PDA

View Full Version : Had virtumonde virus ran combofix log still problems



kathryn3581
2009-01-07, 20:27
Now it keeps giving me error messages and crashed IE giving me this error message Microsoft visual C++ debug library Program:C:\ProgramFiles\internetexplorer\iexplore.exe
abnormal product termination
abort retry ignore
(no matter what I press it still crashes)

Here are my logs:
Combofix : ComboFix 09-01-06.02 - user 2009-01-07 11:32:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.680 [GMT -5:00]
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
AV: Verizon Internet Security Suite Anti-Virus *On-access scanning disabled* (Updated)
FW: Verizon Internet Security Suite Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\cumpjscs.ini
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\drivers\senekaovrvyigw.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\iujbnwxn.ini
c:\windows\system32\lmlSBJjl.ini
c:\windows\system32\lmlSBJjl.ini2
c:\windows\system32\lVwwyyay.ini
c:\windows\system32\lVwwyyay.ini2
c:\windows\system32\mcrh.tmp
c:\windows\system32\ntdll64.exe
c:\windows\system32\rqRJDtRj.dll
c:\windows\system32\seneka.dat
c:\windows\system32\senekadf.dat
c:\windows\system32\senekajjbolkpj.dll
c:\windows\system32\senekalog.dat
c:\windows\system32\senekarsqmxyyj.dll
c:\windows\system32\senekauyjrbfhc.dll
c:\windows\system32\test.ttt
c:\windows\system32\umehunfg.ini
c:\windows\system32\uniq.tll
c:\windows\system32\win32hlp.cnf
c:\windows\system32\yayywwVl.dll

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\system32\init32.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((((((((((((((((((((((( Files Created from 2008-12-07 to 2009-01-07 )))))))))))))))))))))))))))))))
.

2009-01-07 09:23 . 2009-01-07 09:23 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-06 21:33 . 2009-01-06 21:33 <DIR> d-------- C:\VundoFix Backups
2009-01-06 21:10 . 2009-01-06 21:10 23,392 --a------ c:\windows\system32\nscompat.tlb
2009-01-06 21:10 . 2009-01-06 21:10 16,832 --a------ c:\windows\system32\amcompat.tlb
2009-01-06 21:09 . 2008-04-14 04:42 221,184 --a------ c:\windows\system32\wmpns.dll
2009-01-06 17:24 . 2009-01-06 17:24 <DIR> d-------- c:\program files\Trend Micro
2009-01-06 08:52 . 2008-04-14 00:15 26,368 --a--c--- c:\windows\system32\dllcache\usbstor.sys
2009-01-05 12:45 . 2009-01-07 11:38 1,394,208 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-01-05 12:45 . 2009-01-07 11:37 19,724 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-01-05 12:45 . 2009-01-07 11:38 7,968 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-01-05 12:45 . 2009-01-07 11:37 1,748 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-01-05 12:37 . 2008-06-26 14:23 112,144 --a------ c:\windows\system32\drivers\kl1.sys
2009-01-05 12:37 . 2008-04-24 14:02 53,192 --a------ c:\windows\system32\drivers\rp_skt32.sys
2009-01-05 12:36 . 2009-01-05 12:36 <DIR> d-------- c:\program files\Raxco
2009-01-05 12:36 . 2009-01-05 12:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\Raxco
2009-01-05 12:36 . 2007-04-19 11:36 48,384 --a------ c:\windows\system32\drivers\rp_pkt32.sys
2009-01-05 11:17 . 2009-01-05 11:17 <DIR> d-------- c:\documents and settings\user\Application Data\Verizon
2009-01-05 11:17 . 2009-01-05 12:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Verizon
2009-01-05 11:04 . 2009-01-05 11:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Motive
2009-01-05 11:03 . 2009-01-05 11:04 <DIR> d-------- c:\program files\Common Files\Motive
2009-01-05 11:02 . 2009-01-05 12:34 <DIR> d-------- c:\program files\Verizon
2009-01-05 08:32 . 2009-01-05 08:32 24,576 --a------ c:\windows\system32\pcload.exe
2009-01-03 09:54 . 2009-01-03 09:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap
2008-12-24 14:00 . 2008-12-24 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Zylom
2008-12-24 14:00 . 2008-12-24 14:00 <DIR> d-------- c:\documents and settings\All Users\Application Data\Trymedia
2008-12-24 13:58 . 2009-01-04 17:26 <DIR> d-------- C:\GameHouse Games
2008-12-24 13:57 . 2009-01-06 21:02 <DIR> d-------- c:\program files\RealArcade
2008-12-18 16:42 . 2008-12-31 18:14 <DIR> d-------- c:\documents and settings\user\Application Data\GameHouse
2008-12-18 16:42 . 2008-12-18 16:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\Playrix Entertainment
2008-12-18 16:42 . 2008-12-18 16:42 <DIR> d-------- c:\documents and settings\All Users\Application Data\n7-89-o9-3r-4t-r9
2008-12-18 16:41 . 2009-01-06 21:00 <DIR> d-------- c:\program files\Google
2008-12-18 16:41 . 2009-01-06 21:00 <DIR> d-------- c:\program files\GameHouse

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-07 02:02 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-07 02:00 --------- d-----w c:\program files\PokerStars
2009-01-07 02:00 --------- d-----w c:\program files\Absolute Poker
2009-01-06 21:43 --------- d-----w c:\program files\Symantec
2009-01-05 17:34 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-05 17:28 --------- d-----w c:\program files\Common Files\Symantec Shared
2008-12-04 23:50 81 ----a-w C:\CTX.DAT
2008-12-02 02:41 --------- d-----w c:\program files\Encompass
2008-12-01 02:27 --------- d-----w c:\documents and settings\user\Application Data\Valusoft
2008-12-01 02:27 --------- d-----w c:\documents and settings\All Users\Application Data\Valusoft
2008-11-26 01:37 --------- d-----w c:\documents and settings\All Users\Application Data\Fugazo
2008-11-26 00:22 --------- d-----w c:\documents and settings\user\Application Data\ePASS
2008-11-26 00:17 --------- d-----w c:\documents and settings\user\Application Data\Encompass
2008-11-25 23:49 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-11-25 23:25 --------- d-----w c:\program files\Microsoft WSE
2008-11-25 23:24 --------- d-----w c:\program files\Common Files\Outlook Security Manager
2008-11-23 19:25 --------- d-----w c:\documents and settings\All Users\Application Data\Awem
2008-11-23 19:24 --------- d-----w c:\documents and settings\All Users\Application Data\Verizon Games on Demand Player
2008-11-23 14:01 --------- d-----w c:\program files\Java
2008-11-23 14:01 --------- d-----w c:\program files\Common Files\Java
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_12\bin\jusched.exe" [2007-05-02 75520]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-10-20 2303216]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2006-06-20 15:11 73728 c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=kgydbd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AzMixerSel]
--------- 2005-08-25 14:21 53248 c:\program files\Realtek\InstallShield\AzMixerSel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2008-04-14 04:42 15360 c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2006-04-05 11:21 77824 c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2006-04-05 11:21 118784 c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2006-04-05 11:21 94208 c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 05:50 155648 c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
--a------ 2006-05-16 18:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R3 Radialpoint Security Services;Verizon Internet Security Suite;c:\program files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe [2008-10-24 96496]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2008-10-11 226304]
S3 USB100TX;Linksys EtherFast 10/100 USB Network Adapter;c:\windows\system32\drivers\USB100TX.sys [2008-10-11 26368]
.
Contents of the 'Scheduled Tasks' folder

2009-01-07 c:\windows\Tasks\qtrdsbyu.job
- c:\windows\system32\rundll32.exe [2008-04-14 04:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{008F598C-C534-407A-8184-FF1BFBD104AD} - c:\windows\system32\ljJBSlml.dll
BHO-{1b86e40f-6e7e-4b1c-a26f-bd2451f845f2} - c:\windows\system32\kgydbd.dll
BHO-{26EB766C-39F4-403A-8359-8B1DDF91E872} - c:\windows\system32\yayywwVl.dll
HKLM-Run-eTrustPPAP - c:\program files\CA\eTrust PestPatrol\PPActiveDetection.exe
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\TEMP\ntdll64.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-07 11:38:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\docume~1\user\LOCALS~1\Temp\ZKS12.tmp 0 bytes

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1136)
c:\windows\system32\VESWinlogon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Verizon\Verizon Internet Security Suite\Fws.exe
c:\program files\Verizon\Verizon Internet Security Suite\RPS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Raxco\PerfectDisk\PDEngine.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-01-07 11:41:09 - machine was rebooted [user]
ComboFix-quarantined-files.txt 2009-01-07 16:41:06

Pre-Run: 152,122,580,992 bytes free
Post-Run: 152,307,314,688 bytes free

195

virus scan: from my securitysoftware:
\Qoobox\Quarantine\C\WINDOWS\system32\rqRJDtRj.dll.vir

Viruses detected: Packed.Win32.PolyCrypt.d
Action taken: None, file was left in its original location.
If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekajjbolkpj.dll.vir

Viruses detected: Trojan.Win32.Small.brl
Action taken: File could not be disinfected. File was quarantined instead.
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekauyjrbfhc.dll.vir

Viruses detected: Trojan.Win32.Agent.aykk
Action taken: File could not be disinfected. File was quarantined instead.
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayywwVl.dll.vir

Viruses detected: Trojan.Win32.Monder.aiwq
Action taken: File could not be disinfected. File was quarantined instead.
C:\System Volume Information\_restore{B96D11F6-EE42-45EB-8A07-A981F799ED54}\RP63\A0014251.dll

Viruses detected: Trojan.Win32.Small.brl
Action taken: File could not be disinfected. File was quarantined instead.
C:\System Volume Information\_restore{B96D11F6-EE42-45EB-8A07-A981F799ED54}\RP63\A0014252.dll

Viruses detected: Trojan.Win32.Agent.aykk
Action taken: File could not be disinfected. File was quarantined instead.
C:\System Volume Information\_restore{B96D11F6-EE42-45EB-8A07-A981F799ED54}\RP64\A0014315.dll

Viruses detected: Packed.Win32.PolyCrypt.d
Action taken: None, file was left in its original location.
If this archive contains files you want to keep, extract the good files from the archive using your archive utility (WinZip for example), and then delete the archive. When extracting your files, make sure real-time virus protection is turned on.
C:\System Volume Information\_restore{B96D11F6-EE42-45EB-8A07-A981F799ED54}\RP64\A0014317.dll

Viruses detected: Trojan.Win32.Monder.aiwq
Action taken: File could not be disinfected. File was quarantined instead.
Files scanned: 36031
Infected files: 8
Disinfected files: 0
Deleted files: 6
Files unable to scan: 0
Report Summary
Files scanned: 36031
Total infected files: 8
Total disinfected files: 0
Total deleted files: 6
Total files unable to scan: 0
Anti-Virus engine status
Last update: 1/7/2009 11:57:35 AM
Version: 1231349940

HJT LOG:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:02:52 PM, on 1/7/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20861)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegTool] C:\Program Files\RegTool\RegTool.exe -boot
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_12\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O10 - Unknown file in Winsock LSP: c:\windows\temp\ntdll64.dll
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1223739195468
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.sun.com/update/1.5.0/jinstall-1_5-windows-i586.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAwareR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe

--
End of file - 5060 bytes