Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With 2 Viruses


  • This topic is locked This topic is locked
4 replies to this topic

#1 surgirl

surgirl

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 14 May 2008 - 03:45 PM

Well, my firefox browser has been malfunctioning, that's basically it.
------------------------------------------------------------------------------------------------------------------------------------------

Tuesday, May 13, 2008 8:01:53 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 770305


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics
Total number of scanned objects 114898
Number of viruses found 2
Number of infected objects 1
Number of suspicious objects 69
Duration of the scan process 02:35:38

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\cert8.db Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\foxmarks.log Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\history.dat Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\key3.db Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\parent.lock Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\search.sqlite Object is locked skipped

C:\Documents and Settings\user\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\urlclassifier2.sqlite Object is locked skipped

C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED/[From "Antolinethel" ][Date Fri, 30 Jun 2006 12:59:00 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED/[From "Spaak" ][Date Tue, 08 Aug 2006 12:48:07 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED/[From "Tstitt" ][Date Fri, 11 Aug 2006 12:41:41 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: suspicious - 9 skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED/[From "Rherrera" ][Date Wed, 21 Jun 2006 11:20:36 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED/[From "Vlugmana" ][Date Fri, 23 Jun 2006 11:00:55 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED/[From "Eliza" ][Date Tue, 11 Jul 2006 12:04:33 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED/[From "Bruno" ][Date Fri, 21 Jul 2006 13:49:11 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Desktop\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: suspicious - 12 skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED/[From "Antolinethel" ][Date Fri, 30 Jun 2006 12:59:00 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED/[From "Spaak" ][Date Tue, 08 Aug 2006 12:48:07 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED/[From "Tstitt" ][Date Fri, 11 Aug 2006 12:41:41 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: suspicious - 9 skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED/[From "Rherrera" ][Date Wed, 21 Jun 2006 11:20:36 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED/[From "Vlugmana" ][Date Fri, 23 Jun 2006 11:00:55 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED/[From "Eliza" ][Date Tue, 11 Jul 2006 12:04:33 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED/[From "Bruno" ][Date Fri, 21 Jul 2006 13:49:11 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

C:\Documents and Settings\user\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: suspicious - 12 skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\Working\database_56E4_222B_E422_E35\dfsr.db Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\Working\database_56E4_222B_E422_E35\fsr.log Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\Working\database_56E4_222B_E422_E35\fsrtmp.log Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Messenger\D_H_Bakker@hotmail.com\SharingMetadata\Working\database_56E4_222B_E422_E35\tmp.edb Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\D_H_Bakker@hotmail.com\real\members.stg Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows Live Contacts\D_H_Bakker@hotmail.com\shadow\members.stg Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\user\Local Settings\Application Data\Mozilla\Firefox\Profiles\iwx3qfi2.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF4C5D.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF4C74.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF5C9F.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temp\~DF5CAA.tmp Object is locked skipped

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\user\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\user\UserData\index.dat Object is locked skipped

C:\Program Files\Eset\cache\CACHE.NDB Object is locked skipped

C:\Program Files\Eset\infected\QPWG0ABA.NQF Infected: Trojan-Downloader.Win32.Banload.duu skipped

C:\Program Files\Eset\logs\virlog.dat Object is locked skipped

C:\Program Files\Eset\logs\warnlog.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\chandir.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\chandir.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\chn.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\chn.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\inuse.txt Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\L0000012.FCS Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\main.log Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_die.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_die.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\storydb.dat Object is locked skipped

C:\Program Files\Logitech\Desktop Messenger\8876480\Users\user\Data\storydb.idx Object is locked skipped

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\altlog.txt Object is locked skipped

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblog.txt Object is locked skipped

