ok heres the logs:
ComboFix 08-08-14.05 - Admin 2008-08-15 18:31:57.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.267 [GMT -6:00]
Running from: C:\Documents and Settings\Admin\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Admin\Application Data\DriveCleaner Free
C:\Documents and Settings\Admin\Application Data\DriveCleaner Free\Logs\update.log
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\AW698Y4H\interclick.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\#SharedObjects\AW698Y4H\interclick.com\ud.sol
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Admin\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Admin\Application Data\rhcgavj0ea3n
C:\Documents and Settings\Admin\err.log
C:\Documents and Settings\Administrator.DANSCOMP-VT4VH2\Application Data\rhcgavj0ea3n
C:\Program Files\Common Files\drivecleaner free
C:\Program Files\Common Files\drivecleaner free\udcpas.exe
C:\Program Files\Common Files\drivecleaner free\udcsdr.exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe
.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.
2008-08-15 18:14 . 2008-08-15 18:14 577,024 --a------ C:\WINDOWS\system32\dllcache\user32.dll
2008-08-15 18:12 . 2008-08-15 18:12 <DIR> d-------- C:\WINDOWS\ERUNT
2008-08-15 18:08 . 2008-08-15 21:15 <DIR> d-------- C:\SDFix
2008-08-14 16:53 . 2008-08-14 16:53 272,384 --a------ C:\WINDOWS\system32\yaywvuRh.dll.vir
2008-08-14 16:49 . 2008-08-14 16:49 <DIR> d-------- C:\Program Files\Trojan Remover
2008-08-14 16:49 . 2008-08-14 16:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-08-14 16:49 . 2008-08-14 16:49 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\Simply Super Software
2008-08-14 16:49 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-08-14 16:49 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-08-14 16:49 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-08-14 16:49 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-08-14 16:49 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-08-14 16:43 . 2008-08-15 18:09 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-08-14 16:43 . 2008-08-15 18:09 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-08-14 16:39 . 2008-08-14 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-14 16:39 . 2008-08-14 16:41 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-14 16:38 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-08-14 16:38 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-08-14 16:37 . 2008-08-14 16:37 <DIR> d-------- C:\Program Files\Zone Labs
2008-08-13 19:19 . 2008-08-13 19:19 <DIR> d-------- C:\Documents and Settings\Administrator.DANSCOMP-VT4VH2\Application Data\AVG7
2008-08-13 19:14 . 2008-08-13 19:14 <DIR> d-------- C:\Documents and Settings\Administrator.DANSCOMP-VT4VH2
2008-08-13 19:03 . 2008-08-13 19:03 <DIR> dr-h----- C:\$VAULT$.AVG
2008-08-13 18:51 . 2008-08-13 18:51 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2008-08-13 18:51 . 2008-08-13 18:51 <DIR> d-------- C:\Documents and Settings\Admin\Application Data\AVG7
2008-08-13 18:50 . 2008-08-13 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-08-13 18:50 . 2008-08-13 18:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2008-08-13 18:42 . 2008-08-13 18:42 60,928 --a------ C:\WINDOWS\system32\blphclavj0ea3n.scr.vir
2008-08-13 18:42 . 2008-08-13 18:42 294 ---hs---- C:\WINDOWS\system32\qyoosqxf.ini
2008-08-13 18:39 . 2008-08-13 18:39 <DIR> d-------- C:\Program Files\Sony Pictures Games
2008-08-13 18:39 . 2008-08-13 18:39 <DIR> d-------- C:\Program Files\MSN Toolbar
2008-08-13 18:39 . 2008-08-13 18:39 <DIR> d-------- C:\Program Files\Hamachi
2008-08-13 18:39 . 2008-08-13 18:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-13 18:31 . 2008-08-13 18:31 <DIR> d-------- C:\Program Files\Magic Workstation
2008-08-13 18:31 . 2008-08-13 18:31 <DIR> d-------- C:\Program Files\Aspyr
2008-08-13 18:31 . 2008-08-13 18:31 <DIR> d-------- C:\My Games
2008-08-13 18:31 . 2008-08-13 18:31 <DIR> d-------- C:\My Download Files
2008-08-13 18:29 . 2008-08-13 18:29 <DIR> d-------- C:\Program Files\Common Files\Motive
2008-08-13 18:29 . 2008-08-13 18:29 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-08-13 18:29 . 2008-08-13 18:29 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-08-10 19:20 . 2008-08-10 19:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Talkback
2008-08-10 19:18 . 2008-08-10 19:18 <DIR> d---s---- C:\Documents and Settings\Administrator
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-09 15:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-03-09 15:29 7561216]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-08-14 16:31 579584]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 09:05 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-07-30 15:00 909904]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 01:56 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-08-13 18:58 219136]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Run VNC Server.lnk]
backup=C:\WINDOWS\pss\Run VNC Server.lnkCommon Startup
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Run VNC Server.lnk
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-06-06 23:46 57344 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 01:56 15360 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Samsung PanelMgr]
--a------ 2007-05-29 16:21 520192 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2006-03-09 15:29 86016 C:\WINDOWS\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2006-03-09 15:29 1519616 C:\WINDOWS\system32\nwiz.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"IDriverT"=3 (0x3)
"usnjsvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"Bonjour Service"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Documents and Settings\\Admin\\My Documents\\SoF2 extract files\\SOF2\\SoF2MP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"=
S2 SSPORT;SSPORT;C:\WINDOWS\system32\Drivers\SSPORT.sys []
*Newly Created Service* - PROCEXP90
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
MSConfigStartUp-lfwrrrtn - C:\WINDOWS\system32\fapypaba.exe
MSConfigStartUp-lphclavj0ea3n - C:\WINDOWS\system32\lphclavj0ea3n.exe
MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
MSConfigStartUp-PAS_Check - C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe
MSConfigStartUp-QuickTime Task - C:\Program Files\QuickTime\qttask.exe
MSConfigStartUp-SDR6_Check - C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe
MSConfigStartUp-SMrhcgavj0ea3n - C:\Program Files\rhcgavj0ea3n\rhcgavj0ea3n.exe
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Admin\Application Data\Mozilla\Firefox\Profiles\tjqvrop2.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL -
hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-15 18:35:31
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-08-15 18:37:04
ComboFix-quarantined-files.txt 2008-08-16 00:36:58
Pre-Run: 3,279,880,192 bytes free
Post-Run: 3,274,473,472 bytes free
148
-----------------------------------------------------------------------------------------------------------------------------------------
SDFix: Version 1.216 Run by Administrator on 08/15/2008 at 06:15 PM
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Restoring Default Desktop Wallpaper
Rebooting
Checking Files :
Trojan Files Found:
C:\WINDOWS\system32\lphclavj0ea3n.exe - Deleted
C:\WINDOWS\SYSTEM32\PHCLAV~1.BMP - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk - Deleted
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk - Deleted
Folder C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 - Removed
Folder C:\WINDOWS\privacy_danger - Removed
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-08-15 18:22:52
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden services ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Documents and Settings\\Admin\\My Documents\\SoF2 extract files\\SOF2\\SoF2MP.exe"="C:\\Documents and Settings\\Admin\\My Documents\\SoF2 extract files\\SOF2\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe"="C:\\Program Files\\Sony Pictures Games\\JEOPARDY!\\JEOPARDY!.exe:*:Enabled:JEOPARDY!"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
Remaining Files :
File Backups: - C:\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 30 Jan 2008 9,420,288 ...H. --- "C:\margaret\~WRL0003.tmp"
Sat 19 Apr 2008 23,543,236 ...H. --- "C:\My Games\THE GAME OF LIFE - Path to Success\THE GAME OF LIFE - Path to Success.exe"
Thu 21 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sat 19 Apr 2008 23,543,236 A..H. --- "C:\System Volume Information\_restore{336A5C33-C047-4319-ADB4-54C0FF619CF3}\RP268\A0030271.exe"
Thu 4 May 2006 444 ...HR --- "C:\Documents and Settings\Admin\Application Data\SecuROM\UserData\securom_v7_01.bak"
Finished!---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:49:25 PM, on 08/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Admin\Desktop\new\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
--
End of file - 3435 bytes