# A trojan/virus that can't be found



## Mary_Anne (Jan 20, 2006)

Im writing because I need help very badly. I have Windows 2000 and have an extremely malicious program in my computer. Around October, 2004 my laptop went crazy. Eight keys in a line froze. 4,5,R,T,F,G,V,B. I added another keyboard and it worked. But then when I was writing an e-mail or document, the number 5 would come on the screen and repeat itself non stop like this: ..55555555555555555555555555555555. It also made a non-stop noise when this was happening. Soon I couldnt send e-mails or write documents. It didnt matter if I was online or not. Soon after that I couldnt even sign in because the password would become a string of stars.************************. I gave up on the computer because I found a job and I could use that computer. I let the ADSL lapse.

But the contract was only for a year, and I was back to the laptop. I used it offline and it seemed to be OK. But then at the end of October, 2005, The same things started to happen. So I changed the date in the computer to March and it started running OK again. I hooked back up to ADSL. It seems whatever is in here is timed to the end of October.

I went to the task manager and put every program into a search engine. I found that an intranet.exe file was bad, as well as a wuaudit.exe file. So I deleted intranet.exe and found that wuaudit.exe was also deleted. But my friend later found that the intranet file was still in my computer. I stumbled across your website and read what you had told someone else to do. So I printed it out and did the same but got different results with different programs. I scanned with Xoftspy and found a threat: software\Microsoft\windows\currentversion\run\intranet.exe and several cookies. Later I typed that into Killbox, but it said there was no such file.

I scanned with Hijackthis and found 52 infections, most of them from a Chinese search engine. I should mention here that I am living in China and everything is monitored by the government, although I dont think they personally go into each and every computer. The first infected file was: [email protected][2].txt. which the scan with Ewido also found (the only one and supposedly deleted), but I later found was still there. Another file was C:\\WINNT\downloaded programfiles\alexa7.inf. There were also 3 of each of the following files with different numbers attached at the end to each: 
HKEY_CLASSES_ROOT\CLSID{CCCCCFBFAE00- 17A6-11D0-99CB-00C04FD64497
HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID\{5E6AB780-7742-11CF-
A12B-00AA004AE837}

I then did what you said about going into %temp% and deleting the files. I had 88 of them, but 3 of some of the first ones wouldnt delete, including DF378.tmp. And I couldnt get rid of anything past THAT file..about 80 more temp files. I tried to move that file to the bottom, but I couldnt. So most of the temp files are still there like DF75A6.tmp.

I dont know much about computers but I looked around in the registry directory and found many things that to me look suspicious. Theres a remote access file and a regedit 32. I went into that and found remote access, agent control access, agent control.1, agent control.2, etc.

I also foundghost2K3.rar-RARarchiveand in that I foundghost.exeghost32.exe, fixdown.net, fixdown.com.txt, 0daycn.net. I also find that whether on of offline, my computer is running some program in the background and I cant control it.

Im sorry this is so long but by doing these scans and attempted deletions ahead of time, we dont have to go back and forth about me doing them. Im desperate for help and dont know what else to do. Is there something you can suggest that will help me get this insanity out of my computer? Im afraid whatever is in here might be running under a friendly name and thats why no scan or no one is finding it.


----------



## cybertech (Apr 16, 2002)

Click here to download *HJTsetup.exe*: http://www.thespykiller.co.uk/files/HJTSetup.exe
Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to *C:\Program Files\Hijack This*.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the *Do a system scan and save a log file* button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijack This fix anything yet. Most of what it finds will be harmless or even required.


----------



## Mary_Anne (Jan 20, 2006)

Here is the Hijack This scan. I thought I had downloaded it before when I typed in Hijack This, but what I got was Spyware Cleaner... don't know if that's good or bad.
Logfile of HijackThis v1.99.1
Scan saved at 9:24:24 PM, on 3/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe
O9 - Extra 'Tools' menuitem: Tencent QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\qq\QQ.exe
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF1FC4D-D48C-42F6-9592-7B3598202027}: NameServer = 202.96.128.166 202.96.134.133
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

Your help is much appreciated.


----------



## Mary_Anne (Jan 20, 2006)

Here are the new scans. But I'm having doubts that cookies could wreak the kind of extremely malicious behavior that my computer has shown. Also I tried to access C:\Windows\Temp folder. It said the system cannot find the path.

Logfile of HijackThis v1.99.1
Scan saved at 1:15:42 AM, on 3/29/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINNT\System32\locator.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\WINNT\system32\FxRedir.EXE
C:\Program Files\Spyware Cleaner\SpywareCleaner.exe
D:\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: SpywareCleanerService - Secure Computer, LLC - C:\Program Files\Spyware Cleaner\SCService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup


----------



## Mary_Anne (Jan 20, 2006)

Bump


----------



## cybertech (Apr 16, 2002)

Mary_Anne said:


> Here is the Hijack This scan. I thought I had downloaded it before when I typed in Hijack This, but what I got was Spyware Cleaner... don't know if that's good or bad.


It's on the list of rogue anti-spyware applications. I would suggest you remove it.
http://www.spywarewarrior.com/rogue_anti-spyware.htm



Mary_Anne said:


> Also I tried to access C:\Windows\Temp folder. It said the system cannot find the path.


Your machine would be c:\winnt\temp

Have you loaded additional language capability to the machine?


----------



## Mary_Anne (Jan 20, 2006)

I deleted Spyware Cleaner for the second time.

You asked about language capability. I don't have it that I know of other than the English. When I get something in Chinese, it's all garbage, not clear Chinese characters. Could it be another language?

I tried to get into the temp file by typing what you suggested: C:\WINNT\temp and it didn't work. It says it "is not recognized as an internal or external command, operable program or batch file." I also tried C:\WINNT32\temp and that didn't work either. One more thing I tried was C:\WINNT\System32\temp...no luck. Any suggestions?

I went to the website Spywarewarrior as you suggested and downloaded CounterSpy, SpywareBlaster and Spybot. I went through a lot of nonsense and waited for a day and have finally been able to download SpywareGuard. 

How often should I update my firewall, anti-spyware, anti-virus, etc???

Is there anything I should be doing with the HJT log I included in my last posting?? I desperately want to get this trojan/virus out of my computer. I'd like to set the correct date in my laptop, but I'm afraid if I do that, all the problems will come back again.

Your help in these matters is GREATLY appreciated.

Mary_Anne


----------



## cybertech (Apr 16, 2002)

> I tried to get into the temp file by typing what you suggested: C:\WINNT\temp and it didn't work. It says it "is not recognized as an internal or external command, operable program or batch file." I also tried C:\WINNT32\temp and that didn't work either. One more thing I tried was C:\WINNT\System32\temp...no luck. Any suggestions?


I never suggested you do this, I was just trying to answer your question.

Download Cleanup from *Here* 

 A window will open and choose *SAVE*, then *DESKTOP* as the destination.
 On your Desktop, click on *Cleanup40.exe icon.*
 Then, click *RUN* and place a checkmark beside "*I Agree*"
 Then click *NEXT* followed by *START* and *OK.*
 A window will appear with many choices, *keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.*
 Click* OK*
 *DO NOT RUN IT YET*

Restart your computer into safe mode now. Perform the following steps in safe mode:

Run Cleanup: 
 Click on the "*Cleanup*" button and let it run.
 Once it's done, *close the program*.

Restart back into Windows normally now.

You should keep your anti-virus up to date daily, update other applications like Spybot before running a scan.


----------



## Mary_Anne (Jan 20, 2006)

I saw the part about going to the temp file and deleting files on a posting to "Lots of guests I can't get rid of" so I thought it would also help me. But I've been unable to find the temp folder.

I tried to backup my system before running Cleanup following instructions from a Microsoft website, but the CD says it can't be formatted, so it won't run. I tried a floppy disk and it keeps telling me to insert a disk which is already in. I took it out and put it in again, but I still can't make it work. So I wanted to try my MP3, but I don't know how to designate a drive for it to download. My A is a floppy, C is the hard drive, D is a new volume a friend set up a long time ago, and E is the CD/DVD drive. Can you give me some help on how to back it up so I can run the Cleanup program?

Thanks so much. I realize how difficult it is trying to help someone in this way, but you're doing a great job. And I'm learning a lot even though it takes me 10 times as long to do it as someone as experienced and capable as yourself.

Mary_Anne


----------



## Mary_Anne (Jan 20, 2006)

I asked a friend to come over and show me how to backup my system so I could run Cleanup312. We backed it up, but then my computer started showing signs of the virus I've had in it. And then it froze up. I hot booted it and went into the safe mode to run Cleanup...it said it had two files to take care of. So I took care of that. And the computer froze up again.
Today I went back and the computer froze again twice. I ran HJT and saw that the Spyware Cleaner was still there, so I checked that and had the program delete it. This is the result of the latest scan. I still don't know if the "internat.exe" file is legitimate or not. Do I need that for my system to run? Is there anything else here I should delete??
Logfile of HijackThis v1.99.1
Scan saved at 1:42:35 AM, on 4/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\locator.exe
C:\Program Files\cFos\cFosDNT.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Canon\MultiPASS\MPTBox.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\system32\internat.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\FxRedir.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [cFosDNT] C:\Program Files\cFos\cFosDNT.exe
O4 - HKLM\..\Run: [MP_STATUS_MONITOR] "C:\Program Files\Canon\MultiPASS\monitr32.exe" I
O4 - HKLM\..\Run: [MPTBox] "C:\Program Files\Canon\MultiPASS\MPTBox.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebiof5_3_16_0.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BAF1FC4D-D48C-42F6-9592-7B3598202027}: NameServer = 202.96.128.166 202.96.134.133
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: MPService - Canon Information Systems, Inc. - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe


----------



## cybertech (Apr 16, 2002)

Looks fine.

http://www.neuber.com/taskmanager/process/internat.exe.html


----------

