Anara
2008-05-14, 08:49
Spybot is unable to fix for a long time after updating.
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
--------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 13, 2008 1:57:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 768228
--------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 128104
Number of viruses found: 6
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 02:21:34
Infected Object Name / Virus Name / Last Action
C:\78bf0341dfe7409fff\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\otmjcpkf\ynqzahyh.exe.bak Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\interchk.chk Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/utakaofm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qor skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/badjhjjg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qor skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/byXPIbxX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/mlJcCspQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/mlJcCspQ.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/ljJaywWM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip/byXPIbxX.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\call256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat2048.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat8192.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg16384.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\contactgroup1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\index2.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user16384.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user32768.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\analog and other stuff~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Buck Hollywood - I had to have it!~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\CBC ~p Top Stories News~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\eBay Canada General Announcements~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Europe and Central Asia World Bank~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Notes~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Posts~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Status Updates~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Facebook~d Anara Zh's Notifications~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Facebook~d What's New~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FreeExchange~dRU~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FreeTorrent~dru~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\IMDb News~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\International Herald Tribune - World News, Analysis, and Global Opinions~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\Видео КВН~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\КВН для ВСЕХ~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\Новинки КВН~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Microsoft Office Online Canada~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\MIT OpenCourseWare~c New Courses in Economics~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Most Viewed~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\MyOttawa~dRU~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Off the Rack - StyleWatch - People~dcom~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Official Gmail Blog~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Olympus America Consumer Electronics~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF100A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF107D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1094.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1107.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1115.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1188.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF119F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1A3B.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1A49.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1AC5.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1AD3.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1B4F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1B66.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF324F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF325D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF330E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF331C.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF33AD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF33BB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3439.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3502.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3577.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF358E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3AFF.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3B0E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF8CB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF910.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF9EE.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF9FC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFA81.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFA98.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFAC62.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFAD39.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB14.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB22.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB95.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFBAC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFC1F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFC2D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFCA0.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFCB7.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFD33.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFD4A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFDBD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFDCB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFE47.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFE5A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFECD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFEE4.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFF60.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFF80.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFFFC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\2BT3A698\68_180_219_135[1] Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\K0E6XL2M\68_180_219_128[1] Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlKCsS.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qng skipped
C:\SDFix\backups\backups.zip/backups/dpevflbg.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/olgdqarf.exe Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/vadokmxt.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/wdpoefan.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/wxvgsdbq.exe Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip ZIP: infected - 5 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP58\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{65434333-06DC-4666-8ECC-AA0A02377264}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\W3SVC1\ex080513.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_8d8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP58\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:52 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PRMT8\PRMTED\EDLauncher.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\PRMT8\PRMTED\prmedsvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8FAA95CB-EC60-4996-BB6B-6D0E4545C9C8} - C:\WINDOWS\system32\mlJcCspQ.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C4999B47-3FD3-4EF1-8A7F-A46CE75D79AD} - C:\WINDOWS\system32\wvUlIXQI.dll (file missing)
O2 - BHO: (no name) - {C733BC2E-B26F-48DF-AEB7-6D5111C0A000} - C:\WINDOWS\system32\byXPIbxX.dll (file missing)
O2 - BHO: (no name) - {E439B6B9-46AA-4FD3-8705-237436B12F99} - C:\WINDOWS\system32\ljJaywWM.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [21766322] rundll32.exe "C:\WINDOWS\system32\badjhjjg.dll",b
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP-Diags] C:\DOCUME~1\ANARAZ~1\LOCALS~1\Temp\HPISPz\hpdom\hpdiags.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MimarSinan Rubber Ducky] "C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zbnewpvb] C:\WINDOWS\system32\kxofafcz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EDLauncher] C:\Program Files\PRMT8\PRMTED\EDLauncher.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F519B46-96EF-499F-BF24-C9E1548FA56B} (Sony SNC-DF70 Control) - http://ffcoservery1.webcam.carleton.ca/program/SonySncDf70View.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANARAZ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ANARAZ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 14628 bytes
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
--------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 13, 2008 1:57:58 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 768228
--------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 128104
Number of viruses found: 6
Number of infected objects: 24
Number of suspicious objects: 0
Duration of the scan process: 02:21:34
Infected Object Name / Virus Name / Last Action
C:\78bf0341dfe7409fff\update\update.exe Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\otmjcpkf\ynqzahyh.exe.bak Infected: Trojan.Win32.Obfuscated.gx skipped