C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMPlayPref.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{AE8371D4-39CD-4785-9F51-133B27CB185C}\RP377\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{9F372754-0324-4344-A259-4DC988DC37D3}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED/[From "Antolinethel" ][Date Fri, 30 Jun 2006 12:59:00 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 30 Jun 2006 13:10:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED/[From "Spaak" ][Date Tue, 08 Aug 2006 12:48:07 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 08 Aug 2006 12:52:18 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED/[From "Tstitt" ][Date Fri, 11 Aug 2006 12:41:41 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Mail Delivery System" ][Date 11 Aug 2006 12:46:27 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Deleted Items.dbx MailMSOutlook5: suspicious - 9 skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED/[From "Rherrera" ][Date Wed, 21 Jun 2006 11:20:36 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jun 2006 11:26:46 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED/[From "Vlugmana" ][Date Fri, 23 Jun 2006 11:00:55 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 23 Jun 2006 11:09:02 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED/[From "Eliza" ][Date Tue, 11 Jul 2006 12:04:33 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 11 Jul 2006 12:12:28 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED/[From "Bruno" ][Date Fri, 21 Jul 2006 13:49:11 -0300]/html Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx/[From "Mail Delivery System" ][Date 21 Jul 2006 14:01:30 +0300]/UNNAMED Suspicious: Email-Worm.Win32.Bagle.mail skipped

F:\Documents and Settings\Windows Xp\Local Settings\Application Data\Identities\{0B4A9ECB-5063-4731-8A33-56B72F611091}\Microsoft\Outlook Express\Inbox.dbx MailMSOutlook5: suspicious - 12 skipped

F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

--------------------------------------------------------------------------------------------------------------------------------------------

Deckard's System Scanner v20071014.68
Run by user on 2008-05-14 16:25:19
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
104: 2008-05-14 19:25:35 UTC - RP379 - Deckard's System Scanner Restore Point
103: 2008-05-14 00:19:45 UTC - RP378 - Software Distribution Service 3.0
102: 2008-05-13 15:35:35 UTC - RP377 - Software Distribution Service 3.0
101: 2008-05-13 12:06:45 UTC - RP376 - Software Distribution Service 3.0
100: 2008-05-13 01:21:17 UTC - RP375 - Software Distribution Service 3.0


-- First Restore Point --
1: 2008-03-13 06:00:23 UTC - RP276 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-14 16:27:33
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\user\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [Omnipage] C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{37361CD8-61D9-4EE0-863E-E065DF8D1DE7}: NameServer = 200.1.157.11,200.1.156.11
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: WindowsDriver - Unknown owner - C:\Program Files\Internet\spool.exe


--
End of file - 7807 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R2 LBeepKE - c:\windows\system32\drivers\lbeepke.sys <Not Verified; Logitech Inc.; Logitech SetPoint>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R3 mohfilt - c:\windows\system32\drivers\mohfilt.sys <Not Verified; Intel Corporation; Intel® 537EP Modem>

S3 SDTHOOK - c:\windows\system32\drivers\sdthook.sys <Not Verified; Panda Software; Panda® Antivirus>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >

S2 WindowsDriver - c:\program files\internet\spool.exe (file missing)
S3 NBService - c:\program files\nero\nero 7\nero backitup\nbservice.exe


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Scheduled Tasks -------------------------------------------------------------

2008-05-08 09:33:04 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job


-- Files created between 2008-04-14 and 2008-05-14 -----------------------------

2008-05-14 13:27:12 0 d-------- C:\WINDOWS\LastGood
2008-05-13 21:12:55 0 d-------- C:\kav
2008-05-13 09:53:02 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-13 09:52:48 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-25 17:57:33 0 d-------- C:\Documents and Settings\user\Application Data\BitTorrent
2008-04-25 17:57:04 0 d-------- C:\Program Files\DNA
2008-04-25 17:57:04 0 d-------- C:\Documents and Settings\user\Application Data\DNA
2008-04-25 17:57:02 0 d-------- C:\Program Files\BitTorrent
2008-04-21 20:43:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Ahead
2008-04-21 20:39:46 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-04-21 14:03:04 0 d-------- C:\WINDOWS\system32\appmgmt


-- Find3M Report ---------------------------------------------------------------

2008-05-14 16:21:05 0 d-------- C:\Documents and Settings\user\Application Data\XnView
2008-05-14 10:20:20 1744 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-13 21:20:15 24 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2008-05-13 21:20:15 24 --a------ C:\WINDOWS\system32\DVCState-{00000002-00000000-0000000A-00001102-00000002-80651102}.dat
2008-04-26 16:33:14 0 d-------- C:\Documents and Settings\user\Application Data\U3
2008-04-26 16:29:41 0 d-------- C:\Documents and Settings\user\Application Data\Canon
2008-04-26 15:24:54 0 d-------- C:\Documents and Settings\user\Application Data\Ahead
2008-04-21 20:42:55 0 d-------- C:\Program Files\Common Files\Ahead
2008-04-11 13:51:06 0 d-------- C:\Documents and Settings\user\Application Data\GetRight
2008-02-26 15:35:35 129876 --a------ C:\WINDOWS\HPHins13.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [10/23/2007 04:16 PM]
"EM_EXEC"="C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE" [07/01/2002 01:50 PM]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [05/20/2002 11:36 PM]
"WINDVDPatch"="CTHELPER.EXE" [07/02/2002 06:56 AM C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [05/11/2000 05:00 AM]
"Jet Detection"="C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe" [11/29/2001 05:00 AM]
"CTStartup"="C:\Program Files\Creative\Splash Screen\CTEaxSpl.exe" [12/20/2001 05:00 AM]
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [06/03/2002 03:38 PM]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [02/05/2002 02:32 AM]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [09/05/2006 12:19 PM C:\WINDOWS\KHALMNPR.Exe]
"@"="" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [06/29/2007 06:24 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 10:16 PM]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [03/01/2007 03:57 PM]
"SecurDisc"="C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe" [05/15/2007 03:55 PM]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [05/15/2007 03:55 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [08/04/2004 05:06 AM]
"amva"="C:\WINDOWS\system32\amvo.exe" []
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [05/08/2008 07:04 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [11/8/2007 9:25:24 AM]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [10/25/2007 2:11:03 PM]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [10/23/2007 4:27:28 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1cfe25bd-886f-11dc-87e3-0008a19092f4}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
´̣¿ª(&O)\command- USB2.0.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5be51932-a0cf-11dc-880e-0008a19092f4}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
´̣¿ª(&O)\command- J:\USB2.0.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{739ab6d4-95e3-11dc-87fb-0008a19092f4}]
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL USB2.0.exe
´̣¿ª(&O)\command- I:\USB2.0.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8981c439-96cc-11dc-87fe-0008a19092f4}]
AutoRun\command- I:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-05-14 16:29:10 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® 4 CPU 1.80GHz
Percentage of Memory in Use: 37%
Physical Memory (total/avail): 511.47 MiB / 318.08 MiB
Pagefile Memory (total/avail): 1250.17 MiB / 974.36 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1926.33 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 39.06 GiB total, 10.12 GiB free.
D: is CDROM (No Media)
E: is CDROM (Unformatted)
F: is Fixed (NTFS) - 46.87 GiB total, 20.75 GiB free.
G: is Fixed (NTFS) - 29.45 GiB total, 8.29 GiB free.
H: is Fixed (NTFS) - 35.47 GiB total, 33.72 GiB free.

\\.\PHYSICALDRIVE1 - Maxtor 6Y080L0 - 76.33 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 46.87 GiB - F:
\PARTITION1 - Extended w/Extended Int 13 - 29.45 GiB - G:

\\.\PHYSICALDRIVE0 - WDC WD800BB-08JHC0 - 74.54 GiB - 2 partitions
\PARTITION0 (bootable) - Installable File System - 39.06 GiB - C:
\PARTITION1 - Installable File System - 35.47 GiB - H:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.
AntiVirusDisableNotify is set.
UpdatesDisableNotify is set.

AV: ESET NOD32 antivirus system 2.70 v2.70 (ESET, spol. s r.o.)

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe"="C:\\Program Files\\ScanSoft\\OmniPageSE\\EregEng\\NAVBrowser.exe:*:Enabled:NAVBrowser"
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"C:\\Program Files\\DNA\\btdna.exe"="C:\\Program Files\\DNA\\btdna.exe:*:Enabled:DNA"
"C:\\Program Files\\BitTorrent\\bittorrent.exe"="C:\\Program Files\\BitTorrent\\bittorrent.exe:*:Enabled:BitTorrent"
"C:\\kav\\kav7.0\\english\\setup.exe"="C:\\kav\\kav7.0\\english\\setup.exe:*:Enabled:Kaspersky Anti-Virus 7.0 Setup"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\user\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=USER-336747C4D8
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\user
LOGONSERVER=\\USER-336747C4D8
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\WBEM;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 1 Stepping 3, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0103
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\user\LOCALS~1\Temp
TMP=C:\DOCUME~1\user\LOCALS~1\Temp
USERDOMAIN=USER-336747C4D8
USERNAME=user
USERPROFILE=C:\Documents and Settings\user
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

user (admin)
Administrator (new local, admin)


-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\Creative\SBLive\Program\Ctzapxx.EXE" /X /U /S
--> C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\NuNInst.exe /UNINSTALL
--> C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Acrobat 5.0 --> C:\WINDOWS\ISUNINST.EXE -f"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.isu" -c"C:\Program Files\Common Files\Adobe\Acrobat 5.0\NT\Uninst.dll"
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9c.exe -uninstallUnlock
Adobe Flash Player Plugin --> C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Apple Software Update --> MsiExec.exe /I{74EC78BC-B379-4E29-9006-8F161DCAABA6}
ArcSoft PhotoStudio 5 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}\setup.exe" -l0x9 -uninst
BitTorrent --> C:\Program Files\BitTorrent\uninst.exe
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon CanoScan Toolbox 4.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BCE46757-7674-4416-BEDB-68205A60409E}\setup.exe" -l0x9
Canon EOS-1D Mark II N WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{35260E0B-A8C2-4D25-97E2-448DE7275C85} /l1033
Canon EOS-1Ds Mark II WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{652C4ADF-0A29-4B02-9211-EE61675847DE}
Canon EOS 5D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{BB3AB664-D92B-4CB5-8B3E-D841841F4E68} /l1033
Canon EOS Kiss_N REBEL_XT 350D WIA Driver --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{33CF7CDF-9805-4500-9CC7-D19D52AD63C4} /l1033
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities Digital Photo Professional 2.1 --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\Digital Photo Professional\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.0.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
CanoScan LiDE20,30 Manual --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B360A8E5-C171-4AAE-9777-65B3CDB0072C}\setup.exe" -l0x9
DNA --> "C:\Program Files\DNA\btdna.exe" /UNINSTALL
FinePixViewer Ver.4.2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{24ED4D80-8294-11D5-96CD-0040266301AD}\SETUP.EXE"
FUJIFILM USB Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5490882C-6961-11D5-BAE5-00E0188E010B}\SETUP.EXE"
GetRight --> "C:\Program Files\GetRight\unins000.exe"
ImageMixer VCD2 for FinePix --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{934E9442-D305-4ACF-AD87-A6C11D677CB9}\setup.exe"
Intel® 537EP Modem --> rundll32 IntelCci.dll,iSMUninstallation "Intel® 537EP Modem"
Java™ 6 Update 3 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KhalSetup --> MsiExec.exe /I{EE7B9A8D-19F0-450D-8E94-3E391E6044CD}
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\uninstall.exe
Logitech Desktop Messenger --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x9 UNINSTALL
Logitech MouseWare 9.70 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5809E7CF-4DCF-11D4-9875-00105ACE7734}\setup.exe" -l0x9 -l0009 UNINSTALL
Logitech Resource Center --> C:\PROGRA~1\Logitech\RESOUR~1\rem\UNWISE.EXE /s C:\PROGRA~1\Logitech\RESOUR~1\rem\INSTALL.LOG
Logitech SetPoint --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2E8EAC71-BFE4-417A-88F0-5A1BDFBCF5D3}\setup.exe" -l0x9 -removeonly
MatrixFrame S3.0 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\Matrix\MatrixFrame S3.0\setup.exe"
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Visual C++ 2005 Redistributable --> MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
MicroStaff WINASPI --> C:\MWASPI\uninst.exe
Mozilla Firefox (2.0.0.14) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MUSICMATCH Jukebox --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\Uninst.isu" -cC:\PROGRA~1\MUSICM~1\MUSICM~1\unmatch.dll
Nero 7 Essentials --> MsiExec.exe /X{8046A32C-88A7-45DA-B6D7-B6191E261033}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NOD32 antivirus system --> C:\Program Files\Eset\Setup\setup.exe /UNINSTALL
NOD32 FiX v2.1 --> "C:\Program Files\Eset\unins000.exe"
OmniPage SE --> MsiExec.exe /I{6249C22D-E6A8-407B-BA8B-40298848ED94}
Panda ActiveScan --> C:\WINDOWS\system32\ASUninst.exe Panda ActiveScan
Picasa 2 --> "C:\Program Files\Picasa2\Uninstall.exe"
QuickTime --> MsiExec.exe /I{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}
RAW FILE CONVERTER LE --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D680C913-5955-469D-9D88-C1940F7506D6}\SETUP.EXE" -l0x9
Sound Blaster Live! --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9115E7DB-3B29-445A-802D-11E0AA945B7F}\SETUP.EXE" -l0x9
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Messenger --> MsiExec.exe /I{571700F0-DB9D-4B3A-B03D-35A14BB5939F}
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
XnView 1.91.6 --> "C:\Program Files\XnView\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type788 / Error
Event Submitted/Written: 05/14/2008 04:24:09 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 726472280.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type787 / Error
Event Submitted/Written: 05/14/2008 04:23:51 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module npswf32.dll, version 9.0.47.0, fault address 0x000ad5d3.
Processing media-specific event for [firefox.exe!ws!]

Event Record #/Type781 / Success
Event Submitted/Written: 05/14/2008 02:50:21 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type780 / Error
Event Submitted/Written: 05/14/2008 02:37:35 PM
Event ID/Source: 1001 / Application Error
Event Description:
Fault bucket 726461004.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Event Record #/Type779 / Error
Event Submitted/Written: 05/14/2008 02:30:09 PM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application firefox.exe, version 1.8.20080.40413, faulting module nspr4.dll, version 4.6.8.0, fault address 0x0000cec1.
Processing media-specific event for [firefox.exe!ws!]



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type19728 / Error
Event Submitted/Written: 05/14/2008 09:37:44 AM / 05/14/2008 09:37:52 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type19727 / Error
Event Submitted/Written: 05/14/2008 09:37:44 AM / 05/14/2008 09:37:52 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type19726 / Error
Event Submitted/Written: 05/14/2008 09:37:35 AM / 05/14/2008 09:37:52 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type19725 / Error
Event Submitted/Written: 05/14/2008 09:37:34 AM / 05/14/2008 09:37:52 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.

Event Record #/Type19724 / Error
Event Submitted/Written: 05/14/2008 09:37:28 AM / 05/14/2008 09:37:52 AM
Event ID/Source: 11 / Cdrom
Event Description:
The driver detected a controller error on \Device\CdRom1.



-- End of Deckard's System Scanner: finished at 2008-05-14 16:29:10 ------------

BC AdBot (Login to Remove)

 


m

#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:54 AM

Posted 05 June 2008 - 10:56 PM

Hello surgirl. :thumbsup: to BleepingComputer.com

My name is Billy O'Neal and I will be helping you. (Billy or Bill is fine, if you like.)
Please give me some time to look over your computer's log(s).
Please take note of the following:
  • In the meantime, please refrain from making any changes to your computer.
  • Also, even if things appear to be running better, there is no guarantee that everything is finished. Please continue to check this forum post in order to ensure we get your system completely clean. We do not want to clean you part-way up, only to have the system re-infect itself. :)
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Finally, please reply using the Posted Image button in the lower left hand corner of your screen.
See you soon,
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,301 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:12:54 AM

Posted 09 June 2008 - 03:56 PM

Hello, surgirl.

Sorry about the delay.

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.


If you wish to continue, we will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
A new DSS Main.txt


Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#4 surgirl

surgirl
  • Topic Starter

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 10 June 2008 - 07:13 PM

Thanks for the help Bill, I've decided to reinstall the OS.

#5 harrythook

harrythook


  • Security Colleague
  • 4,152 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Philadelphia
  • Local time:02:54 AM

Posted 10 June 2008 - 09:33 PM

Sorry we could not help you with this problem
If you need help with format or re-installation please feel free to ask for help.

As this issue seems to be resolved, this thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
For all others, if you have a similar issue please start a new topic.

Thanks for asking in BleepingComputer.com

Veni Vidi Vici
THE FIGHT AGAINST MALWARE

Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users