Thanks Dan - PC just finished doing as asked. Here it all is.....
ComboFix 08-03-14.4 - Andy 2008-03-15 12:28:39.2 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.182 [GMT 0:00]
Running from: C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((( Files Created from 2008-02-15 to 2008-03-15 )))))))))))))))))))))))))))))))
.
2008-03-15 12:22 . 2008-03-15 12:22 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-03-15 12:22 . 2008-03-15 12:22 <DIR> d-------- C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Application Data\Malwarebytes
2008-03-15 12:22 . 2008-03-15 12:22 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Malwarebytes
2008-03-15 09:04 . 2008-03-15 09:04 <DIR> d-------- C:\ComboFix(2)
2008-03-14 21:30 . 2008-03-14 21:30 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-13 18:08 . 2008-03-13 18:08 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Kaspersky Lab
2008-03-13 18:07 . 2008-03-13 18:08 <DIR> d-------- C:\WINNT\system32\Kaspersky Lab
2008-03-12 20:12 . 2008-03-12 20:25 3,674 --a------ C:\WINNT\system32\tmp.reg
2008-03-12 20:11 . 2007-09-05 23:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-03-12 20:11 . 2006-04-27 16:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-03-12 20:11 . 2008-03-09 01:15 86,528 --a------ C:\WINNT\system32\VACFix.exe
2008-03-12 20:11 . 2008-03-05 22:29 82,432 --a------ C:\WINNT\system32\IEDFix.exe
2008-03-12 20:11 . 2003-06-05 20:13 53,248 --a------ C:\WINNT\system32\Process.exe
2008-03-12 20:11 . 2004-07-31 17:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-03-12 20:11 . 2007-10-03 23:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-03-12 19:47 . 2008-03-12 19:47 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-03-12 19:28 . 2008-03-12 19:28 <DIR> d-------- C:\Program Files\Opera
2008-03-12 18:08 . 2008-03-12 18:00 691,545 --a------ C:\WINNT\unins000.exe
2008-03-12 18:08 . 2008-03-12 18:08 2,538 --a------ C:\WINNT\unins000.dat
2008-03-12 17:15 . 2008-03-12 17:15 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-03-12 17:15 . 2008-03-12 17:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2008-03-10 22:52 . 2008-03-10 22:52 <DIR> d-------- C:\Program Files\Common Files\ColorPlaza
2008-03-05 15:55 . 2008-03-05 15:55 <DIR> d--hs---- C:\FOUND.000
2008-03-05 15:55 . 2008-03-15 09:20 335 --a------ C:\WINNT\system32\vsconfig.xml
2008-03-04 22:44 . 2008-03-04 22:44 54,156 --ah----- C:\WINNT\QTFont.qfn
2008-03-04 22:44 . 2008-03-04 22:44 1,409 --a------ C:\WINNT\QTFont.for
2008-03-03 18:33 . 2008-03-03 18:33 <DIR> d-------- C:\Program Files\Colormailer
2008-03-03 17:29 . 2008-03-03 17:29 <DIR> d-------- C:\Program Files\MyPhotoIndex
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-15 09:17 6,872 --sha-w C:\WINNT\system32\drivers\fidbox.idx
2008-03-15 09:17 407,584 --sha-w C:\WINNT\system32\drivers\fidbox.dat
2008-03-15 09:17 35,840 ------w C:\WINNT\Internet Logs\xDBC5.tmp
2008-03-14 08:57 32,256 ------w C:\WINNT\Internet Logs\xDBC4.tmp
2008-03-14 08:16 14,597,431 ------w C:\WINNT\Internet Logs\tvDebug.zip
2008-03-13 23:58 40,960 ------w C:\WINNT\Internet Logs\xDBC3.tmp
2008-03-12 23:52 33,792 ------w C:\WINNT\Internet Logs\xDBC2.tmp
2008-03-12 20:32 3,514,880 ------w C:\WINNT\Internet Logs\xDBC1.tmp
2008-03-12 20:06 55,808 ------w C:\WINNT\Internet Logs\xDBC0.tmp
2008-03-12 08:17 33,792 ------w C:\WINNT\Internet Logs\xDBBF.tmp
2008-03-11 23:09 3,484,672 ------w C:\WINNT\Internet Logs\xDBBE.tmp
2008-03-11 10:11 32,256 ------w C:\WINNT\Internet Logs\xDBBD.tmp
2008-03-11 00:10 45,056 ------w C:\WINNT\Internet Logs\xDBBC.tmp
2008-03-09 21:52 36,864 ------w C:\WINNT\Internet Logs\xDBBB.tmp
2008-03-09 14:34 3,467,264 ------w C:\WINNT\Internet Logs\xDBBA.tmp
2008-03-09 12:45 41,472 ------w C:\WINNT\Internet Logs\xDBB9.tmp
2008-03-08 17:50 48,128 ------w C:\WINNT\Internet Logs\xDBB8.tmp
2008-03-06 23:19 38,912 ------w C:\WINNT\Internet Logs\xDBB7.tmp
2008-03-06 11:19 31,232 ------w C:\WINNT\Internet Logs\xDBB6.tmp
2008-03-06 09:33 3,476,480 ------w C:\WINNT\Internet Logs\xDBB5.tmp
2008-03-05 22:53 38,912 ------w C:\WINNT\Internet Logs\xDBB4.tmp
2008-03-04 23:03 39,936 ------w C:\WINNT\Internet Logs\xDBB3.tmp
2008-03-03 22:36 86,016 ------w C:\WINNT\Internet Logs\xDBB2.tmp
2008-02-27 16:45 58,880 ------w C:\WINNT\Internet Logs\xDBB1.tmp
2008-02-23 23:18 48,640 ------w C:\WINNT\Internet Logs\xDBB0.tmp
2008-02-20 22:55 42,496 ------w C:\WINNT\Internet Logs\xDBAF.tmp
2008-02-18 21:52 56,320 ------w C:\WINNT\Internet Logs\xDBAE.tmp
2008-02-13 23:57 32,768 ------w C:\WINNT\Internet Logs\xDBAD.tmp
2008-02-13 18:06 33,792 ------w C:\WINNT\Internet Logs\xDBAC.tmp
2008-02-13 17:54 --------- d-----w C:\Program Files\Animated ScreenGif
2008-02-13 13:44 33,792 ------w C:\WINNT\Internet Logs\xDBAB.tmp
2008-02-13 09:27 31,232 ------w C:\WINNT\Internet Logs\xDBAA.tmp
2008-02-12 22:54 36,864 ------w C:\WINNT\Internet Logs\xDBA9.tmp
2008-02-11 23:09 40,448 ------w C:\WINNT\Internet Logs\xDBA8.tmp
2008-02-10 23:25 73,728 ------w C:\WINNT\Internet Logs\xDBA7.tmp
2008-02-07 23:00 35,840 ------w C:\WINNT\Internet Logs\xDBA6.tmp
2008-02-06 22:40 40,448 ------w C:\WINNT\Internet Logs\xDBA5.tmp
2008-02-05 22:54 84,480 ------w C:\WINNT\Internet Logs\xDBA4.tmp
2008-02-01 23:25 36,864 ------w C:\WINNT\Internet Logs\xDBA3.tmp
2008-01-31 22:33 37,888 ------w C:\WINNT\Internet Logs\xDBA2.tmp
2008-01-31 22:12 --------- d-----w C:\Program Files\Belarc
2008-01-30 22:47 47,104 ------w C:\WINNT\Internet Logs\xDBA1.tmp
2008-01-30 22:41 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-30 22:40 --------- d-----w C:\Program Files\bootAmp
2008-01-29 22:31 49,152 ------w C:\WINNT\Internet Logs\xDBA0.tmp
2008-01-28 15:17 39,424 ------w C:\WINNT\Internet Logs\xDB9F.tmp
2008-01-27 21:55 61,440 ------w C:\WINNT\Internet Logs\xDB9E.tmp
2008-01-26 12:36 --------- d-----w C:\Program Files\Kontiki
2008-01-26 00:48 34,816 ------w C:\WINNT\Internet Logs\xDB9D.tmp
2008-01-25 17:04 41,472 ------w C:\WINNT\Internet Logs\xDB9C.tmp
2008-01-24 11:51 32,256 ------w C:\WINNT\Internet Logs\xDB9B.tmp
2008-01-24 11:17 70,656 ------w C:\WINNT\Internet Logs\xDB9A.tmp
2008-01-20 20:51 --------- d-----w C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Application Data\stickies
2008-01-20 20:50 --------- d-----w C:\Program Files\Stickies
2008-01-20 12:15 --------- d-----w C:\Program Files\Software by Design
2008-01-19 22:55 39,936 ------w C:\WINNT\Internet Logs\xDB99.tmp
2008-01-19 22:18 796,672 ----a-w C:\WINNT\GPInstall.exe
2008-01-19 22:18 --------- d-----w C:\Program Files\Aardvark
2008-01-19 21:28 86,016 ------w C:\WINNT\Internet Logs\xDB98.tmp
2008-01-19 21:18 --------- d-----w C:\Program Files\Shock Utility
2008-01-19 21:17 65,536 ----a-w C:\WINNT\IFinst27.exe
2008-01-19 20:55 --------- d-----w C:\Program Files\BellCraft.com
2008-01-19 20:32 --------- d-----w C:\Program Files\ClocX
2008-01-19 20:16 --------- d-----w C:\Program Files\DeskSweeper
2008-01-19 13:12 50,176 ------w C:\WINNT\Internet Logs\xDB97.tmp
2008-01-18 21:04 75,776 ------w C:\WINNT\Internet Logs\xDB96.tmp
2008-01-17 22:57 365,568 ------w C:\WINNT\Internet Logs\xDB95.tmp
2008-01-16 19:43 3,318,784 ------w C:\WINNT\Internet Logs\xDB94.tmp
2008-01-16 19:39 --------- d-----w C:\Program Files\Thoosje
2008-01-15 23:06 3,321,344 ------w C:\WINNT\Internet Logs\xDB93.tmp
2008-01-15 21:42 --------- d-----w C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Application Data\Desktop Sidebar
2008-01-15 16:52 606,208 ------w C:\WINNT\Internet Logs\xDB92.tmp
2008-01-15 16:41 --------- d-----w C:\Program Files\RocketDock
2008-01-13 16:39 2,355,813 ----a-w C:\WINNT\system32\qt3A.tmp
2008-01-13 15:42 2,378,297 ----a-w C:\WINNT\system32\qt1A.tmp
2008-01-12 22:21 260,608 ------w C:\WINNT\Internet Logs\xDB91.tmp
2008-01-11 23:51 273,920 ------w C:\WINNT\Internet Logs\xDB90.tmp
2008-01-11 05:53 44,544 ----a-w C:\WINNT\system32\dllcache\pngfilt.dll
2008-01-10 23:00 248,832 ------w C:\WINNT\Internet Logs\xDB8F.tmp
2008-01-09 23:26 1,079,808 ------w C:\WINNT\Internet Logs\xDB8E.tmp
2008-01-07 18:20 686,080 ------w C:\WINNT\Internet Logs\xDB8D.tmp
2008-01-05 18:24 3,240,448 ------w C:\WINNT\Internet Logs\xDB8C.tmp
2008-01-05 18:24 1,409,024 ------w C:\WINNT\Internet Logs\xDB8B.tmp
2008-01-03 21:48 1,523,200 ------w C:\WINNT\Internet Logs\xDB8A.tmp
2008-01-01 00:49 471,040 ------w C:\WINNT\Internet Logs\xDB89.tmp
2007-12-30 23:08 513,024 ------w C:\WINNT\Internet Logs\xDB88.tmp
2007-12-28 23:39 273,920 ------w C:\WINNT\Internet Logs\xDB87.tmp
2007-12-27 23:53 266,240 ------w C:\WINNT\Internet Logs\xDB86.tmp
2007-12-26 22:51 464,384 ------w C:\WINNT\Internet Logs\xDB85.tmp
2007-12-24 21:37 691,200 ------w C:\WINNT\Internet Logs\xDB84.tmp
2007-12-22 23:32 640,512 ------w C:\WINNT\Internet Logs\xDB83.tmp
2007-12-21 19:15 644,096 ------w C:\WINNT\Internet Logs\xDB81.tmp
2007-12-21 19:15 3,217,920 ------w C:\WINNT\Internet Logs\xDB82.tmp
2007-12-19 23:01 347,136 ----a-w C:\WINNT\system32\dllcache\dxtmsft.dll
2007-12-19 22:35 880,640 ------w C:\WINNT\Internet Logs\xDB80.tmp
2007-12-18 09:51 179,584 ------w C:\WINNT\system32\dllcache\mrxdav.sys
2007-12-18 06:18 3,213,824 ------w C:\WINNT\Internet Logs\xDB7F.tmp
2007-12-18 06:18 1,233,920 ------w C:\WINNT\Internet Logs\xDB7E.tmp
2007-12-10 11:51 37,376 ------w C:\WINNT\Internet Logs\xDB7D.tmp
2007-12-09 17:57 37,376 ------w C:\WINNT\Internet Logs\xDB7C.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 16:13 1207080]
"EPSON Stylus D68 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304]
"gStart"="C:\Garmin\gStart.exe" [2007-03-04 23:08 1891416]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18 443968]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2004-08-04 00:56 143360 C:\WINNT\system32\mobsync.exe]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [2004-11-02 09:03 155648]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [2004-11-02 08:59 126976]
"EPSON Stylus D68 Series"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304]
"EPSON Stylus D68 Series (Copy 1)"="C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.exe" [2005-01-25 06:00 98304]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 11:19 579072]
"SlipStream"="C:\Program Files\SlipStream Web Accelerator\slipcore.exe" [2006-03-23 11:03 258048]
"zBrowser Launcher"="C:\Program Files\Logitech\iTouch\iTouch.exe" [2002-11-23 02:15 631362]
"MMTray"="C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2002-05-20 19:36 90112]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:56 110592 C:\WINNT\system32\bthprops.cpl]
"FLMK08KB"="C:\Program Files\Muiltmedia keyboard utility\MMKEYBD.EXE" [2007-09-20 20:06 207360]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32 53248]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2007-11-14 16:05 919016]
"CoolSwitch"="C:\WINNT\system32\taskswitch.exe" [2002-03-19 17:30 45632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"internat.exe"="internat.exe" [1999-12-07 17:00 20752 C:\WINNT\system32\internat.exe]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-24 09:27 219136]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-10-23 21:18 443968]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="C:\WINNT\system32\tscupgrd.exe" [2004-08-03 22:59 44544]
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Start Menu\Programs\Startup\
DeskSweeper.lnk - C:\Program Files\DeskSweeper\DeskSweeper.exe [1999-03-09 236032]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
SiWake.lnk - C:\Program Files\Wireless LAN Utility\SiWake.exe [2006-07-20 16:52:32 135168]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
Exif Launcher 2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe [2007-10-24 18:34:35 294912]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R1 bizVSerial;Franson VSerial;C:\WINNT\system32\drivers\bizVSerialNT.sys [2006-04-03 21:00]
R1 Ext2fs;Ext2fs;C:\WINNT\system32\DRIVERS\ext2fs.sys [2006-10-23 18:20]
R1 IfsDrives;IfsDrives;C:\WINNT\system32\DRIVERS\IfsDrives.sys [2004-09-25 00:28]
R3 HCWBT8XX;Hauppauge WinTV 848/9 WDM Video Driver;C:\WINNT\system32\drivers\HCWBT8XX.sys [2006-01-25 16:14]
R3 LCcfltr;Logitech USB Filter Driver;C:\WINNT\system32\drivers\lccfltr.sys [2002-11-08 09:50]
S3 Franson GpsGate 2.0;Franson GpsGate 2.0;C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe [2006-12-01 19:00]
S3 LucentSoftModem;Lucent Technologies Soft Modem;C:\WINNT\system32\DRIVERS\LTSM.sys [2001-08-17 13:28]
S3 V90drv;v90drv;C:\WINNT\system32\DRIVERS\v90drv.sys [2001-11-29 16:10]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2467094c-2346-11dc-95ec-00096b7d5e1b}]
\Shell\AutoRun\command - E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{44e851c6-1d6b-11db-9890-00096b7d5e1b}]
\Shell\AutoRun\command - E:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{99f70218-ef0a-11db-9558-00096b7d5e1b}]
\Shell\AutoRun\command - PortableApps\PortableAppsMenu\PortableAppsMenu.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-03-15 12:32:38
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-03-15 12:34:36
ComboFix-quarantined-files.txt 2008-03-15 12:34:28
ComboFix2.txt 2008-03-15 09:22:56
.
2008-03-13 08:04:14 --- E O F ---
Malwarebytes' Anti-Malware 1.08
Database version: 493
Scan type: Full Scan (A:\|C:\|E:\|X:\|Y:\|Z:\|)
Objects scanned: 224327
Time elapsed: 52 minute(s), 16 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, March 15, 2008 4:27:25 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 15/03/2008
Kaspersky Anti-Virus database records: 631406
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
X:\
Y:\
Z:\
Scan Statistics:
Total number of scanned objects: 183561
Number of viruses found: 5
Number of infected objects: 14
Number of suspicious objects: 0
Duration of the scan process: 02:47:07
Infected Object Name / Virus Name / Last Action
C:\WINNT\system32\config\system.LOG Object is locked skipped
C:\WINNT\system32\config\software.LOG Object is locked skipped
C:\WINNT\system32\config\default.LOG Object is locked skipped
C:\WINNT\system32\config\SECURITY.LOG Object is locked skipped
C:\WINNT\system32\config\SAM.LOG Object is locked skipped
C:\WINNT\system32\config\AppEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SecEvent.Evt Object is locked skipped
C:\WINNT\system32\config\SysEvent.Evt Object is locked skipped
C:\WINNT\system32\config\Internet.evt Object is locked skipped
C:\WINNT\system32\config\SECURITY Object is locked skipped
C:\WINNT\system32\config\SOFTWARE Object is locked skipped
C:\WINNT\system32\config\SYSTEM Object is locked skipped
C:\WINNT\system32\config\DEFAULT Object is locked skipped
C:\WINNT\system32\config\SAM Object is locked skipped
C:\WINNT\system32\drivers\fidbox.dat Object is locked skipped
C:\WINNT\system32\drivers\fidbox.idx Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINNT\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINNT\system32\CatRoot2\edb.log Object is locked skipped
C:\WINNT\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINNT\system32\h323log.txt Object is locked skipped
C:\WINNT\Temp\ZLT038f2.TMP Object is locked skipped
C:\WINNT\Temp\ZLT038fc.TMP Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\wiaservc.log Object is locked skipped
C:\WINNT\wiadebug.log Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINNT\Internet Logs\IBM.ldb Object is locked skipped
C:\WINNT\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINNT\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINNT\Internet Logs\tvDebug.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\ntuser.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\History\History.IE5\MSHist012008031520080316\index.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Application Data\Identities\{F2578160-F065-4B43-A0BF-FB7B717432D6}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx/[From M:e:d Source <usmail@expeediamail.com>][Date Thu, 27 Jul 2006 13:28:10 -0800]/PLEASE_VISIT_OUR_MEDSITE_HERE.html Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Local Settings\Application Data\Identities\{F2578160-F065-4B43-A0BF-FB7B717432D6}\Microsoft\Outlook Express\Hotmail - Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Andy .HOME-J68SS7HK0H\UserData\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP549\A0093676.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP549\A0093676.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP549\A0093676.exe RarSFX: infected - 2 skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP549\A0093683.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP550\A0093750.exe Infected: Trojan-Proxy.Win32.Horst.zc skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP550\A0095748.DLL Object is locked skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP550\A0095755.dll Object is locked skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP551\A0095862.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP551\A0095863.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\System Volume Information\_restore{5008BB72-D7D3-46B1-B613-F92FB2652DB1}\RP552\change.log Object is locked skipped
C:\QooBox\Quarantine\C\WINNT\system32\eueycdco.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\C\WINNT\system32\kjlqkctm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-15_ 91910.39.zip/urqnkig.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jwy skipped
C:\QooBox\Quarantine\catchme2008-03-15_ 91910.39.zip/vtsqr.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-15_ 91910.39.zip ZIP: infected - 2 skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Y:\usr\lib\Adobe\Acrobat7.0\Reader\HowTo\ENU\images Object is locked skipped
Z:\andyk\.gdesklets\displays Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:29:12, on 15/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\igfxtray.exe
C:\WINNT\system32\hkcmd.exe
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE
C:\Program Files\SlipStream Web Accelerator\slipcore.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\taskswitch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Garmin\gStart.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Wireless LAN Utility\SiWake.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\DeskSweeper\DeskSweeper.exe
C:\Program Files\Muiltmedia keyboard utility\KbdAp32A.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\bgsvcgen.exe
C:\WINNT\system32\E_S00RP1.EXE
C:\WINNT\system32\SAgent4.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\removal.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://uk.msn.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: StumbleUpon Launcher - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O2 - BHO: PBlockHelper Class - {4115122B-85FF-4DD3-9515-F075BEDE5EB5} - C:\Program Files\SlipStream Web Accelerator\PBHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [EPSON Stylus D68 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [EPSON Stylus D68 Series (Copy 1)] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P32 "EPSON Stylus D68 Series (Copy 1)" /O6 "USB001" /M "Stylus D68"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SlipStream] "C:\Program Files\SlipStream Web Accelerator\slipcore.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [FLMK08KB] C:\Program Files\Muiltmedia keyboard utility\MMKEYBD.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINNT\system32\taskswitch.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ScreenGif] a
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [EPSON Stylus D68 Series] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_FATIAAE.EXE /P23 "EPSON Stylus D68 Series" /M "Stylus D68" /EF "HKCU"
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [internat.exe] internat.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [internat.exe] internat.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [internat.exe] internat.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: DeskSweeper.lnk = C:\Program Files\DeskSweeper\DeskSweeper.exe
O4 - Global Startup: SiWake.lnk = C:\Program Files\Wireless LAN Utility\SiWake.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher 2.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:\WINNT\system32\GPhotos.scr/200
O8 - Extra context menu item: StumbleUpon: &Blog This -
res://StumbleUponIEBar.dll/blogimageO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partne ... nicode.cabO16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://download.bitdefender.com/resourc ... oscan8.cabO16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) -
http://www-307.ibm.com/pc/support/IbmEgath.cabO16 - DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} (CInstallLPCtrl Object) -
http://u3.sandisk.com/download/apps/LPInstaller.CABO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/s ... wflash.cabO20 - Winlogon Notify: urqnkig - C:\WINNT\
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINNT\system32\bgsvcgen.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINNT\system32\E_S00RP1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Franson GpsGate 2.0 - Unknown owner - C:\Program Files\Franson\GpsGate 2.0\GpsGateService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\VIRUSfighter\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Epson Printer Status Agent4 (StatusAgent4) - SEIKO EPSON CORPORATION - C:\WINNT\system32\SAgent4.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZONELABS\vsmon.exe
--
End of file - 10423 bytes