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\Config\interchk.chk Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Sophos\Sophos Anti-Virus\logs\SAV.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip/utakaofm.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qor skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip/badjhjjg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qor skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip/byXPIbxX.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll12.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip/mlJcCspQ.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip/mlJcCspQ.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll5.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip/ljJaywWM.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll6.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip/byXPIbxX.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.qni skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondedll9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\call256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat2048.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chat8192.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg16384.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\contactgroup1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\index2.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\profile4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\sms512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user1024.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user16384.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user32768.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\user4096.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Application Data\Skype\anarkotik_kz\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\analog and other stuff~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Buck Hollywood - I had to have it!~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\CBC ~p Top Stories News~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\eBay Canada General Announcements~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Europe and Central Asia World Bank~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Notes~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Posts~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Anara Zh's Friends' Facebook Status Updates~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Facebook~d Anara Zh's Notifications~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Facebook~dcom~\Facebook~d What's New~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FeedsStore.feedsdb-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FreeExchange~dRU~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\FreeTorrent~dru~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\IMDb News~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\International Herald Tribune - World News, Analysis, and Global Opinions~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\Видео КВН~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\КВН для ВСЕХ~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\KVN links~\Новинки КВН~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Microsoft Office Online Canada~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\MIT OpenCourseWare~c New Courses in Economics~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Most Viewed~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\MyOttawa~dRU~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Off the Rack - StyleWatch - People~dcom~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Official Gmail Blog~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds\Olympus America Consumer Electronics~.feed-ms Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF100A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF107D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1094.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1107.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1115.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1188.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF119F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1A3B.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1A49.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1AC5.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1AD3.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1B4F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF1B66.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF324F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF325D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF330E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF331C.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF33AD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF33BB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3439.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3502.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3577.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF358E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3AFF.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF3B0E.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF8CB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF910.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF9EE.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DF9FC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFA81.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFA98.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFAC62.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFAD39.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB14.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB22.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFB95.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFBAC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFC1F.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFC2D.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFCA0.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFCB7.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFD33.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFD4A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFDBD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFDCB.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFE47.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFE5A.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFECD.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFEE4.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFF60.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFF80.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Local Settings\Temp\~DFFFC.tmp Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\2BT3A698\68_180_219_135[1] Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Anara Zhiyenbekova\Temporary Internet Files\Content.IE5\K0E6XL2M\68_180_219_128[1] Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\vtUlKCsS.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.qng skipped
C:\SDFix\backups\backups.zip/backups/dpevflbg.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/olgdqarf.exe Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/vadokmxt.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/wdpoefan.dll Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip/backups/wxvgsdbq.exe Infected: Trojan.Win32.Vapsup.ekr skipped
C:\SDFix\backups\backups.zip ZIP: infected - 5 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP58\change.log Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{65434333-06DC-4666-8ECC-AA0A02377264}.crmlog Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\W3SVC1\ex080513.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\msmq\storage\QMLog Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\Perflib_Perfdata_8d8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\_restore{3A579F61-82CF-4117-919A-DB7B394CD5BC}\RP58\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:51:52 PM, on 5/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PRMT8\PRMTED\EDLauncher.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\uTorrent\utorrent.exe
C:\Program Files\PRMT8\PRMTED\prmedsvr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IconixBHOClass Class - {761233B6-F228-49E4-8F6B-668499D4E55A} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {8FAA95CB-EC60-4996-BB6B-6D0E4545C9C8} - C:\WINDOWS\system32\mlJcCspQ.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {C4999B47-3FD3-4EF1-8A7F-A46CE75D79AD} - C:\WINDOWS\system32\wvUlIXQI.dll (file missing)
O2 - BHO: (no name) - {C733BC2E-B26F-48DF-AEB7-6D5111C0A000} - C:\WINDOWS\system32\byXPIbxX.dll (file missing)
O2 - BHO: (no name) - {E439B6B9-46AA-4FD3-8705-237436B12F99} - C:\WINDOWS\system32\ljJaywWM.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /nodetect
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [21766322] rundll32.exe "C:\WINDOWS\system32\badjhjjg.dll",b
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP-Diags] C:\DOCUME~1\ANARAZ~1\LOCALS~1\Temp\HPISPz\hpdom\hpdiags.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck /autoclose
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MimarSinan Rubber Ducky] "C:\Program Files\MimarSinan Rubber Ducky\RubberDucky.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [zbnewpvb] C:\WINDOWS\system32\kxofafcz.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EDLauncher] C:\Program Files\PRMT8\PRMTED\EDLauncher.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: utorrent.lnk = C:\Program Files\uTorrent\utorrent.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra 'Tools' menuitem: Email ID Preferences - {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra 'Tools' menuitem: About Email ID - {BC3F6B6D-2E49-4603-B028-7411655713F3} - C:\Program Files\Iconix\IEAddOn\IconixBHO_26.dll (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} -
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqnbk2/downloads/sysinfo.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {5F519B46-96EF-499F-BF24-C9E1548FA56B} (Sony SNC-DF70 Control) - http://ffcoservery1.webcam.carleton.ca/program/SonySncDf70View.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.2.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/ANARAZ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Component 1: (no name) - file:///C:/DOCUME~1/ANARAZ~1/LOCALS~1/Temp/msohtml1/01/clip_image002.jpg
--
End of file - 14628 bytes