AVG Anti-Spyware-ScanReport
_
_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_
_
_
_
_Created at:16:37:34 15/11/2006
_
_
_
_ +Scan result:
_
_
_
_
_
_
_
_C:\Program Files\Common Files\{4875D8BB-0879-1033-0422-04040623002c}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{4875D8BB-087B-1033-0422-04040623002c}\Update.exe -> Adware.Agent : Cleaned with backup (quarantined).
_
C:\Program Files\VSAdd-in\VSAdd-in.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\PrintView\printhook030.dll -> Adware.PrintView : Cleaned with backup (quarantined).
_
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\iyaohcmv.exe.bad -> Adware.Searchcolor : Cleaned with backup (quarantined).
_
C:\WINDOWS\system32\bsrhtlio.exe -> Adware.Searchcolor : Cleaned with backup (quarantined).
_
C:\Program Files\Common Files\{4875D8BB-0879-1033-0422-04040623002c}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
_
C:\Program Files\Common Files\{4875D8BB-087A-1033-0422-04040623002c}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{4875D8BB-087A-1033-0422-04040623002c}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{4875D8BB-087B-1033-0422-04040623002c}\services.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtqqpp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\awtrrpq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\awtrssp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_C:\VundoFix Backups\byxuvut.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\byxvwxv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\byxwwwv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxwuss.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\cbxyaxy.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ddcawww.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ddccbbx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ddcdbba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ddcdebx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\efcywxw.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
_C:\VundoFix Backups\fcccyvt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\gebcdba.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\gebxvtt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\gebxvwx.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\iifccdb.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\iifgedd.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\iifghgf.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\khfdaxv.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
_C:\VundoFix Backups\khffecc.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\khfgggg.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
_C:\VundoFix Backups\ljjgede.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
_C:\VundoFix Backups\ljjkkjk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\mljijgh.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\opnnljk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\pmnkhfe.dll.bad -> Adware.Virtumonde :Cleaned with backup (quarantined).
_
C:\VundoFix Backups\pmnmnkj.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\rqrpooo.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\rqrrrrp.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ssqpnli.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ssqqomn.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\ssqqrrq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\tuvtust.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\tuvutqq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\tuvuvsr.dll.bad -> Adware.Virtumonde :Cleaned with backup (quarantined).
_
C:\VundoFix Backups\tuvwuur.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\urqpnkk.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\vtutusq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\wvustut.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\wvutstt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\xxyabaa.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\xxyyxvu.dll .bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\yayvwus.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\VundoFix Backups\yayxvvt.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\WINDOWS\system32\ssqnmli.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
C:\wacky2.exe/rmsyrup.exe -> Adware.Virtumonde : Cleaned with backup (quarantined).
_
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
_
C:\WINDOWS\system32\SpOrder.dll -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
_
C:\fopn.sys -> Adware.WinAntiVirus : Cleaned with backup (quarantined).
_
C:\WINDOWS\alm.exe -> Downloader.Small.duf : Cleaned with backup (quarantined).
_
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\DD1TYA9I\alm[1].exe -> Downloader.Small.duf : Cleaned with backup (quarantined).
_
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
_
:mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt-> TrackingCookie.2o7 : Cleaned.
_
:mozilla.16:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
_
:mozilla.17:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
_
:mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
_
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
_
:mozilla.355:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
_
:mozilla.356:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
_
:mozilla.284:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
_
:mozilla.285:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
_
:mozilla.286:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
_
:mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
_
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
_
:mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
_
:mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
_
:mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.121:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
_
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
_
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
_
:mozilla.80:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
