Hi LDTate,
Thanks for your prompt reply I hope you slept well.
I followed your directions.
The following happened after running Combofix.
During it's preparation of first scan log I got a blue screen with "Invalid_Kernel_Handle" error.
I had to turn off and reboot computer.
After reboot Combofix continued to prepare it's first log file.
I then restarted computer and ran Combofix again and produced another log file (without a blue screen error).
The two log files are below as well as a fresh HJT log.
Thanks again,
Kevin
ComboFix 08-10-24.02 - Kev2 2008-10-25 11:42:06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.504 [GMT 8:00]
Running from: C:\Documents and Settings\Kev2\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\IE4 Error Log.txt
C:\WINDOWS\system32\nvsvc32.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
-------\Legacy_TDSSSERV.SYS)
-------\Service_TDSSserv.sys)
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Documents and Settings\Kev2\Application Data\Malwarebytes
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 10:14 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 10:14 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:05 . 2008-10-23 18:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-22 21:57 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-22 21:57 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-30 14:41 . 2008-09-30 14:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-30 14:41 . 2008-09-30 14:41 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 03:33 --------- d-----w C:\Program Files\ESET
2008-10-23 07:07 --------- d-----w C:\Program Files\TrojanHunter 4.0
2008-10-22 15:50 --------- d-----w C:\Program Files\Privacy Guardian
2008-10-22 08:56 --------- d-----w C:\Documents and Settings\Aaron\Application Data\Azureus
2008-09-09 06:07 --------- d-----w C:\Program Files\LimeWire
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
.
------- Sigcheck -------
2008-04-14 08:12 14336 27c6d03bcdb8cfeb96b716f3d8be3e18 C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\svchost.exe
2004-08-04 06:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\svchost.exe
2004-08-04 06:56 14336 8f078ae4ed187aaabc0a305146de6716 C:\WINDOWS\system32\dllcache\svchost.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-20 949376]
"nwiz"="nwiz.exe" [2005-12-10 C:\WINDOWS\system32\nwiz.exe]
"Resume copy"="copyfstq.exe" [2006-01-31 C:\WINDOWS\copyfstq.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 22:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2004-09-02 14:47 1073664 C:\Program Files\TrojanHunter 4.0\THGuard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\GAMES\\Sierra\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"D:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"D:\\GAMES\\Warcraft III\\War3.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.netspace.net.au/
R0 -: HKLM-Main,Start Page = hxxp://myplace.westnet.com.au
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{76BE2ED5-B05A-412F-B1AE-66B8FC6176C5}: NameServer = 203.0.178.191
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-25 11:46:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\ESET\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
.
**************************************************************************
.
Completion time: 2008-10-25 11:48:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-25 03:48:05
Pre-Run: 6,652,301,312 bytes free
Post-Run: 6,613,487,616 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
131 --- E O F --- 2008-10-22 14:57:54
ComboFix 08-10-24.02 - Kev2 2008-10-25 12:07:59.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.501 [GMT 8:00]
Running from: C:\Documents and Settings\Kev2\Desktop\ComboFix.exe
* Resident AV is active
.
((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
.
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Documents and Settings\Kev2\Application Data\Malwarebytes
2008-10-25 10:14 . 2008-10-25 10:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-10-25 10:14 . 2008-10-22 16:10 38,496 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-10-25 10:14 . 2008-10-22 16:10 15,504 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-10-22 22:05 . 2008-10-23 18:57 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak
2008-10-22 21:57 . 2008-06-13 21:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-10-22 21:57 . 2008-06-13 21:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-09-30 14:41 . 2008-09-30 14:41 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-30 14:41 . 2008-09-30 14:41 1,409 --a------ C:\WINDOWS\QTFont.for
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-25 03:33 --------- d-----w C:\Program Files\ESET
2008-10-24 08:16 11,270 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2008-10-23 07:07 --------- d-----w C:\Program Files\TrojanHunter 4.0
2008-10-22 15:50 --------- d-----w C:\Program Files\Privacy Guardian
2008-10-22 08:56 --------- d-----w C:\Documents and Settings\Aaron\Application Data\Azureus
2008-09-15 11:57 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
2008-09-09 06:07 --------- d-----w C:\Program Files\LimeWire
2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
2008-08-20 05:33 667,648 ----a-w C:\WINDOWS\system32\wininet.dll
2008-08-14 10:00 2,180,352 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-08-14 09:22 2,057,728 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [2005-11-22 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 7311360]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 86016]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-08-20 949376]
"nwiz"="nwiz.exe" [2005-12-10 C:\WINDOWS\system32\nwiz.exe]
"Resume copy"="copyfstq.exe" [2006-01-31 C:\WINDOWS\copyfstq.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-12-10 22:57 133016 C:\Program Files\DAEMON Tools\daemon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\THGuard]
--a------ 2004-09-02 14:47 1073664 C:\Program Files\TrojanHunter 4.0\THGuard.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\StubInstaller.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\GAMES\\Sierra\\Counter-Strike\\cstrike.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\World of Warcraft\\WoW-2.0.6.6337-to-2.0.7.6383-enUS-downloader.exe"=
"D:\\World of Warcraft\\WoW-2.0.7.6383-to-2.0.8.6403-enUS-downloader.exe"=
"D:\\GAMES\\Warcraft III\\War3.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
R3 FA312;NETGEAR FA330/FA312/FA311 Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\FA312nd5.sys [2001-08-17 16074]
*Newly Created Service* - CATCHME
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.netspace.net.au/
R0 -: HKLM-Main,Start Page = hxxp://myplace.westnet.com.au
R1 -: HKCU-Internet Settings,ProxyOverride = <local>
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O17 -: HKLM\CCS\Interface\{76BE2ED5-B05A-412F-B1AE-66B8FC6176C5}: NameServer = 203.0.178.191
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-10-25 12:09:05
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-10-25 12:09:53
ComboFix-quarantined-files.txt 2008-10-25 04:09:51
ComboFix2.txt 2008-10-25 03:48:09
Pre-Run: 6,635,675,648 bytes free
Post-Run: 6,625,542,144 bytes free
103 --- E O F --- 2008-10-22 14:57:54
Logfile of HijackThis v1.99.1
Scan saved at 12:56:12 PM, on 25/10/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.netspace.net.au/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://myplace.westnet.com.au
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Resume copy] copyfstq.exe /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -
http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) -
http://upload.facebo...toUploader5.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) -
http://upload.facebo...toUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1137227749890
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{76BE2ED5-B05A-412F-B1AE-66B8FC6176C5}: NameServer = 203.0.178.191
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\WINDOWS\system32\nvsvc32.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe