLocalSystemNetworkRestricted	hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc CscService TabletInputService UmRdpService wlansvc WPDBusEnum EMDMgmtLocalServiceNoNetwork	PLA DPS BFE mpssvcLocalServiceNetworkRestricted	DHCP eventlog AudioSrv LmHosts wscsvc p2pimsvc PNRPSvc p2psvc PnrpAutoReg[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f1294e33-872d-11dc-aac7-003005e54d71}]AutoRun\command- D:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe*Newly Created Service* - ASWFSBLK*Newly Created Service* - ASWSP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]C:\Windows\system32\unregmp2.exe /ShowWMP[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI-- End of Deckard's System Scanner: finished at 2008-04-21 21:36:32 ------------

And the extra logfile:

Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft® Windows Vista™ Business (build 6001) SP 1.0
Architecture _linenums:0'>Deckard's System Scanner v20071014.68Extra logfile - please post this as an attachment with your post.---------------------------------------------------------------------------------- System Information ----------------------------------------------------------Microsoft® Windows Vista™ Business (build 6001) SP 1.0Architecture: X86; Language: EnglishCPU 0: Intel® Pentium® D CPU 3.00GHzPercentage of Memory in Use: 48%Physical Memory (total/avail): 1917.4 MiB / 981.47 MiBPagefile Memory (total/avail): 4086.12 MiB / 2833.27 MiBVirtual Memory (total/avail): 2047.88 MiB / 1913.69 MiBC: is Fixed (NTFS) - 60 GiB total, 27.48 GiB free. E: is Fixed (NTFS) - 150 GiB total, 14.95 GiB free. F: is Fixed (NTFS) - 100 GiB total, 53.06 GiB free. G: is Fixed (NTFS) - 50 GiB total, 10.9 GiB free. H: is Fixed (NTFS) - 50 GiB total, 20.8 GiB free. I: is Fixed (NTFS) - 5 GiB total, 3.54 GiB free. J: is CDROM (No Media)\\.\PHYSICALDRIVE0 - ST3500630AS ATA Device - 465.76 GiB - 7 partitions \PARTITION0 (bootable) - Installable File System - 60 GiB - C: \PARTITION1 - Extended Partition - 403.76 GiB - E: - F: - G: - H: - I: \PARTITION2 - Unknown - 2047.35 MiB-- Security Center -------------------------------------------------------------AUOptions is set to notify before install.Windows Internal Firewall is disabled.FW: COMODO Firewall Pro v3.0 (COMODO)AV: avast! antivirus 4.8.1169 [VPS 080421-0] v4.8.1169 (ALWIL Software) DisabledAS: Windows Defender v1.1.1505.0 (Microsoft Corporation)AS: avast! antivirus 4.8.1169 [VPS 080421-0] v4.8.1169 (ALWIL Software) Disabled[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]"C:\\Program Files\\Orbitdownloader\\orbitdm.exe"="C:\\Program Files\\Orbitdownloader\\orbitdm.exe:*:Enabled:Orbit""C:\\Program Files\\Orbitdownloader\\orbitnet.exe"="C:\\Program Files\\Orbitdownloader\\orbitnet.exe:*:Enabled:Orbit"-- Environment Variables -------------------------------------------------------ALLUSERSPROFILE=C:\ProgramDataAPPDATA=C:\Users\Ewan\AppData\RoamingAPR_ICONV_PATH=C:\Program Files\Subversion\iconvCLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zipCommonProgramFiles=C:\Program Files\Common FilesCOMPUTERNAME=FEERSUMENDJINNComSpec=C:\Windows\system32\cmd.exeFP_NO_HOST_CHECK=NOHOME=F:HOMEDRIVE=C:HOMEPATH=\Users\EwanKMP_DUPLICATE_LIB_OK=TRUELOCALAPPDATA=C:\Users\Ewan\AppData\LocalLOGONSERVER=\\FEERSUMENDJINNNUMBER_OF_PROCESSORS=2OS=Windows_NTPath=C:\Program Files\Mozilla Firefox;C:\Program Files\Alwil Software\Avast4;C:\Program Files\ActiveState Komodo Edit 4.2\;C:\Perl\bin;C:\watcom-1.3\binnt;C:\watcom-1.3\binw;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Subversion\bin;I:\xampp\mysql\bin;I:\xampp\apache\bin;C:\Program Files\innotek VirtualBoxPATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSCPROCESSOR_ARCHITECTURE=x86PROCESSOR_IDENTIFIER=x86 Family 15 Model 6 Stepping 5, GenuineIntelPROCESSOR_LEVEL=15PROCESSOR_REVISION=0605ProgramData=C:\ProgramDataProgramFiles=C:\Program FilesPROMPT=$P$GPUBLIC=C:\Users\PublicQTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zipSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\Ewan\AppData\Local\TempTMP=C:\Users\Ewan\AppData\Local\TempUSERDOMAIN=FEERSUMENDJINNUSERNAME=EwanUSERPROFILE=C:\Users\EwanVBOX_USER_HOME=H:\VirtualBoxWATCOM=C:\watcom-1.3windir=C:\Windows-- User Profiles ---------------------------------------------------------------EwanGuest (guest)-- Add/Remove Programs ---------------------------------------------------------7-Zip 4.42 --> "C:\Program Files\7-Zip\Uninstall.exe"AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exeActivePerl 5.8.8 Build 822 --> MsiExec.exe /I{D0E5A0E6-5947-4F21-B8AE-5129D153083B}ActiveState Komodo Edit 4.2.1 --> MsiExec.exe /I{50E54EE6-75F5-4483-B73E-137B4207CA08}Adobe Anchor Service CS3 --> MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}Adobe Asset Services CS3 --> MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}Adobe Bridge CS3 --> MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}Adobe Bridge Start Meeting --> MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}Adobe Camera Raw 4.0 --> MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}Adobe CMaps --> MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}Adobe Color - Photoshop Specific --> MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}Adobe Color Common Settings --> MsiExec.exe /I{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}Adobe Color EU Extra Settings --> MsiExec.exe /I{51846830-E7B2-4218-8968-B77F0FF475B8}Adobe Color EU Recommended Settings --> MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}Adobe Color JA Extra Settings --> MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}Adobe Color NA Extra Settings --> MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}Adobe Color NA Recommended Settings --> MsiExec.exe /I{95655ED4-7CA5-46DF-907F-7144877A32E5}Adobe Default Language CS3 --> MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}Adobe Device Central CS3 --> MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}Adobe ExtendScript Toolkit 2 --> MsiExec.exe /I{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}Adobe Flash Player ActiveX --> C:\Windows\system32\Macromed\Flash\uninstall_activeX.exeAdobe Flash Player Plugin --> C:\Windows\system32\Macromed\Flash\uninstall_plugin.exeAdobe Fonts All --> MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}Adobe Help Viewer CS3 --> MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}Adobe Illustrator CS3 --> C:\Program Files\Common Files\Adobe\Installers\a04a925a57548091300ada368235fc6\Setup.exeAdobe Illustrator CS3 --> MsiExec.exe /I{F08E8D2E-F132-4742-9C87-D5FF223A016A}Adobe Linguistics CS3 --> MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}Adobe PDF Library Files --> MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}Adobe Photoshop CS3 --> C:\Program Files\Common Files\Adobe\Installers\2ac78060bc5856b0c1cf873bb919b58\Setup.exeAdobe Photoshop CS3 --> MsiExec.exe /I{0046FA01-C5B9-4985-BACB-398DC480FC05}Adobe Photoshop Elements 6.0 --> msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}Adobe Setup --> MsiExec.exe /I{4F3E17F8-F1C8-4A4B-9EB8-1EE2D190CDA9}Adobe Setup --> MsiExec.exe /I{D1BB4446-AE9C-4256-9A7F-4D46604D2462}Adobe Stock Photos CS3 --> MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}Adobe Type Support --> MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}Adobe Update Manager CS3 --> MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}Adobe Version Cue CS3 Client --> MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}Adobe WinSoft Linguistics Plugin --> MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}Adobe XMP Panels CS3 --> MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}Apple Software Update --> MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALLAutoHotkey 1.0.47.04 --> C:\Program Files\AutoHotkey\uninst.exeavast! Antivirus --> C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetupBBC iPlayer Download Manager --> MsiExec.exe /I {D466F3D9-510C-4729-B7D4-2E70490E4CDF}Blender (remove only) --> "C:\Program Files\Blender Foundation\Blender\uninstall.exe"Carbonite --> C:\Program Files\Carbonite\Carbonite Backup\CarboniteSetup.exe /removeCCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"CDBurnerXP --> "C:\Program Files\CDBurnerXP\unins000.exe"DriveImage XML --> "C:\Program Files\Runtime Software\DriveImage XML\Uninstall.exe" "C:\Program Files\Runtime Software\DriveImage XML\install.log" -uDVD Decrypter (Remove Only) --> "C:\Program Files\DVD Decrypter\uninstall.exe"DVD Flick --> "C:\Program Files\DVD Flick\unins000.exe"DVD Shrink 3.2 --> "C:\Program Files\DVD Shrink\unins000.exe"Eraser --> "C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exe" REMOVE=TRUE MODIFY=FALSEEraser --> C:\ProgramData\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}\EraserSetup32.exeEverNote --> C:\Program Files\InstallShield Installation Information\{00C297B1-02F3-4BEE-8B57-7BCA695A41DA}\setup.exe -runfromtemp -l0x0009 -removeonlyFastStone Image Viewer 3.4 --> C:\Program Files\FastStone Image Viewer\uninst.exeFileZilla Client 3.0.8 --> C:\Program Files\FileZilla Client\uninstall.exeFoxit Reader --> C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exeGIMP 2.4.1 --> "C:\Program Files\GIMP-2.0\setup\unins000.exe"GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"Google Earth --> MsiExec.exe /I{1E04F83B-2AB9-4301-9EF7-E86307F79C72}HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstallinnotek VirtualBox --> MsiExec.exe /I{B59FE77B-738F-4F1C-AB48-3104895AF676}Internet Explorer Developer Toolbar --> MsiExec.exe /I{E7081891-BC7F-43F9-9CE6-B5DD2F497156}Java(tm) 6 Update 2 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160020}Java(tm) 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}Java(tm) 6 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}Java(tm) SE Development Kit 6 Update 3 --> MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160030}JkDefragGUI 0.94 --> C:\Program Files\JkDefragGUI\Uninstall.exeJoost (tm) Beta 1.0 --> C:\Program Files\Joost\uninst.exeKeePass Password Safe 1.10 --> "C:\Program Files\KeePass Password Safe\unins000.exe"Last.fm 1.4.2.58376 --> "C:\Program Files\Last.fm\unins000.exe"M338 Course Software --> C:\PROGRA~1\M338\UNWISE.EXE C:\PROGRA~1\M338\Install.logMaple 11 --> "C:\Program Files\Maple 11\Uninstall_Maple 11\Uninstall Maple 11.exe"MediaCoder 0.6.0 --> C:\Program Files\MediaCoder\uninst.exeMetaFrame Presentation Server Web Client for Win32 --> C:\Windows\system32\ctxsetup.exe /uninst C:\PROGRA~1\Citrix\icaweb32\uninst.infMicrosoft .NET Framework 3.5 --> C:\Windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5\setup.exeMicrosoft .NET Framework 3.5 --> MsiExec.exe /I{2FC099BD-AC9B-33EB-809C-D332E1B27C40}Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}Microsoft SQL Server Compact 3.5 Design Tools ENU --> MsiExec.exe /X{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}Microsoft SQL Server Compact 3.5 ENU --> MsiExec.exe /I{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}Microsoft Virtual PC 2007 --> MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}Microsoft Visual Basic 2008 Express Edition - ENU --> C:\Program Files\Microsoft Visual Studio 9.0\Microsoft Visual Basic 2008 Express Edition - ENU\setup.exeMicrosoft Visual Basic 2008 Express Edition - ENU --> MsiExec.exe /X{9C2DC81B-8114-37D9-A922-95E460A1FAFB}Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework --> MsiExec.exe /X{B4C0A315-07FB-39F9-85CD-8CE20C019350}Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 --> MsiExec.exe /X{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}MozBackup 1.4.7 --> "C:\Program Files\MozBackup\unins000.exe"Mozilla Firefox (2.0.0.14) --> C:\PROGRA~1\Mozilla Firefox\uninstall\helper.exeMozilla Thunderbird (2.0.0.12) --> C:\Program Files\Mozilla Thunderbird\uninstall\helper.exeMPEG2 Codec(libmpeg2/mad) --> "C:\Program Files\GNU\MPEG2\Uninstall.exe"MS325 Data Files --> F:\MS325\UNWISE.EXE F:\MS325\INSTALL.LOGMSDN Library for Microsoft Visual Studio 2008 Express Editions --> C:\Program Files\Microsoft Visual Studio 9.0\MSDN Library for Microsoft Visual Studio 2008 Express Editions\install.exeOpenOffice.org 2.3 --> MsiExec.exe /I{2F29D6D2-824E-4FEF-8AED-7013F39F642A}Orbit Downloader --> "C:\Program Files\Orbitdownloader\unins000.exe"PDF Settings --> MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}PE Builder 3.1.10a --> "c:\pebuilder3110a\unins000.exe"PicLens Publisher --> MsiExec.exe /I{6E587BDF-20C5-465E-9CC8-BC40FCAD277A}PSPad editor --> "C:\Program Files\PSPad editor\Uninst\unins000.exe"QuickTime --> MsiExec.exe /I{5B09BD67-4C99-46A1-8161-B7208CE18121}Real Alternative 1.60 --> "C:\Program Files\Real Alternative\unins000.exe"Realtek High Definition Audio Driver --> RtlUpd.exe -r -mReason 4.0 --> "C:\Program Files\Propellerhead\Reason\Uninstall Reason\unins000.exe"Revo Uninstaller 1.34 --> C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exeSandboxie 3.24 --> "C:\Windows\Installer\SandboxieInstall.exe" /removeSkype™ 3.5 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}Subversion 1.4.5-r25188 --> "C:\Program Files\Subversion\unins000.exe"SyncBack --> "C:\Program Files\2BrightSparks\SyncBack\unins000.exe"TortoiseSVN 1.4.5.10425 (32 bit) --> MsiExec.exe /X{F4BBA950-56F0-4335-8D93-EE64BFF593A0}TrueCrypt --> "C:\Program Files\TrueCrypt\TrueCrypt Setup.exe" /uUnlocker 1.8.5 --> C:\Program Files\Unlocker\uninst.exeVC Runtimes MSI --> MsiExec.exe /X{FF29527A-44CD-3422-945E-981A13584000}Winamp --> "C:\Program Files\Winamp\UninstWA.exe"Windows Media Player Firefox Plugin --> MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}Wubi --> C:\Windows\Uninstall.exeXAMPP 1.6.4 --> "I:\xampp\uninstall.exe"-- Application Event Log -------------------------------------------------------Event Record #/Type3234 / SuccessEvent Submitted/Written: 04/17/2008 03:32:51 PMEvent ID/Source: 5617 / WinMgmtEvent Description:Event Record #/Type3233 / SuccessEvent Submitted/Written: 04/17/2008 03:32:49 PMEvent ID/Source: 5615 / WinMgmtEvent Description:Event Record #/Type3230 / SuccessEvent Submitted/Written: 04/17/2008 03:32:48 PMEvent ID/Source: 2570 / Adobe Active File Monitor 6.0Event Description:Adobe Active File Monitor Service has Started.Event Record #/Type3229 / SuccessEvent Submitted/Written: 04/17/2008 03:32:30 PMEvent ID/Source: 902 / Software Licensing ServiceEvent Description:The Software Licensing service has started.Event Record #/Type3221 / SuccessEvent Submitted/Written: 04/17/2008 03:30:37 PMEvent ID/Source: 2573 / Adobe Active File Monitor 6.0Event Description:Adobe Active File Monitor Service has Stopped.-- Security Event Log ----------------------------------------------------------No Errors/Warnings found.-- System Event Log ------------------------------------------------------------Event Record #/Type496635 / WarningEvent Submitted/Written: 04/21/2008 09:31:16 PMEvent ID/Source: 3004 / WinDefendEvent Description:%FEERSUMENDJINN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FEERSUMENDJINN27 can't undo changes that you allow.For more information please see the following:%FEERSUMENDJINN275 Scan ID: {898A6020-1A10-404D-95A1-E49A4F90F59E} User: FEERSUMENDJINN\Ewan Name: %FEERSUMENDJINN271 ID: %FEERSUMENDJINN272 Severity ID: %FEERSUMENDJINN273 Category ID: %FEERSUMENDJINN274 Path Found: %FEERSUMENDJINN276 Alert Type: %FEERSUMENDJINN278 Detection Type: 1.1.1600.02Event Record #/Type496634 / WarningEvent Submitted/Written: 04/21/2008 09:31:16 PMEvent ID/Source: 3004 / WinDefendEvent Description:%FEERSUMENDJINN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FEERSUMENDJINN27 can't undo changes that you allow.For more information please see the following:%FEERSUMENDJINN275 Scan ID: {CBD126B9-B0FD-420E-B206-AAF3360FD374} User: FEERSUMENDJINN\Ewan Name: %FEERSUMENDJINN271 ID: %FEERSUMENDJINN272 Severity ID: %FEERSUMENDJINN273 Category ID: %FEERSUMENDJINN274 Path Found: %FEERSUMENDJINN276 Alert Type: %FEERSUMENDJINN278 Detection Type: 1.1.1600.02Event Record #/Type496633 / WarningEvent Submitted/Written: 04/21/2008 09:31:16 PMEvent ID/Source: 3004 / WinDefendEvent Description:%FEERSUMENDJINN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FEERSUMENDJINN27 can't undo changes that you allow.For more information please see the following:%FEERSUMENDJINN275 Scan ID: {2BB58F44-DF94-41D8-8BD2-B96EBF6B6FC7} User: FEERSUMENDJINN\Ewan Name: %FEERSUMENDJINN271 ID: %FEERSUMENDJINN272 Severity ID: %FEERSUMENDJINN273 Category ID: %FEERSUMENDJINN274 Path Found: %FEERSUMENDJINN276 Alert Type: %FEERSUMENDJINN278 Detection Type: 1.1.1600.02Event Record #/Type496632 / WarningEvent Submitted/Written: 04/21/2008 09:31:13 PMEvent ID/Source: 3004 / WinDefendEvent Description:%FEERSUMENDJINN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FEERSUMENDJINN27 can't undo changes that you allow.For more information please see the following:%FEERSUMENDJINN275 Scan ID: {9BE36E67-E416-4BE0-8DB4-B046E6AF7B4B} User: FEERSUMENDJINN\Ewan Name: %FEERSUMENDJINN271 ID: %FEERSUMENDJINN272 Severity ID: %FEERSUMENDJINN273 Category ID: %FEERSUMENDJINN274 Path Found: %FEERSUMENDJINN276 Alert Type: %FEERSUMENDJINN278 Detection Type: 1.1.1600.02Event Record #/Type496631 / WarningEvent Submitted/Written: 04/21/2008 09:31:13 PMEvent ID/Source: 3004 / WinDefendEvent Description:%FEERSUMENDJINN27 Real-Time Protection agent has detected changes. Microsoft recommends you analyze the software that made these changes for potential risks. You can use information about how these programs operate to choose whether to allow them to run or remove them from your computer. Allow changes only if you trust the program or the software publisher. %FEERSUMENDJINN27 can't undo changes that you allow.For more information please see the following:%FEERSUMENDJINN275 Scan ID: {47668130-4BF4-4CC8-9EF1-3F838AA4D86A} User: FEERSUMENDJINN\Ewan Name: %FEERSUMENDJINN271 ID: %FEERSUMENDJINN272 Severity ID: %FEERSUMENDJINN273 Category ID: %FEERSUMENDJINN274 Path Found: %FEERSUMENDJINN276 Alert Type: %FEERSUMENDJINN278 Detection Type: 1.1.1600.02-- End of Deckard's System Scanner: finished at 2008-04-21 21:36:32 ------------

Note that although in the Security Center section of the log it says I am running COMODO Firewall Pro v3.0, this is incorrect. I uninstalled this product some time ago, so it looks like my system has been running without a firewall for some time.

An the Kaspersky report:

KASPERSKY ONLINE SCANNER REPORTTuesday, April 22, 2008 9:13:47 PMOperating System: Microsoft Windows Vista Professional, Service Pack 1 (Build 6001)Kaspersky Online Scanner version: 5.0.98.0Kaspersky Anti-Virus database last update: 22/04/2008Kaspersky Anti-Virus database records: 720722Scan SettingsScan using the following antivirus database 	extendedScan Archives 	trueScan Mail Bases 	trueScan Target 	My ComputerC:\E:\F:\G:\H:\I:\J:\Scan StatisticsTotal number of scanned objects 	188129Number of viruses found 	6Number of infected objects 	21Number of suspicious objects 	0Duration of the scan process 	02:37:11Infected Object Name 	Virus Name 	Last ActionC:\Boot\BCD 	Object is locked 	skippedC:\Boot\BCD.LOG 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\ASPNETSetup_00000.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile00.sqm 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\fwtsqmfile01.sqm 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\FXSAPIDebugLogFile.txt 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\FXSTIFFDebugLogFile.txt 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-193746-0.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-194305-0.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-212017-0.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\lpksetup-20080324-212036-0.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\MpCmdRun.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\MpSigStub.log 	Object is locked 	skippedC:\Deckard\System Scanner\backup\Windows\temp\VistaSP1_InstallPerf_142855.sqm 	Object is locked 	skippedC:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat 	Object is locked 	skippedC:\Program Files\Alwil Software\Avast4\DATA\Avast4.db 	Object is locked 	skippedC:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int 	Object is locked 	skippedC:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\Carbonite.log 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteConfig.dat 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteDelta.dat 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteFiles.dat 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteNSE.log 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteRestores.dat 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteUI.log 	Object is locked 	skippedC:\ProgramData\Carbonite\Carbonite Backup\CarboniteVersions.dat 	Object is locked 	skippedC:\ProgramData\comodo\common\db\custom.db 	Object is locked 	skippedC:\ProgramData\comodo\common\db\sigsdb.db 	Object is locked 	skippedC:\ProgramData\comodo\Firewall Pro\cfplogdb.sdb 	Object is locked 	skippedC:\ProgramData\Microsoft\User Account Pictures\Guest.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Last.fm\Client\Last.fm.log 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Last.fm\Client\lastfmhelper.log 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Last.fm\collection.db 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat{b1200ac5-857b-11dc-bfac-003005e54d71}.TM.blf 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat{b1200ac5-857b-11dc-bfac-003005e54d71}.TMContainer00000000000000000001.regtrans-ms 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows\UsrClass.dat{b1200ac5-857b-11dc-bfac-003005e54d71}.TMContainer00000000000000000002.regtrans-ms 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Microsoft\Windows Defender\FileTracker\{A7682D29-AB9A-42F9-8EF8-A452355FA854} 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Mozilla\Firefox\Profiles\sjjalc4c.default\Cache\_CACHE_001_ 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Mozilla\Firefox\Profiles\sjjalc4c.default\Cache\_CACHE_002_ 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Mozilla\Firefox\Profiles\sjjalc4c.default\Cache\_CACHE_003_ 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Mozilla\Firefox\Profiles\sjjalc4c.default\Cache\_CACHE_MAP_ 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Mozilla\Firefox\Profiles\sjjalc4c.default\XUL.mfl 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\eds6824.tmp 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\etilqs_q9f6Q8Pz9Wxhp6w-journal 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\etilqs_zuxKBi9xCc9VS8a 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\FXSAPIDebugLogFile.txt 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\~DF731F.tmp 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\~DF7398.tmp 	Object is locked 	skippedC:\Users\Ewan\AppData\Local\Temp\~DFC0A7.tmp 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\cert8.db 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\extensions\wesup@wesabe.com\wuff_log.txt 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\flashgot.log 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\formhistory.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\history.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\key3.db 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\parent.lock 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\search.sqlite 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\urlclassifier2.sqlite 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Mozilla\Firefox\Profiles\sjjalc4c.default\ybookmarks@yahoo.log 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\call256.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\callmember256.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\contactgroup256.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\dyncontent\bundle.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\index2.dat 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\profile4096.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\sms256.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\user1024.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\user16384.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\user256.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\user4096.dbb 	Object is locked 	skippedC:\Users\Ewan\AppData\Roaming\Skype\ewandawson\voicemail256.dbb 	Object is locked 	skippedC:\Users\Ewan\NTUSER.DAT 	Object is locked 	skippedC:\Users\Ewan\ntuser.dat.LOG1 	Object is locked 	skippedC:\Users\Ewan\ntuser.dat.LOG2 	Object is locked 	skippedC:\Users\Ewan\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TM.blf 	Object is locked 	skippedC:\Users\Ewan\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000001.regtrans-ms 	Object is locked 	skippedC:\Users\Ewan\NTUSER.DAT{3d4e88f1-6a70-11db-b1ba-d64300c9c793}.TMContainer00000000000000000002.regtrans-ms 	Object is locked 	skippedC:\Windows\Debug\PASSWD.LOG 	Object is locked 	skippedC:\Windows\Debug\WIA\wiatrace.log 	Object is locked 	skippedC:\Windows\Logs\CBS\CBS.log 	Object is locked 	skippedC:\Windows\Logs\CBS\CBS.persist.log 	Object is locked 	skippedC:\Windows\Logs\DPX\setupact.log 	Object is locked 	skippedC:\Windows\Logs\DPX\setuperr.log 	Object is locked 	skippedC:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config 	Object is locked 	skippedC:\Windows\PANTHER\UnattendGC\diagerr.xml 	Object is locked 	skippedC:\Windows\PANTHER\UnattendGC\diagwrn.xml 	Object is locked 	skippedC:\Windows\PANTHER\UnattendGC\setupact.log 	Object is locked 	skippedC:\Windows\PANTHER\UnattendGC\setuperr.log 	Object is locked 	skippedC:\Windows\security\database\secedit.sdb 	Object is locked 	skippedC:\Windows\SoftwareDistribution\EventCache\{269A029A-34B2-44F1-88E3-20F92C242776}.bin 	Object is locked 	skippedC:\Windows\SoftwareDistribution\ReportingEvents.log 	Object is locked 	skippedC:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 	Object is locked 	skippedC:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 	Object is locked 	skippedC:\Windows\System32\catroot2\edb.log 	Object is locked 	skippedC:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb 	Object is locked 	skippedC:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb 	Object is locked 	skippedC:\Windows\System32\drivers\sptd.sys 	Object is locked 	skippedC:\Windows\System32\LogFiles\Scm\SCM.EVM 	Object is locked 	skippedC:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl 	Object is locked 	skippedC:\Windows\System32\restore\MachineGuid.txt 	Object is locked 	skippedC:\Windows\System32\spool\SpoolerETW.etl 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\0296C47314AB746EC35476488248FCD9.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\040270F850D5C3C91057DDDA2DA294D8.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\0A9DBC92D554324656F61F9862679F27.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\0DF617D6737A7561E732F853792261C3.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\1E2E58C73053C7775EB226DB5E739137.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\1EBE968EB7AF815A32641E6185350A9E.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\26C097A9392F8C541AD42E89B7909073.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\2A811E5CCC22CC9D7AE2B04EF0402688.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\2AA23BB86A5EBD8BC2D820944E55B233.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\2CE523184A801AA7361A7039E2D6B41D.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\2D57A7682ACD19214C258D31A06D008F.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\376786241A5443E41378D25CF812FCC1.