_
:mozilla.81:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
_
:mozilla.82:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
_
:mozilla.83:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
_
:mozilla.454:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.455:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
_
:mozilla.456:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
_
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
_
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6nwli6sj.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
_
_
_
_
_
::Report end
Administrator - 06-11-16 9:39:05.98 Service Pack 2
ComboFix 06.11.9 - Running from: "C:\Documents and Settings\Administrator\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\PrintView
C:\Program Files\Common Files\{4875D8BB-0879-1033-0422-04040623002c}
C:\Program Files\Common Files\{4875D8BB-087A-1033-0422-04040623002c}
C:\Program Files\Common Files\{4875D8BB-087B-1033-0422-04040623002c}
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\DOBE~1
C:\QooBox\Purity\WINDOWS\DOBE~1\?dobe
((((((((((((((((((((((((((((((( Files Created from 2006-10-16 to 2006-11-16 ))))))))))))))))))))))))))))))))))
2006-11-15 13:29 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-09 14:57 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2006-11-09 14:57 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2006-11-04 21:40 13,714,856 --a------ C:\zlsSetup_65_737_000_en.exe
2006-11-01 19:38 48,128 --a------ C:\mainboard.exe
2006-11-01 17:54 58,952 --a------ C:\WINDOWS\system32\MsgPlusLoader.dll
2006-10-29 13:57 9,728 --------- C:\WINDOWS\system32\rwnh.dll
2006-10-29 13:57 10,752 --------- C:\WINDOWS\system32\smtpapi.dll
2006-10-26 18:19 50,048 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-10-17 13:33 364,000 --ahs---- C:\WINDOWS\system32\vycdd.bak1
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-11-16 09:39 -------- d-a------ C:\Program Files\Common Files
2006-11-15 17:04 -------- d-------- C:\Program Files\Spyware Doctor
2006-11-15 17:03 -------- d-------- C:\Program Files\QuickTime
2006-11-15 17:00 -------- d-------- C:\Program Files\iTunes
2006-11-15 17:00 -------- d-------- C:\Program Files\Internet Explorer
2006-11-15 16:36 -------- d-------- C:\Program Files\VSAdd-in
2006-11-15 13:29 -------- d-------- C:\Program Files\Grisoft
2006-11-13 09:48 -------- d-------- C:\Program Files\Trojan Remover
2006-11-10 18:03 -------- d-------- C:\Documents and Settings\Administrator\Application Data\theFilter
2006-11-10 18:01 -------- d-------- C:\Program Files\TheFilter
2006-11-10 17:53 -------- d-------- C:\Program Files\iPod
2006-11-10 17:50 -------- d-------- C:\Program Files\Apple Software Update
2006-11-09 14:57 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Simply Super Software
2006-11-05 17:42 139265 --a------ C:\WINDOWS\system32\PhotoBase Screen Saver.scr
2006-11-05 14:20 -------- d-------- C:\Program Files\WinZip
2006-11-04 21:41 -------- d-------- C:\Program Files\Zone Labs
2006-11-01 17:45 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-10-28 15:27 -------- d-------- C:\Program Files\XoftSpySE
2006-10-28 13:48 -------- d-------- C:\Program Files\SiSLan
2006-10-27 17:41 -------- d-------- C:\Program Files\Photodex Presenter
2006-10-27 17:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Netscape
2006-10-27 17:41 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Mozilla
2006-10-26 18:11 -------- d-------- C:\Program Files\xp-AntiSpy
2006-10-26 17:46 -------- d-------- C:\Program Files\a-squared Anti-Malware
2006-10-26 08:49 -------- d-------- C:\Program Files\Outlook Express
2006-10-26 08:49 -------- d-------- C:\Program Files\Common Files\System
2006-10-26 08:49 -------- d-------- C:\Program Files\Common Files\Services
2006-10-26 08:49 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-10-22 19:21 -------- d-------- C:\Program Files\Registry Mechanic
2006-10-22 17:28 -------- d-------- C:\Program Files\Ubi Soft
2006-10-22 17:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-16 08:01 -------- d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft
2006-10-13 20:47 -------- d-------- C:\Program Files\Messenger
2006-10-13 20:40 -------- d-------- C:\Program Files\Windows Media Player
2006-10-13 20:40 -------- d-------- C:\Program Files\Movie Maker
2006-10-13 20:36 -------- d-------- C:\Program Files\Windows NT
2006-10-13 20:36 -------- d-------- C:\Program Files\NetMeeting
2006-10-11 18:20 383386 --ahs---- C:\WINDOWS\system32\llkkj.ini2
2006-10-11 18:16 383417 --ahs---- C:\WINDOWS\system32\llkkj.bak2
2006-10-11 15:30 143380 --a------ C:\WINDOWS\system32\lcmhamfg.exe
2006-10-10 07:06 143380 --a------ C:\WINDOWS\system32\oyyoxatr.exe
2006-10-09 20:27 373675 --ahs---- C:\WINDOWS\system32\llkkj.bak1
2006-10-07 20:43 -------- d-------- C:\Program Files\Virtools Web Player 3.0
2006-10-07 16:48 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-06 12:39 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Windows Live Safety Center
2006-10-05 13:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Canon
2006-10-05 09:33 351 --ahs---- C:\WINDOWS\system32\llnmp.ini2
2006-10-04 19:25 0 --a------ C:\Program Files\Common Files\err.log
2006-10-04 19:25 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Logs
2006-10-01 15:39 -------- d-------- C:\Documents and Settings\Administrator\Application Data\AVG7
2006-10-01 15:36 4992 --a------ C:\WINDOWS\system32\drivers\avgtdi.sys
2006-10-01 15:36 4288 --a------ C:\WINDOWS\system32\drivers\avg7rsw.sys
2006-09-29 15:14 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SiteAdvisor
2006-09-29 11:30 -------- d-------- C:\Program Files\MSN Messenger
2006-09-29 09:02 722 --ahs---- C:\WINDOWS\system32\qqtwa.ini2
2006-09-28 19:09 -------- d-------- C:\Program Files\Lavasoft
2006-09-28 19:09 -------- d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2006-09-22 15:33 -------- d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2006-09-22 15:32 -------- d-------- C:\Program Files\Google
2006-09-21 19:24 -------- d-------- C:\Program Files\STOPzilla!
