Corrine,
Here is the latest COMBOFIX log abd HIJACKTHIS. Let me know if there is anything else we need to do. Thanks for the help,
Brian
COMBOFIX:
ComboFix 08-05-01.3 - Brian Persall 2008-05-12 20:28:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.587 [GMT -5:00]
Running from: C:\Documents and Settings\Brian Persall\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Brian Persall\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\crash.dmp
C:\WINDOWS\Fonts\FontsInst.vbs
C:\WINDOWS\Fonts\mmc.exe
C:\WINDOWS\Fonts\verdanaz._ttf
C:\WINDOWS\Fonts\webdings._ttf
C:\WINDOWS\ODBCNFG.INI
C:\WINDOWS\system32\286691527A.sys
C:\WINDOWS\system32\winrmj32.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\crash.dmp
C:\WINDOWS\Fonts\FontsInst.vbs
C:\WINDOWS\Fonts\mmc.exe
C:\WINDOWS\Fonts\verdanaz._ttf
C:\WINDOWS\Fonts\webdings._ttf
C:\WINDOWS\ODBCNFG.INI
C:\WINDOWS\system32\286691527A.sys
C:\WINDOWS\system32\SoftwareDistribution32
C:\WINDOWS\system32\SoftwareDistribution32\cour._ttf
C:\WINDOWS\system32\SoftwareDistribution32\mmc.exe
C:\WINDOWS\system32\winrmj32.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_DComEx
-------\Service_DComEx
((((((((((((((((((((((((( Files Created from 2008-04-13 to 2008-05-13 )))))))))))))))))))))))))))))))
.
2008-05-11 18:20 . 2008-05-11 18:20 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-11 18:20 . 2008-05-11 18:20 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-08 19:31 . 2008-05-12 20:19 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\NtUser.dat.LOG
2008-05-05 16:46 . 2008-05-05 21:55 <DIR> d-------- C:\WINDOWS\BounceBack
2008-05-05 16:22 . 2007-08-31 12:39 10,240 --a------ C:\WINDOWS\system32\drivers\portd64.sys
2008-05-04 19:41 . 2008-05-04 20:30 13 --a------ C:\WINDOWS\system32\WinSys32.crc
2008-05-04 19:40 . 2004-11-22 20:56 913,560 --a------ C:\WINDOWS\system32\wodFtpDLX.ocx
2008-05-04 19:40 . 1999-03-22 12:29 233,472 --a------ C:\WINDOWS\system32\Ilda32.dll
2008-05-04 19:40 . 1998-06-17 04:00 18,944 --a------ C:\WINDOWS\system32\BORLNDMM.DLL
2008-05-02 19:59 . 2008-05-02 19:59 <DIR> d-------- C:\Kaspersky
2008-05-02 19:55 . 2008-05-02 19:55 <DIR> d-------- C:\quarantine
2008-05-01 22:39 . 2008-05-01 22:39 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-01 22:39 . 2008-05-02 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-01 16:16 . 2008-05-01 16:14 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-01 16:14 . 2008-05-01 16:35 <DIR> d-------- C:\Documents and Settings\Brian Persall\.housecall6.6
2008-04-29 19:28 . 2008-04-29 19:46 <DIR> d-------- C:\Documents and Settings\Brian Persall\k5nCal
2008-04-28 21:21 . 2008-04-28 21:21 <DIR> d-------- C:\Documents and Settings\Brian Persall\Application Data\Uniblue
2008-04-27 19:21 . 2008-05-05 15:47 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-04-27 19:21 . 2008-05-05 15:43 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-27 15:53 . 2008-04-27 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HotSync
2008-04-27 15:49 . 2008-04-27 15:49 <DIR> d-------- C:\Documents and Settings\Brian Persall\Application Data\HotSync
2008-04-22 09:50 . 2008-04-22 09:50 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-04-18 15:55 . 2008-04-18 15:55 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-04-14 18:24 . 2008-04-14 18:24 <DIR> d-------- C:\Documents and Settings\Brian Persall\Application Data\Northwoods Software
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 00:55 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-10 01:52 --------- d-----w C:\Documents and Settings\Brian Persall\Application Data\Skype
2008-05-09 21:05 --------- d-----w C:\Documents and Settings\Brian Persall\Application Data\skypePM
2008-05-05 21:22 --------- d-----r C:\Program Files\CMS Products
2008-05-05 01:54 --------- d-----w C:\Documents and Settings\Brian Persall\Application Data\FileZilla
2008-05-05 01:26 --------- d-----w C:\Program Files\CoffeeCup Software
2008-05-03 12:55 --------- d-----w C:\Documents and Settings\Brian Persall\Application Data\U3
2008-04-30 20:26 --------- d-----w C:\Program Files\FileZilla FTP Client
2008-04-27 20:53 --------- d-----w C:\Program Files\Palm
2008-04-27 20:51 53,248 ----a-w C:\WINDOWS\PalmDevC.dll
2008-04-27 20:51 16,694 ----a-w C:\WINDOWS\system32\drivers\PalmUSBD.sys
2008-04-04 03:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sage Software SB, Inc
2008-04-03 00:06 --------- d-----w C:\Documents and Settings\Brian Persall\Application Data\Sprint
2008-04-03 00:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sprint
2008-04-02 23:58 --------- d-----w C:\Program Files\Sprint
2008-04-02 23:58 --------- d-----w C:\Program Files\Sierra Wireless
2008-04-02 23:58 --------- d-----w C:\Program Files\Common Files\Research in Motion
2008-04-02 23:58 --------- d-----w C:\Program Files\Common Files\Motorola Shared
2008-04-02 04:29 24,320 ------w C:\Documents and Settings\Brian Persall\Application Data\GDIPFONTCACHEV1.DAT
2008-03-27 23:49 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-06 21:41 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
2007-11-18 18:17 31 -c----w C:\Documents and Settings\Brian Persall\RUNME.bat
.
(((((((((((((((((((((((((((((
snapshot@2008-05-08_19.45.38.29 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-09 00:33:29 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 01:32:43 2,048 ----a-w C:\WINDOWS\bootstat.dat
+ 2005-10-21 01:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2005-05-24 17:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2007-08-29 20:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2007-08-29 20:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-05-09 00:34:22 1,734 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2008-05-13 01:33:50 1,734 ----a-w C:\WINDOWS\system32\KGyGaAvL.sys
+ 2008-05-13 01:32:51 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_2a0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 10:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 10:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 10:36 114688]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-12-07 03:02 77824]
"Act! Preloader"="C:\Program Files\ACT\ACT for Windows\Act8.exe" [2006-04-05 18:30 1015808]
"ICF"="C:\Program Files\Internet Content Filter\SafeEyes.exe" [2007-06-05 11:17 1237504]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 12:19 819200]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 12:17 970752]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"FIREBOX"="C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe" [2005-01-28 17:04 1003520]
"Sprint SmartView"="C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" [2008-03-10 09:09 17672]
C:\Documents and Settings\Brian Persall\Start Menu\Programs\Startup\
BounceBack Launcher.lnk - C:\Program Files\CMS Products\BounceBack Professional\BBStartup.exe [2008-05-05 16:22:28 40960]
PowerReg Scheduler.exe [2007-12-07 02:52:31 233472]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-03-27 18:49:40 113664]
Dataviz Messenger.lnk - C:\WINDOWS\DvzCommon\DvzMsgr.exe [2003-07-01 22:16:46 24576]
HOTSYNCSHORTCUTNAME.lnk - C:\Program Files\Palm\HOTSYNC.EXE [2004-06-09 14:27:34 471040]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winrmj32]
winrmj32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"midi1"= xgusb.cpl
"midi5"= xgusb.cpl
"midi8"= xgusb.cpl
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\ACT\\ACT for Windows\\Act8.exe"=
"C:\\Program Files\\Palm\\HOTSYNC.EXE"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"C:\\Program Files\\FreshDevices\\FreshDownload\\fdgo.exe"=
"C:\\Program Files\\Internet Content Filter\\Pop3Proxy.exe"=
"C:\\Program Files\\Harman Pro\\System Architect 1.60\\SystemArchitect.exe"=
"C:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"2078:TCP"= 2078:TCP:brianpersall.com
"2077:TCP"= 2077:TCP:brianpersall.com
R2 BBWatcherService;BBWatcherService;"C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe" [2008-01-04 09:46]
R2 MSSQL$ACT7;MSSQL$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe [2003-05-31 19:02]
R2 NeatReceipts Database Controller;NeatReceipts Database Controller;"C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe" [2008-02-05 14:03]
R2 SQLWriter;SQL Server VSS Writer;"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [2007-02-10 06:29]
R3 Nmea;Sprint Connection Manager - emulates the NMEA ports;C:\WINDOWS\system32\DRIVERS\pctnullport.sys [2008-03-05 15:41]
R3 NWADI;NWADI Bus Enumerator;C:\WINDOWS\system32\DRIVERS\NWADIenum.sys [2007-04-19 12:09]
R3 portio;CMS Openfile Service;C:\WINDOWS\system32\DRIVERS\portd64.sys [2007-08-31 12:39]
R3 swmsflt;swmsflt;C:\WINDOWS\system32\drivers\swmsflt.sys [2008-03-05 15:41]
S3 MSSQL$NR2007;SQL Server (NR2007);"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sNR2007 []
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2007-11-15 19:40]
S3 ps_1394;ps_1394;C:\WINDOWS\system32\Drivers\ps_1394.sys [2004-10-14 16:33]
S3 ps_avs;ps_avs;C:\WINDOWS\system32\Drivers\ps_avs.sys [2004-10-14 16:33]
S3 SprintRcAppSvc;Sprint RcAppSvc;"C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe" /n "SprintRcAppSvc" []
S3 SQLAgent$ACT7;SQLAgent$ACT7;C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 usbvm328;HP Camera;C:\WINDOWS\system32\Drivers\usbvm326.sys [2006-10-12 19:42]
S3 vmfilter323;VC0326 filter service for Serome;C:\WINDOWS\system32\drivers\vmfilter323.sys [2006-08-10 23:00]
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-05-12 20:33:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\ICF.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FireBox.exe
C:\Program Files\CMS Products\BounceBack Professional\BBLauncher.exe
.
**************************************************************************
.
Completion time: 2008-05-12 20:37:31 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-13 01:37:17
ComboFix2.txt 2008-05-09 00:46:14
ComboFix3.txt 2008-05-06 02:53:23
Pre-Run: 30,599,639,040 bytes free
Post-Run: 30,514,077,696 bytes free
198 --- E O F --- 2008-04-09 17:38:29
==========================================================
HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:43:14 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft SQL Server\MSSQL$ACT7\Binn\sqlservr.exe
C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Internet Content Filter\SafeEyes.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX.exe
C:\WINDOWS\DvzCommon\DvzMsgr.exe
C:\Program Files\Palm\HOTSYNC.EXE
C:\Program Files\CMS Products\BounceBack Professional\BBLauncher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe
C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - C:\PROGRA~1\FRESHD~1\FRESHD~1\FDCatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Act.UI.InternetExplorer.Plugins.AttachFile.CAttachFile - {D5233FCD-D258-4903-89B8-FB1568E7413D} - mscoree.dll (file missing)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - C:\PROGRA~1\FRESHD~1\FRESHD~1\fdiebar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Act! Preloader] "C:\Program Files\ACT\ACT for Windows\Act8.exe" -preload
O4 - HKLM\..\Run: [ICF] "C:\Program Files\Internet Content Filter\SafeEyes.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [FIREBOX] C:\Program Files\PreSonus\1394AudioDriver_FIREBox\FIREBOX Control.exe
O4 - HKLM\..\Run: [Sprint SmartView] "C:\Program Files\Sprint\Sprint SmartView\SprintSV.exe" -a
O4 - Startup: BounceBack Launcher.lnk = ?
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Dataviz Messenger.lnk = C:\WINDOWS\DvzCommon\DvzMsgr.exe
O4 - Global Startup: HOTSYNCSHORTCUTNAME.lnk = C:\Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Attach Web page to ACT! contact - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra 'Tools' menuitem: Attach Web page to ACT! contact... - {6F431AC3-364A-478b-BBDB-89C7CE1B18F6} - mscoree.dll (file missing)
O9 - Extra button: FreshDownload - {D6226514-AE1F-495A-8EEF-65B021C380FE} - C:\Program Files\FreshDevices\FreshDownload\fd.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O10 - Unknown file in Winsock LSP: icf.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1196920725302O17 - HKLM\System\CCS\Services\Tcpip\..\{2D022BE2-EA45-4E83-9263-53D951727416}: NameServer = 68.28.154.92 68.28.146.92
O17 - HKLM\System\CS1\Services\Tcpip\..\{2D022BE2-EA45-4E83-9263-53D951727416}: NameServer = 68.28.154.92 68.28.146.92
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll
O20 - Winlogon Notify: winrmj32 - winrmj32.dll (file missing)
O23 - Service: BBWatcherService - CMS Products™, Inc. - C:\Program Files\CMS Products\BounceBack Professional\BBWatcherService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NeatReceipts Database Controller - Digital Business Processes - C:\Program Files\Common Files\NeatReceipts\DB Controller\NeatReceiptsDBController.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sprint RcAppSvc (SprintRcAppSvc) - PCTEL - C:\Program Files\Sprint\Sprint SmartView\RcAppSvc.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 7895 bytes