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\3DC0BABDCA20E5E319117C21BD4BD795.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\494C62FAA08CD5217399BAA555FF491B.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\4A01E0F376B5833EBA98F0D1D5F60CD1.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\4B471F64BAF831EC7945C820FD5A16E5.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\4CB32C0A77CD4D9B0C9618F73F786C32.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\5774C77265BE4C55B5C6C9718979E015.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\5966D45C7B25EACA46E87DD8E5703964.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\5B5D21CF62E70BACF9D085E6AA6CE143.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\6317F4B515BD547512FF3AE3ACD81242.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\69554D930FCA40B0304B9A43A8036F2D.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\72F867EF62976CE9F70993FF3E68A4EB.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\73798C03E4DE5FDCF5194ADA9EBFB859.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\75054C3771DF289038069A9BB1C1FB6E.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\7851AF96EA828F912853F32DB0D96138.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\7BDE76979585395D59B5DA1D62E63C50.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\7F417E1A6D819A9B2FEB55DA6858EA0A.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\87AA2A001CE3E89926688B93E4DC2992.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\8C718B5AFD373885B68D2836088CAF9A.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\903E49C444C46FEF5F2C3A189C9CEF71.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\96ABB1671705F680578FE240427CBD4F.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\9A72EE7775E8021F75961342B8AFD1B4.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\9AD3182A2F39A3E091E15109132EC6CC.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\9CD33F0956942860B50AA1B9330DEFAF.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\9E06E4FE97F0CBB8D659894823F805D7.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\A80FF2DC09487ECD60AFB147B262BDD7.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\AA6E0E396C238977CA909EFD82299737.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\AA742824DCADA846BA4B665D686DD5D6.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\BBF206490BAA431B592F9A13534F43F6.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\BE81B2C0741907C1FC1C42B6223E59AD.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\C6300BFE37ADE6B52EC023F66124985F.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\D1A1B12A7DA3F9675C01397A26DBF4B3.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\D4C4BA54B6A8FA6211E60E2ADFF7426A.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\DE391013DA56ABA39FFF40A9ABDF052F.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\DF80FD3849FFF74B4BF43E2EA8ADEC8A.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\DFB9AD54AC2D3B8122567AAD3BF3EB7F.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\E04DE4CDFEC284A342159BB920976701.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\E737DE61441445E1FDFCA45EF5E7D987.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\E9D8A460B2C986DD5FF19F299F4A27EC.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\EC45C70F2A3D9DED718E71631C38E2FE.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\F01326692CC5736EBAC31B9FC2381CF2.mof 	Object is locked 	skippedC:\Windows\System32\wbem\AutoRecover\F81E6BEBC3067C406E6C491608474198.mof 	Object is locked 	skippedC:\Windows\System32\wbem\Logs\WMITracing.log 	Object is locked 	skippedC:\Windows\System32\wbem\Repository\INDEX.BTR 	Object is locked 	skippedC:\Windows\System32\wbem\Repository\MAPPING1.MAP 	Object is locked 	skippedC:\Windows\System32\wbem\Repository\MAPPING2.MAP 	Object is locked 	skippedC:\Windows\System32\wbem\Repository\OBJECTS.DATA 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\ACEEventLog.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Antivirus.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Application.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\DFS Replication.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\HardwareEvents.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Internet Explorer.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Key Management Service.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Backup.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Client%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-CorruptedFileRecovery-Server%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-DateTimeControlPanel%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-MSDT%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-PLA%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnostic%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticResolver%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Forwarding%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WDI%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-MeetingSpace%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-MemoryDiagnostics-Results%4Debug.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Metrics.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Admin.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-RemoteAssistance%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Admin.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-PnPDevices%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-RDPClient%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Winsock-WS2HELP%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-Wired-AutoConfig%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Security.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\Setup.evtx 	Object is locked 	skippedC:\Windows\System32\winevt\Logs\System.evtx 	Object is locked 	skippedC:\Windows\Tasks\SCHEDLGU.TXT 	Object is locked 	skippedC:\Windows\WindowsUpdate.log 	Object is locked 	skippedC:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_cef7ceb03914a67f\dnary.xsd 	Object is locked 	skippedC:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6001.18000_none_d12e90ac35ffb753\dnary.xsd 	Object is locked 	skippedE:\TV\My Deliveries\iplayer_live\4919533_77735782_Selection_DOWNLOAD.smi 	Object is locked 	skippedE:\TV\My Deliveries\iplayer_live\7531418_76726020_Selection_DOWNLOAD.smi 	Object is locked 	skippedF:\BACKUP\Ewan Dawson\Ewan Dawson.rar/??????/PC Repair System/LSASecretsView/LSASecretsView.exe 	Infected: not-a-virus:PSWTool.Win32.MailPassView.h 	skippedF:\BACKUP\Ewan Dawson\Ewan Dawson.rar/??????/PC Repair System/ProduKey/ProduKey.exe 	Infected: not-a-virus:PSWTool.Win32.Dialupass.o 	skippedF:\BACKUP\Ewan Dawson\Ewan Dawson.rar/??????/Thumb Drive/LSASecretsView/LSASecretsView.exe 	Infected: not-a-virus:PSWTool.Win32.MailPassView.h 	skippedF:\BACKUP\Ewan Dawson\Ewan Dawson.rar/??????/Thumb Drive/ProduKey/ProduKey.exe 	Infected: not-a-virus:PSWTool.Win32.Dialupass.o 	skippedF:\BACKUP\Ewan Dawson\Ewan Dawson.rar 	RAR: infected - 4 	skippedF:\BACKUP\Installers\Nero 7.8.5.0 Ultra Edition Enhanced + Keymaker\Nero-7.8.5.0_eng.exe/Toolbar.exe 	Infected: not-a-virus:AdTool.Win32.MyWebSearch.bm 	skippedF:\BACKUP\Installers\Nero 7.8.5.0 Ultra Edition Enhanced + Keymaker\Nero-7.8.5.0_eng.exe 	RAR: infected - 1 	skippedF:\Ewan's EverNote Files\DataBases\EwanBase.enb 	Object is locked 	skippedF:\Ewan's EverNote Files\DataBases\EwanBase.eni 	Object is locked 	skippedF:\Ewan's EverNote Files\DataBases\EwanBase.enl 	Object is locked 	skippedF:\Ewan's EverNote Files\DataBases\EwanBase.enr 	Object is locked 	skippedG:\Installers\keyfinder.exe/data.rar/xpkey.exe 	Infected: not-a-virus:PSWTool.Win32.RAS.g 	skippedG:\Installers\keyfinder.exe/data.rar/officekey.exe 	Infected: not-a-virus:PSWTool.Win32.RAS.a 	skippedG:\Installers\keyfinder.exe/data.rar 	Infected: not-a-virus:PSWTool.Win32.RAS.a 	skippedG:\Installers\keyfinder.exe 	RarSFX: infected - 3 	skippedG:\System Utilities\Whois.zip/whois.exe 	Infected: not-a-virus:RiskTool.Win32.PsKill.al 	skippedG:\System Utilities\Whois.zip 	ZIP: infected - 1 	skippedG:\thumb.rar/PC_Repair_System/LSASecretsView/LSASecretsView.exe 	Infected: not-a-virus:PSWTool.Win32.MailPassView.h 	skippedG:\thumb.rar/PC_Repair_System/ProduKey/ProduKey.exe 	Infected: not-a-virus:PSWTool.Win32.Dialupass.o 	skippedG:\thumb.rar 	RAR: infected - 2 	skippedG:\WinRAR Backups\thumb.rar/PC Repair System/LSASecretsView/LSASecretsView.exe 	Infected: not-a-virus:PSWTool.Win32.MailPassView.h 	skippedG:\WinRAR Backups\thumb.rar/PC Repair System/ProduKey/ProduKey.exe 	Infected: not-a-virus:PSWTool.Win32.Dialupass.o 	skippedG:\WinRAR Backups\thumb.rar/Thumb Drive/LSASecretsView/LSASecretsView.exe 	Infected: not-a-virus:PSWTool.Win32.MailPassView.h 	skippedG:\WinRAR Backups\thumb.rar/Thumb Drive/ProduKey/ProduKey.exe 	Infected: not-a-virus:PSWTool.Win32.Dialupass.o 	skippedG:\WinRAR Backups\thumb.rar 	RAR: infected - 4 	skippedScan process completed.

I'd appriciate it if one of the experts on this forum could spare the time to look over these logs and let me know if there is any action I need to take to secure my system.

Many thanks in anticipation,

Bungle

BC AdBot (Login to Remove)

 


m

#2 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:10:13 PM

Posted 10 May 2008 - 08:58 AM

Hello BungleFeet

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Hijackthis log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users