2006-09-21 19:24 -------- d-------- C:\Program Files\Common Files\STOPzilla!
2006-09-21 19:19 -------- d-------- C:\Documents and Settings\Administrator\Application Data\STOPzilla!
2006-09-19 15:44 15664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2006-09-19 15:43 109360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2006-08-29 18:43 135168 --a------ C:\WINDOWS\system32\swreg.exe
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""
"TrojanScanner"="C:\\Program Files\\Trojan Remover\\Trjscan.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"="\"C:\\Program Files\\Spyware Doctor\\swdoctor.exe\" /Q"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3A947772-3B29-41DB-A436-4B5CAAECE2F6}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"ClearRecentDocsOnExit"=dword:00000001
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{4875D8BB-087A-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-087A-1033-0422-04040623002c}\\Update.exe\" mc-110-12-0000297"
"{4875D8BB-0879-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-0879-1033-0422-04040623002c}\\Update.exe\" te-110-12-0000059"
"{4875D8BB-087B-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-087B-1033-0422-04040623002c}\\Update.exe\" te-110-12-0000059"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{4875D8BB-087A-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-087A-1033-0422-04040623002c}\\Update.exe\" mc-110-12-0000297"
"{4875D8BB-0879-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-0879-1033-0422-04040623002c}\\Update.exe\" te-110-12-0000059"
"{4875D8BB-087B-1033-0422-04040623002c}"="\"C:\\Program Files\\Common Files\\{4875D8BB-087B-1033-0422-04040623002c}\\Update.exe\" te-110-12-0000059"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^iMesh.lnk]
"backup"="C:\\WINDOWS\\pss\\iMesh.lnkStartup"
"location"="Startup"
"item"="iMesh"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler V3.exe]
"location"="Startup"
"item"="PowerReg Scheduler V3"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^PowerReg Scheduler.exe]
"location"="Startup"
"item"="PowerReg Scheduler"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^reminder-ScanSoft Product Registration.lnk]
"backup"="C:\\WINDOWS\\pss\\reminder-ScanSoft Product Registration.lnkStartup"
"location"="Startup"
"item"="reminder-ScanSoft Product Registration"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
"backup"="C:\\WINDOWS\\pss\\Microsoft Office.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\MICROS~1\\Office10\\OSA.EXE -b -l"
"item"="Microsoft Office"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Philips ThumbCam Monitor.lnk]
"backup"="C:\\WINDOWS\\pss\\Philips ThumbCam Monitor.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\PHILIP~2\\PHILIP~1.EXE "
"item"="Philips ThumbCam Monitor"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="atiptaxx"
"hkey"="HKLM"
"command"="C:\\Program Files\\ATI Technologies\\ATI Control Panel\\atiptaxx.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cmaudio]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RunDll32 cmicnfg"
"hkey"="HKLM"
"command"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eastenders Screenmate]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SM"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free Download Manager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="fdm"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchList]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LaunchList"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Media Access]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MediaAccK"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MISAggregator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MsnMsgr"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NI.UWFX5_0001_N53L1025]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UWFX5_0001_N53L1025NetInstaller"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpiStat]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="OpiStat"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"inimapping"="0"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RegSvr32]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpeedTouch USB Diagnostics]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dragdiag"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Alcatel\\SpeedTouch USB\\Dragdiag.exe\" /icon"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_06\\bin\\jusched.exe"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WINDO23]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="s23e-3"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinFixer2005]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UWFX5"
"hkey"="HKCU"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\MCODS
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\McDefragTask.job
C:\WINDOWS\tasks\McQcTask.job
Completion time: 06-11-16 9:39:48.93
C:\ComboFix.txt ... 06-11-16 09:39
Logfile of HijackThis v1.99.1
Scan saved at 11:13:39, on 16/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HJT.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://kristi123.spaces.live.com//Photo ... nPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resourc ... ase969.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/uploader/ ... loader.cab
O16 - DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} (Photodex Presenter AX control) - http://www.photodex.com/pxplay.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~2\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McRedirector - Unknown owner - (no file)
O23 - Service: McShield - Unknown owner - (no file)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe