MeDIeVaL
2007-09-19, 17:31
Early this day I've found my pc been infected by Win32:SdBot-4142 [Trj], Win32:Sdbot-4987 [Trj] and Win32:Delf-PZ [Trj]. Win32:Delf-PZ [Trj] pick up by avast! On Access scanner and both SdBot by avast! bootscan. There's 2 more that avast! can pick it up and I've upload it here... http://www dot geocities dot com / solutem / virus dot zip (11/32 in VirusTotal) and http://www dot geocities dot com / solutem / m2n1 dot zip (15/32 in VirusTotal). I've done all the neccessary step to get back my Registry Editor, Task Manager and Folder Option. Only 1 left that I can't find a way to recover, my turn off button. So anyone have an idea please help me to get it back...
MeDIeVaL
2007-09-19, 17:34
avast! bootscan log...
09/19/2007 00:26
Scan of all local drives
File C:\WINDOWS\system32\Isass.exe is infected by Win32:SdBot-4142 [Trj], Moved to chest
File C:\WINDOWS\system32\vvbwfjkq.exe is infected by Win32:SdBot-4142 [Trj], Moved to chest
Number of searched folders: 1416
Number of tested files: 12678
Number of infected files: 2
----------------------------------------
09/19/2007 11:56
Scan of all local drives
File C:\System Volume Information\_restore{230C2C9F-9B90-4D23-AA38-525DEEC88D61}\RP12\A0003251.exe is infected by Win32:SdBot-4142 [Trj], Moved to chest
File C:\System Volume Information\_restore{230C2C9F-9B90-4D23-AA38-525DEEC88D61}\RP12\A0003252.exe is infected by Win32:SdBot-4142 [Trj], Moved to chest
File C:\WINDOWS\system32\dxdllreg.exe\[UPX] is infected by Win32:Delf-PZ [Trj], Moved to chest
File C:\WINDOWS\system32\ke1.exe is infected by Win32:Sdbot-4987 [Trj], Moved to chest
File C:\WINDOWS\system32\ne1.exe is infected by Win32:Sdbot-4988 [Trj], Moved to chest
Number of searched folders: 3271
Number of tested files: 86904
Number of infected files: 5
----------------------------------------
09/19/2007 15:51
Scan of all local drives
Number of searched folders: 2771
Number of tested files: 61089
Number of infected files: 0
----------------------------------------
09/19/2007 18:53
Scan of all local drives
Number of searched folders: 2889
Number of tested files: 80060
Number of infected files: 0
ComboFix log...
ComboFix 07-08-17.2 - "Owner" 2007-09-19 20:41:44.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.72 [GMT 8:00]
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\pthreadVC.dll
C:\WINDOWS\system32\wpcap.dll
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_NPF
-------\NPF
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
2007-09-19 20:41 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-19 17:55 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-09-19 17:54 <DIR> d-------- C:\DOCUME~1\Owner\.housecall6.6
2007-09-19 16:47 81,768 --a------ C:\WINDOWS\system32\xinput1_3.dll
2007-09-19 16:47 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2007-09-19 16:47 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2007-09-19 16:47 3,727,720 --a------ C:\WINDOWS\system32\d3dx9_35.dll
2007-09-19 16:47 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
2007-09-19 16:47 267,112 --a------ C:\WINDOWS\system32\xactengine2_9.dll
2007-09-19 16:47 266,088 --a------ C:\WINDOWS\system32\xactengine2_8.dll
2007-09-19 16:47 18,280 --a------ C:\WINDOWS\system32\x3daudio1_2.dll
2007-09-19 16:47 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2007-09-19 16:47 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2007-09-19 16:46 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2007-09-19 16:46 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2007-09-19 16:46 3,495,784 --a------ C:\WINDOWS\system32\d3dx9_33.dll
2007-09-19 16:46 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-09-19 16:46 261,480 --a------ C:\WINDOWS\system32\xactengine2_7.dll
2007-09-19 16:46 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-09-19 16:46 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2007-09-19 16:46 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2007-09-19 16:46 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2007-09-19 16:46 2,414,360 --a------ C:\WINDOWS\system32\d3dx9_31.dll
2007-09-19 16:46 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2007-09-19 16:46 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll
2007-09-19 16:46 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2007-09-19 16:36 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-19 16:34 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\SUPERAntiSpyware.com
2007-09-19 16:20 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2007-09-19 13:14 401,720 --a------ C:\Program Files\HiJackThis.exe
2007-09-19 11:52 <DIR> d-------- C:\Program Files\Process Explorer
2007-09-19 11:50 <DIR> d-------- C:\Program Files\Windows Defender
2007-09-19 11:35 <DIR> d-------- C:\DOCUME~1\Owner\APPLIC~1\DMCache
2007-09-19 10:31 <DIR> d-------- C:\Program Files\MTV Networks
2007-09-19 10:20 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2007-09-19 10:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2007-09-19 10:19 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2007-09-19 10:12 <DIR> d-------- C:\WINDOWS\Prefetch
2007-09-19 07:57 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-09-19 07:29 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-19 07:29 <DIR> d-------- C:\WINDOWS\peernet
2007-09-19 07:27 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-19 07:22 <DIR> d-------- C:\WINDOWS\EHome
2007-09-19 06:54 3,072 --a------ C:\WINDOWS\system32\drivers\audstub.sys
2007-09-19 06:53 6,144 -ra------ C:\WINDOWS\system32\kbdtuq.dll
2007-09-19 06:53 6,144 -ra------ C:\WINDOWS\system32\kbdtuf.dll
2007-09-19 06:53 57,472 --a------ C:\WINDOWS\system32\drivers\redbook.sys
2007-09-19 06:53 5,632 -ra------ C:\WINDOWS\system32\kbdmon.dll
2007-09-19 06:53 5,632 -ra------ C:\WINDOWS\system32\kbdkyr.dll
2007-09-19 06:53 5,632 -ra------ C:\WINDOWS\system32\kbdazel.dll
2007-09-19 06:53 5,504 --a------ C:\WINDOWS\system32\drivers\intelide.sys
2007-09-19 06:53 <DIR> dr------- C:\Program Files
2007-09-19 06:53 <DIR> d-------- C:\Program Files\Common Files\SpeechEngines
2007-09-19 06:53 <DIR> d-------- C:\Program Files\Common Files\ODBC
2007-09-19 06:52 9,936 --a------ C:\WINDOWS\system\LZEXPAND.DLL
2007-09-19 06:52 9,008 --a------ C:\WINDOWS\system\VER.DLL
2007-09-19 06:52 85,020 --a------ C:\WINDOWS\system32\dgsetup.dll
2007-09-19 06:52 82,944 --a------ C:\WINDOWS\system\OLECLI.DLL
2007-09-19 06:52 8,704 --a------ C:\WINDOWS\system32\batt.dll
2007-09-19 06:52 8,192 -ra------ C:\WINDOWS\system32\kbdhept.dll
2007-09-19 06:52 74,752 --a------ C:\WINDOWS\system32\storprop.dll
2007-09-19 06:52 7,168 -ra------ C:\WINDOWS\system32\kbdcz.dll
2007-09-19 06:52 69,584 --a------ C:\WINDOWS\system\AVICAP.DLL
2007-09-19 06:52 69,120 --a------ C:\WINDOWS\notepad.exe
2007-09-19 06:52 68,768 --a------ C:\WINDOWS\system\mmsystem.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdycl.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdsl1.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdsl.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdpl.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdhu.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdhela3.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdcz2.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdcz1.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\kbdcr.dll
2007-09-19 06:52 6,656 -ra------ C:\WINDOWS\system32\KBDAL.DLL
2007-09-19 06:52 6,144 -ra------ C:\WINDOWS\system32\kbdlv1.dll
2007-09-19 06:52 6,144 -ra------ C:\WINDOWS\system32\kbdlv.dll
2007-09-19 06:52 6,144 -ra------ C:\WINDOWS\system32\kbdhela2.dll
2007-09-19 06:52 6,144 -ra------ C:\WINDOWS\system32\kbdgkl.dll
2007-09-19 06:52 6,144 -ra------ C:\WINDOWS\system32\kbdest.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdro.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdpl1.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdlt1.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdlt.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdhu1.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdhe319.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdhe220.dll
2007-09-19 06:52 5,632 -ra------ C:\WINDOWS\system32\kbdhe.dll
2007-09-19 06:52 5,120 --a------ C:\WINDOWS\system\SHELL.DLL
2007-09-19 06:52 32,816 --a------ C:\WINDOWS\system\COMMDLG.DLL
2007-09-19 06:52 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-09-19 06:52 24,064 --a------ C:\WINDOWS\system\OLESVR.DLL
2007-09-19 06:52 19,200 --a------ C:\WINDOWS\system\TAPI.DLL
2007-09-19 06:52 176,157 --a------ C:\WINDOWS\system32\dgrpsetu.dll
2007-09-19 06:52 15,360 --a------ C:\WINDOWS\TASKMAN.EXE
2007-09-19 06:52 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-09-19 06:52 126,912 --a------ C:\WINDOWS\system\MSVIDEO.DLL
2007-09-19 06:52 11,264 --a------ C:\WINDOWS\system32\drivers\irenum.sys
2007-09-19 06:52 109,456 --a------ C:\WINDOWS\system\AVIFILE.DLL
2007-09-19 06:52 103,424 --a------ C:\WINDOWS\system32\EqnClass.Dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-09-19 20:38 4172 --a------ C:\Program Files\hijackthis.log
2007-09-19 07:31 3488 --a------ C:\WINDOWS\pchealth\HelpCtr\PackageStore\SkuStore.bin
2007-09-19 07:30 9492 --a------ C:\WINDOWS\pchealth\HelpCtr\Config\Cntstore.bin
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:18 207736 --a------ C:\WINDOWS\system32\muweb.dll
2007-06-26 14:08 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 21:31 282112 --a------ C:\WINDOWS\system32\gdi32.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="-C:\WINDOWS\System32\igfxtray.exe" []
"HotKeysCmds"="-C:\WINDOWS\System32\hkcmd.exe" []
"%FP%TM Net fts.exe"="-C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe" []
"PCMService"="-C:\Program Files\Dell\Media Experience\PCMService.exe" []
"avast!"="C:\Program Files\Alwil Software\Avast4\ashDisp.exe" [2007-09-06 18:06]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime
R3 PPPoEWin;PPPoEWin Miniport;C:\WINDOWS\system32\DRIVERS\PPPoEWin.SYS
Contents of the 'Scheduled Tasks' folder
2007-09-18 16:18:27 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-09-19 11:12:44 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-19 20:44:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-09-19 20:46:44 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-19 20:46
--- E O F ---
MeDIeVaL
2007-09-19, 17:37
Latest HijackThis log...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:36:05 PM, on 9/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O4 - HKLM\..\Run: [IgfxTray] -C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] -C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] -"C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [PCMService] -"C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\RunOnce: [KB926239] rundll32.exe apphelp.dll,ShimFlushCache
O4 - HKCU\..\RunOnce: [MPlayer2_FixUp] C:\WINDOWS\inf\unregmp2.exe /Fixups
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1190129766046
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1190129905218
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u2-windows-i586-jc.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7847829E-A45C-4373-8A1A-88553C858F04}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 5638 bytes