Thanks Tigger93
There was a huge improvement in my programs. They started without their annoying arguments. It stayed good for the night (without browsing)
However today Kaspersky caught this hidden data
<<<<<
Process C:\Program Files\Internet Explorer\IEXPLORE.EXE (PID: 3100) is trying to send data using a trusted application.
Intended address:
http://alphase.net/index.htmData:
>>>>>
by
C:\Program Files\Internet Explorer\IEXPLORE.EXE
but I finally got the guts to ask Kaspersky to quarantine IE! and since then IE works fine till now and no hiddn data attempts!!??
Anyways here are thlkogs you asked for:
ComboFix 07-08-17.2 - "M.SifedDin" 2007-08-25 1:03:27.1 -
FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1256.20.1033.18.132 [GMT 3:00]
Command switches used :: and Settings\M.SifedDin\Desktop\ComboFix.exe
* Created a new restore point
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\WINDOWS\system32\drivers\symavc32.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_IPRIP
-------\LEGACY_LMSTAZNB
-------\LEGACY_RUNTIME
-------\LEGACY_SYMAVC32
-------\LEGACY_UJUK51
-------\Iprip
-------\lmstaznb
((((((((((((((((((((((((( Files Created from 2007-07-24 to 2007-08-24 )))))))))))))))))))))))))))))))
2007-08-25 00:28 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-08-24 18:37 <DIR> d-------- C:\Program Files\Bulk Rename Utility
2007-08-24 11:50 <DIR> d-------- C:\Program Files\XYplorer
2007-08-24 03:42 3,623,736 --a------ C:\WINDOWS\procexp.exe
2007-08-24 02:22 <DIR> d-------- C:\Program Files\NetMeter
2007-08-22 13:23 <DIR> d-------- C:\Program Files\RFA Platinum
2007-08-22 00:33 <DIR> d-------- C:\VundoFix Backups
2007-08-19 19:54 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-08-19 19:54 <DIR> d-------- C:\WINDOWS\system32\ReinstallBackups
2007-08-19 19:53 <DIR> d-------- C:\Program Files\ATI Technologies
2007-08-19 19:49 <DIR> d-------- C:\ATI
2007-08-15 14:58 <DIR> d-------- C:\Temp
2007-08-13 18:43 <DIR> d-------- C:\Program Files\ieSpell
2007-08-13 17:40 <DIR> d-------- C:\Program Files\Opera
2007-08-13 13:28 <DIR> d-------- C:\Program Files\Mozilla Thunderbird
2007-08-11 17:32 10 --a------ C:\WINDOWS\popcinfo.dat
2007-08-10 11:40 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-08-10 11:40 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-08-10 11:40 639,066 --a------ C:\WINDOWS\system32\divx.dll
2007-08-10 11:40 630,784 --a------ C:\WINDOWS\system32\vp7vfw.dll
2007-08-10 11:40 558,592 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-08-10 11:40 438,272 --a------ C:\WINDOWS\system32\vp6vfw.dll
2007-08-10 11:40 39,936 --a------ C:\WINDOWS\system32\huffyuv.dll
2007-08-10 11:40 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-08-10 11:40 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-08-10 11:40 217,088 --a------ C:\WINDOWS\system32\i420vfw.dll
2007-08-10 11:40 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-08-10 11:40 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-08-10 11:40 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-08-10 11:40 144,384 --a------ C:\WINDOWS\system32\Iacenc.dll
2007-08-10 11:40 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2007-08-10 11:40 1,565,480 --a------ C:\WINDOWS\system32\wmv9vcm.dll
2007-08-10 11:40 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-08-10 11:40 <DIR> d-------- C:\Program Files\Codec Pack
2007-08-08 18:22 82,258 --a------ C:\WINDOWS\system32\drivers\klin.dat
2007-08-08 18:22 82,258 --a------ C:\WINDOWS\system32\drivers\klick.dat
2007-08-08 18:21 155,648 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2007-08-08 18:21 1,824 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2007-08-08 18:21 <DIR> d-------- C:\Program Files\Kaspersky Lab
2007-08-07 17:24 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-08-03 17:49 0 --a------ C:\WINDOWS\system32\sys_dll.dll
2007-07-31 12:48 168,960 --a------ C:\WINDOWS\system32\drivers\Ujuk51.sys
2007-07-31 12:47 14,208 --a------ C:\WINDOWS\system32\drivers\dbifuaus.sys
2007-07-31 12:46 83,339 --a------ C:\WINDOWS\system32\mqgent.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-08-25 01:25 3116 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2007-08-25 01:25 1244 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2007-08-24 13:58 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\ieSpell
2007-08-23 10:13 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Thunderbird
2007-08-23 10:13 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Talkback
2007-08-10 14:49 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Media Player Classic
2007-08-10 11:40 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\Real
2007-07-21 12:43 --------- d-------- C:\Program Files\CDisplay
2007-07-03 16:20 --------- d-------- C:\Program Files\ACD
2007-07-01 22:54 --------- d-------- C:\DOCUME~1\M9648~1.SIF\APPLIC~1\.BitTornado
2007-06-28 12:51 206088 --a------ C:\WINDOWS\system32\klogon.dll
2007-06-28 12:50 22457 --a------ C:\WINDOWS\system32\drivers\klop.dat
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{314E610A-0ED8-4834-BAB5-34F9F576E0D9}]
c:\windows\system32\nabfnab.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4}]
2004-08-04 07:00 83339 --a------ C:\WINDOWS\system32\mqgent.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2006-11-17 05:42 C:\WINDOWS\soundman.exe]
"InCD"="C:\Program Files\Nero\Nero 7\InCD\InCD.exe" [2007-08-10 09:03]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-06-28 12:51]
"rfagent"="C:\Program Files\RFA Platinum\rfagent.exe" [2007-04-14 16:40]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25]
"Bandwidth Monitor Pro"="C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" [2007-03-09 19:26]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32]
