Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:24:33 PM, on 6/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti
-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\lcntnkdm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\DOCUME~1\kay\MYDOCU~1\YSTEM3~1\csrss.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\1-Click Answers\answers.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\?ymbols\j?vaw.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\DOCUME~1\kay\LOCALS~1\Temp\xrun.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Discussions - 24hoursupport.helpdesk | Google Groups
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo
.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Discussions - 24hoursupport.helpdesk | Google Groups
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}
- C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD}
- C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [{B7-70-0C-C5-DW}] C:\WINDOWS\system32\jmwnw64o.exe
DWram
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe
61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394
662EA4EBF968951185EFC412806867680AEDE604D64C2661377FE13FD97CB77
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\lcntnkdm.exe
DWram
O4 - HKLM\..\Run: [44bb706a] rundll32.exe
"C:\DOCUME~1\Guest\LOCALS~1\Temp\bnjwpsgn.dll",b
O4 - HKLM\..\Run: [BM478843f6] Rundll32.exe
"C:\WINDOWS\System32\olaqsmot.dll",s
O4 - HKLM\..\Run: [{413ef8d8-c742-cf15-7cd2-cdbd2826b72b}]
C:\WINDOWS\System32\Rundll32.exe
"C:\WINDOWS\System32\{dc891cfd-9472-97e1-f590-c549e90933d2}.dll"
DllStart
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Roan] "C:\DOCUME~1\kay\MYDOCU~1\YSTEM3~1\csrss.exe"
-vt yazb
O4 - HKCU\..\Run: [Zbnppg] "C:\Program Files\?ymbols\j?vaw.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntnkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64o.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click
Answers\answers.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file://C:\Program
Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F1100B5-8432-2BDA-F64F-2DBF65A3D5CA} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {0FA07125-6504-7440-EB46-53C961E6A56E} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitia
lSetup1.0.0.15-3.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} -
http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {2FA71096-D7EB-6709-C58F-5563598CE550} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} -
http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {47A731D1-93BD-136E-5D80-4997229071CD} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5B822B99-DA4B-4553-88CC-8DCA4E9C5656} (NtreevLauncher
Control) - http://www.trickster.co.kr/Control/NtreevLauncher.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {78943F1D-E2E4-32C2-4DA9-59391659CBF7} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {7AD0E5DF-8350-459D-F891-39BE4A5A847E} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} -
http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} -
http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/671
2/player/install/installer.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
http://download.spyspotter.com/spyspotter/sp3.02r/spyspottercabinstall.
cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 8783 bytes
Scan saved at 8:24:33 PM, on 6/8/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Grisoft\AVG Anti
-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\lcntnkdm.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\DOCUME~1\kay\MYDOCU~1\YSTEM3~1\csrss.exe
C:\Program Files\Svconr\Svconr.exe
C:\Program Files\1-Click Answers\answers.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe
C:\PROGRA~1\1-CLIC~1\agtserv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\?ymbols\j?vaw.exe
C:\WINDOWS\mrofinu.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\DOCUME~1\kay\LOCALS~1\Temp\xrun.exe
C:\WINDOWS\System32\mshta.exe
C:\WINDOWS\System32\dllhost.exe
C:\WINDOWS\System32\mdm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
Discussions - 24hoursupport.helpdesk | Google Groups
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo
.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Discussions - 24hoursupport.helpdesk | Google Groups
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName
=
R3 - URLSearchHook: Yahoo! Toolbar -
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D}
- C:\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL
O1 - Hosts: localhost 127.0.0.1
O3 - Toolbar: 1-Click Answers - {7754C418-F62E-44aa-B169-E719E718BCFD}
- C:\PROGRA~1\1-CLIC~1\IEToolbar\AnswersToolbarU.dll
O4 - HKLM\..\Run: [msnsyslog] C:\WINDOWS\msnappm.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG
Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [{B7-70-0C-C5-DW}] C:\WINDOWS\system32\jmwnw64o.exe
DWram
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe
61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C88332017491394
662EA4EBF968951185EFC412806867680AEDE604D64C2661377FE13FD97CB77
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\System32\lcntnkdm.exe
DWram
O4 - HKLM\..\Run: [44bb706a] rundll32.exe
"C:\DOCUME~1\Guest\LOCALS~1\Temp\bnjwpsgn.dll",b
O4 - HKLM\..\Run: [BM478843f6] Rundll32.exe
"C:\WINDOWS\System32\olaqsmot.dll",s
O4 - HKLM\..\Run: [{413ef8d8-c742-cf15-7cd2-cdbd2826b72b}]
C:\WINDOWS\System32\Rundll32.exe
"C:\WINDOWS\System32\{dc891cfd-9472-97e1-f590-c549e90933d2}.dll"
DllStart
O4 - HKCU\..\Run: [Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN
Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
/background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft
ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Roan] "C:\DOCUME~1\kay\MYDOCU~1\YSTEM3~1\csrss.exe"
-vt yazb
O4 - HKCU\..\Run: [Zbnppg] "C:\Program Files\?ymbols\j?vaw.exe"
O4 - HKCU\..\Run: [Svconr] C:\Program Files\Svconr\Svconr.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\\JavaCore\\JavaCore.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate]
C:\WINDOWS\System32\Macromed\Flash\FlashUtil9d.exe
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\lcntnkdm.exe
O4 - Startup: DW_Start.lnk = C:\WINDOWS\system32\jmwnw64o.exe
O4 - Global Startup: 1-Click Answers.lnk = C:\Program Files\1-Click
Answers\answers.exe
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search -
http://bar.mywebsearch.com/menusearch.html?p=ZCxdm127
O8 - Extra context menu item: &Translate English Word -
res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Answers... - file://C:\Program
Files\1-Click Answers\Html\atiemenu.htm
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page -
res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English -
res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -
C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.mmohsix.com
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {0F1100B5-8432-2BDA-F64F-2DBF65A3D5CA} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {0FA07125-6504-7440-EB46-53C961E6A56E} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine
Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/ZwinkyInitia
lSetup1.0.0.15-3.cab
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} -
http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} -
http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {2FA71096-D7EB-6709-C58F-5563598CE550} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
- C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3B0EA9E6-7003-4B38-B398-9B1B6DF439C5} -
http://download1.answers.com/pub/AnswersSetup.cab
O16 - DPF: {47A731D1-93BD-136E-5D80-4997229071CD} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by108fd.bay108.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {5B822B99-DA4B-4553-88CC-8DCA4E9C5656} (NtreevLauncher
Control) - http://www.trickster.co.kr/Control/NtreevLauncher.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) -
http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {78943F1D-E2E4-32C2-4DA9-59391659CBF7} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {7AD0E5DF-8350-459D-F891-39BE4A5A847E} -
http://85.255.114.166/1/rdgUS2516.exe
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} -
http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} -
http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} -
http://a532.g.akamai.net/f/532/6712/5m/virtools.download.akamai.com/671
2/player/install/installer.exe
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} -
http://download.spyspotter.com/spyspotter/sp3.02r/spyspottercabinstall.
cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer =
85.255.116.98 85.255.112.142
O20 - AppInit_DLLs:
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program
Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:\Program Files\Common
Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 8783 bytes