ran hijach this and combofix need to send the output of the log files to you to see what I am missing. I got rid of some malware and get a clean scan on Ad-Aware, with the exception of of some cookies, but still get the pop-up's.
I read the message board and tried combofix, it removed a bunch of things, see log.
I was able to create a CFScript.txt. and add the file and registry entry of the malware detected
c:\windows\system32\qomfddeu.dll
______________________________________________________
I do get a lot of messages now from Ad-Watch for lsass.exe trying to modify the registry.
Any thoughts there?
I have screen captures of the Ad-Aware if you need them
Thanks,
-Chris
ComboFix 08-06-04.1 - chris.hensel 2008-06-04 19:47:21.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1057 [GMT -7:00]
Running from: C:\Documents and Settings\chris.hensel\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\chris.hensel\Desktop\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
FILE ::
c:\windows\system32\qomfddeu.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\chris.hensel\g2mdlhlpx.exe
C:\Temp\vtmp2
C:\Temp\vtmp2\pskt.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
c:\windows\system32\qomfddeu.dll
C:\WINDOWS\system32\sagndyuv.ini
C:\WINDOWS\system32\UvwyJRqr.ini
C:\WINDOWS\system32\UvwyJRqr.ini2
C:\WINDOWS\system32\vltryrpt.ini
.
((((((((((((((((((((((((( Files Created from 2008-05-05 to 2008-06-05 )))))))))))))))))))))))))))))))
.
2008-06-04 19:56 . 2008-06-04 19:56 294 ---hs---- C:\WINDOWS\system32\sagndyuv.ini
2008-06-04 15:30 . 2008-06-04 15:30 <DIR> d-------- C:\tmp
2008-06-04 13:07 . 2008-06-04 15:24 70 --ah----- C:\temp\aaw7boot.cmd
2008-06-04 10:08 . 2008-06-04 10:38 <DIR> d-------- C:\WINDOWS\system32\vntiho18
2008-06-04 09:11 . 2008-06-04 09:11 104,448 --a------ C:\WINDOWS\system32\kpcasytv.dll
2008-06-04 09:09 . 2008-06-04 09:09 97,280 --a------ C:\WINDOWS\system32\vuydngas.dll
2008-06-04 09:08 . 2008-06-04 09:08 106,496 --a------ C:\temp\johpcqef.dll
2008-06-03 21:05 . 2008-06-03 21:05 277,504 --a------ C:\WINDOWS\system32\rqRJywvU.dll
2008-06-03 21:00 . 2008-06-04 10:38 <DIR> d-------- C:\WINDOWS\system32\vntiho05
2008-06-03 20:13 . 2008-06-03 20:13 <DIR> d-------- C:\Documents and Settings\chris.hensel\Application Data\vlc
2008-06-03 20:10 . 2008-06-03 20:10 <DIR> d-------- C:\Program Files\VideoLAN
2008-06-03 19:05 . 2008-06-03 19:05 <DIR> d-------- C:\Program Files\WMV9_VCM
2008-06-03 18:59 . 2008-06-03 18:59 <DIR> d-------- C:\Program Files\Xvid
2008-06-03 18:54 . 2008-06-04 09:38 <DIR> d-------- C:\WINDOWS\system32\quicktime
2008-06-03 10:55 . 2008-06-03 18:57 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-03 10:55 . 2008-06-03 10:55 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-30 21:20 . 2008-06-04 09:26 <DIR> d-------- C:\Documents and Settings\chris.hensel\Application Data\LimeWire
2008-05-30 21:19 . 2008-05-30 21:19 <DIR> d-------- C:\Program Files\LimeWire
2008-05-23 12:35 . 2008-05-23 12:35 <DIR> d-------- C:\Program Files\eMusic Download Manager
2008-05-23 12:00 . 2008-05-23 12:00 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-22 15:47 . 2008-06-04 16:30 <DIR> d-------- C:\Documents and Settings\chris.hensel\Application Data\skypePM
2008-05-22 15:47 . 2008-05-22 15:47 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\Skype
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Program Files\Common Files\Skype
2008-05-22 15:45 . 2008-06-04 19:56 <DIR> d-------- C:\Documents and Settings\chris.hensel\Application Data\Skype
2008-05-22 15:45 . 2008-05-22 15:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-05-22 14:07 . 2007-04-28 05:51 185,936 --a------ C:\Documents and Settings\chris.hensel\Application Data\OI31Upd.exe
2008-05-22 14:07 . 2007-04-28 03:56 49,152 --a------ C:\Documents and Settings\chris.hensel\Application Data\olkupres.dll
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2008-05-16 09:30 . 2008-05-16 09:30 <DIR> d-------- C:\Program Files\Citrix
2008-05-12 18:53 . 2008-05-12 18:53 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-05-12 18:53 . 2008-05-12 18:53 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-05-12 18:53 . 2008-05-12 18:53 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-05-12 18:51 . 2008-05-12 18:51 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-05-12 18:51 . 2008-05-12 18:51 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-05-12 18:49 . 2008-05-12 18:49 161,096 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-05-12 18:49 . 2008-05-12 18:49 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2008-05-12 17:03 . 2008-05-12 17:03 <DIR> d-------- C:\Program Files\ALTEC LANSING
2008-05-08 09:38 . 2008-05-08 09:38 <DIR> d-------- C:\Program Files\WebEx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-04 01:44 --------- d-----w C:\Documents and Settings\chris.hensel\Application Data\DivX
2008-06-04 01:19 --------- d-----w C:\Program Files\DivX
2008-05-29 13:55 --------- d-----w C:\Documents and Settings\chris.hensel\Application Data\WebEx
2008-05-23 19:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-05-23 18:59 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-04-29 19:04 --------- d-----w C:\Program Files\Java
2008-04-29 18:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 18:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 18:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-24 22:14 --------- d-----w C:\Documents and Settings\chris.hensel\Application Data\gtk-2.0
2008-04-24 13:59 51,304 ----a-w C:\WINDOWS\system32\drivers\atnt40k.sys
2008-04-23 20:03 --------- d-----w C:\Program Files\Wireshark
2008-04-18 19:09 --------- d-----w C:\Documents and Settings\chris.hensel\Application Data\Wireshark
2008-04-18 18:32 --------- d-----w C:\Program Files\Smartwizard Discovery
2008-04-16 22:22 --------- d-----w C:\Documents and Settings\chris.hensel\Application Data\AdobeUM
2008-04-16 22:19 --------- d-----w C:\Program Files\Print Server
2008-04-14 20:47 --------- d-----w C:\Program Files\Common Files\Java
2008-03-14 12:28 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-03-14 12:21 623,344 ----a-w C:\WINDOWS\qfe165.tmp
2008-03-14 12:19 539,448 ----a-w C:\WINDOWS\qfe13D.tmp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{35EC3371-935C-4A67-9F16-4D752E11D267}]
2008-06-03 21:05 277504 --a------ C:\WINDOWS\system32\rqRJywvU.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{52996e6b-cf65-44d2-a952-f747a0c829ca}]
2008-06-04 09:11 104448 --a------ C:\WINDOWS\system32\kpcasytv.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 01:40 218032]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2008-04-30 17:17 22058792]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"="C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe" [2008-05-28 13:01 2468200]
"7ca793f8"="C:\WINDOWS\system32\vuydngas.dll" [2008-06-04 09:09 97280]
"BM7f94a064"="C:\WINDOWS\system32\johpcqef.dll" [ ]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-05-03 07:58:50 106560]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
ckpNotify.dll 2006-04-09 17:59 24674 C:\WINDOWS\system32\ckpNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
C:\WINDOWS\system32\psqlpwd.dll 2007-08-14 12:54 89600 C:\WINDOWS\system32\psqlpwd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\qoMfddEu]
qoMfddEu.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 13:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2007-12-14 13:36 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SERVICE.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SCC.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.EXE"=
"C:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_DIAGNOSTICS.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-10-16 15:33]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-10-16 15:32]
R1 Pivot;Pivot;C:\WINDOWS\system32\drivers\pivot.sys [2007-02-09 12:17]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2008-01-10 22:30]
R2 CP_OMDRV;Check Point Office Mode Module;C:\WINDOWS\system32\drivers\omdrv.sys [2006-04-09 17:59]
R2 OpenSSHd;OpenSSH Server;"C:\PROGRA~1\NETWOR~1\ssh\cygrunsrv.exe" [2001-10-19 01:15]
R2 smihlp2;SMI Helper Driver (smihlp2);C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys [2007-08-14 12:46]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;C:\WINDOWS\system32\DRIVERS\vnasc.sys [2006-04-09 17:59]
R2 VPN-1;VPN-1 Module;C:\WINDOWS\system32\drivers\vpn.sys [2006-04-09 17:58]
R3 FW1;SecuRemote Miniport;C:\WINDOWS\system32\DRIVERS\fw.sys [2006-04-09 17:58]
R3 TcUsb;TC USB Kernel Driver;C:\WINDOWS\system32\Drivers\tcusb.sys [2007-08-14 12:25]
S3 al60;al60;C:\WINDOWS\system32\al60.sys [1998-05-10 10:16]
S3 AX88772;ASIX AX88772/AX88772A USB2.0 to Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\ax88772.sys [2007-09-21 08:09]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;C:\WINDOWS\system32\DRIVERS\el575nd5.sys [2001-08-17 12:10]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 13:22]
S3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\System32\drivers\pivotmou.sys [2007-02-09 12:17]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\Auto\command - E:\Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-29 15:27:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 14:10:39 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
"2008-06-04 19:50:00 C:\WINDOWS\Tasks\SyncToy.job"
- C:\Program Files\Microsoft\SyncToy\SyncToy.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-04 19:55:46
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\system32\sagndyuv.ini 294 bytes
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\explorer.exe
-> C:\WINDOWS\system32\vuydngas.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla server.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\NetworkSimplicity\ssh\sshd.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
**************************************************************************
.
Completion time: 2008-06-04 19:59:33 - machine was rebooted [chris.hensel]
ComboFix-quarantined-files.txt 2008-06-05 02:59:30
Pre-Run: 13,981,044,736 bytes free
Post-Run: 14,168,977,408 bytes free
206 --- E O F --- 2008-05-29 00:18:16
-----------------------------------------------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:31, on 2008-06-04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NETWOR~1\ssh\cygrunsrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NetworkSimplicity\ssh\sshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\IrfanView\i_view32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\regedit.exe
C:\Documents and Settings\chris.hensel\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\Ad-Watch.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [7ca793f8] rundll32.exe "C:\WINDOWS\system32\vuydngas.dll",b
O4 - HKLM\..\Run: [BM7f94a064] Rundll32.exe "C:\WINDOWS\system32\johpcqef.dll",s
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Client\Utils\BabylonIEPI.dll/Translate.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1177359285022
O16 - DPF: {CAFECAFE-0013-0001-0026-ABCDEFABCDEF} (JInitiator 1.3.1.26) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://radwaresupport.webex.com/client/T26...ort/ieatgpc.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = usa.corp.radware.com
O17 - HKLM\Software\..\Telephony: DomainName = usa.corp.radware.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = usa.corp.radware.com
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: OpenSSH Server (OpenSSHd) - Unknown owner - C:\PROGRA~1\NETWOR~1\ssh\cygrunsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
--
End of file - 9349 bytes