"µTorrent"="D:\uTorrent\utorrent.exe" [2007-07-26 09:51]
"uTorrent"="D:\uTorrent\utorrent.exe" [2007-07-26 09:51]
C:\Documents and Settings\M.SifedDin\Start Menu\Programs\Startup\
Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe [2004-08-04 07:00:00]
Process Explorer.lnk - C:\WINDOWS\procexp.exe [2007-08-24 03:42:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
GetRight - Tray Icon.lnk - C:\Program Files\GetRight\getright.exe [2007-08-13 12:15:56]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoBandCustomize"=0 (0x0)
"NoMovingBands"=0 (0x0)
"NoCloseDragDropBands"=0 (0x0)
"NoToolbarsOnTaskbar"=0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\aklspafm]
nabfnab.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys
R3 LVHybrid;LVHybrid service;C:\WINDOWS\system32\DRIVERS\LVHybrid.sys
S2 Ca536av;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca536av.sys
S2 dsejezjm;TCP/IP Protocol Controller;C:\WINDOWS\System32\svchost.exe -k netsvcs
S3 FETNDISB;D-Link PCI Fast Ethernet Adapter Driver Service;C:\WINDOWS\system32\DRIVERS\dlkfet5b.sys
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe -k p2psvc
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk536.sys
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc p2psvc p2pimsvc p2pgasvc PNRPSvc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
dsejezjm
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\P]
AutoRun\command- P:\Autorun.exe
Contents of the 'Scheduled Tasks' folder
2007-08-24 21:00:08 C:\WINDOWS\Tasks\At1.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 22:00:04 C:\WINDOWS\Tasks\At2.job
2007-08-23 23:00:02 C:\WINDOWS\Tasks\At3.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 00:00:02 C:\WINDOWS\Tasks\At4.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 01:00:02 C:\WINDOWS\Tasks\At5.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 02:00:02 C:\WINDOWS\Tasks\At6.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 03:00:02 C:\WINDOWS\Tasks\At7.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 04:00:02 C:\WINDOWS\Tasks\At8.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 05:00:02 C:\WINDOWS\Tasks\At9.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 06:00:02 C:\WINDOWS\Tasks\At10.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 07:00:02 C:\WINDOWS\Tasks\At11.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 08:00:02 C:\WINDOWS\Tasks\At12.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 09:00:02 C:\WINDOWS\Tasks\At13.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 10:00:02 C:\WINDOWS\Tasks\At14.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 11:00:02 C:\WINDOWS\Tasks\At15.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 12:00:02 C:\WINDOWS\Tasks\At16.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 13:00:02 C:\WINDOWS\Tasks\At17.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 14:00:02 C:\WINDOWS\Tasks\At18.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 15:00:02 C:\WINDOWS\Tasks\At19.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 16:00:02 C:\WINDOWS\Tasks\At20.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 17:00:02 C:\WINDOWS\Tasks\At21.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 18:00:06 C:\WINDOWS\Tasks\At22.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 19:00:02 C:\WINDOWS\Tasks\At23.job - C:\WINDOWS\system32\5od3D270.exe
2007-08-24 20:00:02 C:\WINDOWS\Tasks\At24.job - C:\WINDOWS\system32\5od3D270.exe
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2007-08-25 01:27:18
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-08-25 1:30:48 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-08-25 01:30
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 20:29:45, on 2007-08-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe
D:\uTorrent\utorrent.exe
C:\WINDOWS\procexp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ACD\ACDSEE\ACDSEE.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\GetRight\GETRIGHT.EXE
C:\Program Files\Speak\speak.exe
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {314E610A-0ED8-4834-BAB5-34F9F576E0D9} - c:\windows\system32\nabfnab.dll (file missing)
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {9CA965B6-8ABA-4D8E-9E4F-3A487B1EBEE4} - C:\WINDOWS\system32\mqgent.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [rfagent] "C:\Program Files\RFA Platinum\rfagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Bandwidth Monitor Pro] "C:\Program Files\Bandwidth Monitor Pro\Bandwidth Monitor Pro.exe" /minimized
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [µTorrent] "D:\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\uTorrent\utorrent.exe"
O4 - Startup: Task Manager.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Startup: Process Explorer.lnk = C:\WINDOWS\procexp.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe
O4 - Global Startup: Volume Control.lnk = C:\WINDOWS\system32\sndvol32.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS1\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O17 - HKLM\System\CS2\Services\Tcpip\..\{07A9E226-B06B-4030-84A3-882D49B66908}: NameServer = 194.79.113.30,194.79.96.10
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: aklspafm - nabfnab.dll (file missing)
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 7.0 (avp) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r (file missing)
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SNMP Service (SNMP) - Unknown owner - C:\WINDOWS\System32\snmp.exe (file missing)
O23 - Service: SNMP Trap Service (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe