sorry before reading your reply i downloaded avenger and managed to get rid of it
this is my SUPERAntiSpyware Scan Log and HijackThis log.
SUPERAntiSpyware Scan Log
http://www.superantispyware.comGenerated 04/28/2007 at 09:22 PM
Application Version : 3.7.1018
Core Rules Database Version : 3227
Trace Rules Database Version: 1238
Scan type : Complete Scan
Total Scan Time : 03:25:47
Memory items scanned : 352
Memory threats detected : 0
Registry items scanned : 5492
Registry threats detected : 20
File items scanned : 119168
File threats detected : 160
Trojan.Zlob Variant
HKU\S-1-5-21-527237240-1060284298-854245398-500\Software\Classes\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKCR\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
HKCR\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32
HKCR\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}\InProcServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\WIATWAIN.DLL
HKCR\CLSID\{C1A2FDA2-2A5B-2C8A-F2A2-BA2DB3A2C31C}
Adware.Tracking Cookie
C:\Documents and Settings\Administrator\Cookies\ibm@hitbox[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[3].txt
C:\Documents and Settings\Administrator\Cookies\ibm@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@burstnet[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@mb[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adtech[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@a[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@tradedoubler[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@teamtalkmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@zedo[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@34292599[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@kanoodle[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adbrite[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@58248251[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@advertising[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@mb[3].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adinterax[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@bluestreak[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@webstat[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[8].txt
C:\Documents and Settings\Administrator\Cookies\ibm@roiservice[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adrevolver[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@247realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@hardwarezone[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@serving-sys[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@fastclick[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@44279307[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@tripod[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@73599386[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@fortunecity[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@73403369[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@secom[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@specificclick[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@stats[3].txt
C:\Documents and Settings\Administrator\Cookies\ibm@crackserialkeygen[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@mscracks[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@hotlog[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@gostats[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@revsci[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[5].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@usenext[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@nextstat[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@1069878431[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@screensavers[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@weborama[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@spylog[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@coolsavings[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[6].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@xiti[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@1072682837[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@adecn[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@mb[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cgi-bin[7].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@yadro[2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\
[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@warlog[1].txt
C:\Documents and Settings\Administrator\Cookies\ibm@cracks[2].txt
C:\Documents and Settings\Administrator\Cookies\ibm@stats[1].txt
Trojan.Unknown Origin
HKLM\SOFTWARE\Microsoft\MSSMGR
HKLM\SOFTWARE\Microsoft\MSSMGR#Data
HKLM\SOFTWARE\Microsoft\MSSMGR#LSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#Brnd
HKLM\SOFTWARE\Microsoft\MSSMGR#MSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#PID
HKLM\SOFTWARE\Microsoft\MSSMGR#Rid
HKLM\SOFTWARE\Microsoft\MSSMGR#LID
HKLM\SOFTWARE\Microsoft\MSSMGR#SCLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#SSLIST
HKLM\SOFTWARE\Microsoft\MSSMGR#BSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#BPTV
HKLM\SOFTWARE\Microsoft\MSSMGR#PSTV
HKLM\SOFTWARE\Microsoft\MSSMGR#SSTV
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\WIN2F.TMP.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\BN1VZDKW\ANTZOM[1].EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\SZB7YSHH\XC60[1].EXE
Trojan.Security Toolbar
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.url
C:\Documents and Settings\All Users\Start Menu\Security Troubleshooting.url
Adware.AdSponsor
HKCR\AppId\{73364D99-1240-4dff-B12A-67E448373148}
Trace.Known Threat Sources
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SZB7YSHH\text[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0HUJG5MV\text[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3Q0JB58D\cmd[1].htm
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ML3CXKR2\text[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CRGXQB01\installer[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\ML3CXKR2\installer[1].exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2LL6J69S\text[1].dat
Logfile of HijackThis v1.99.1
Scan saved at 3:48:00 AM, on 4/29/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe /server"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [EPSON Stylus C65 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3S2.EXE /P23 "EPSON Stylus C65 Series" /O5 "LPT1:" /M "Stylus C65"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - file://C:\Program Files\Support.com\bin\IBMAccessSupport\common\install\ibmegath.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) -
http://www.imgag.com...tall/AxCtp2.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2A2B641E-0325-4904-BEB3-84EF98BA8665}: NameServer = 203.92.64.194,202.156.1.68
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe