GoSlow2GoFast

Members
  • Content count

    10
  • Joined

  • Last visited

About GoSlow2GoFast

  • Rank
    New Member

Contact Methods

  • ICQ
    0
  1. Seems to be working okay so far, thanks. ~gs2gf
  2. Heading out for a bit, I will check it out further later tonight. I will need to reinstall FF also, had uninstalled it when problems were first occuring. ~gs2gf
  3. OTM log file: ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== LoadLibrary failed for c:\windows\system32\ms.dll c:\windows\system32\ms.dll moved successfully. < ipconfig /flushdns /c > Windows IP Configuration Successfully flushed the DNS Resolver Cache. E:\cmd.bat deleted successfully. E:\cmd.txt deleted successfully. ========== COMMANDS ========== C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTM by OldTimer - Version 3.1.17.2 log created on 12292010_141243
  4. I also found a file named "c:\windows\system32\dll" which seemed like a suspicious name, but when submitted to the jotti.org online scanner it did not report any vulnerabilities in it. Will OTM delete my c:\temp folder, there are useful files in there I need which I would need to move? ~gs2gf
  5. Here is checkup.txt: Results of screen317's Security Check version 0.99.8 Windows 7 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 McAfee VirusScan Enterprise McAfee Agent WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware ```````````````````````````````` Process Check: objlist.exe by Laurent McAfee VirusScan Enterprise EngineServer.exe McAfee VirusScan Enterprise VsTskMgr.exe McAfee VirusScan Enterprise Mcshield.exe McAfee VirusScan Enterprise mfeann.exe McAfee VirusScan Enterprise shstat.exe ``````````End of Log````````````
  6. Here is the ESET log: C:\Windows\System32\ms.dll Win32/Bamital.DV trojan ~gs2gf
  7. Okay, after a reboot that error is gone. How do I know if I am "clean" at this point? ~bp
  8. Here's the Conbofix results. However, after it ended I can't start my AV software (McAfee) or even notepad without getting the error: "Illegal operation attempted on a registry key that has been marked for deletion." -------------------------------------------------------- ComboFix 10-12-26.01 - wprew 12/28/2010 14:02:18.1.2 - x86 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.2972.1906 [GMT -5:00] Running from: c:\users\wprew\Desktop\cf.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\INSTALL.LOG c:\users\wprew\g2mdlhlpx.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe Infected copy of c:\windows\System32\wininit.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe Infected copy of c:\windows\explorer.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe . ((((((((((((((((((((((((( Files Created from 2010-11-28 to 2010-12-28 ))))))))))))))))))))))))))))))) . 2010-12-28 19:07 . 2010-12-28 19:15 -------- d-----w- c:\users\wprew\AppData\Local\temp 2010-12-28 19:07 . 2010-12-28 19:07 -------- d-----w- c:\users\vtexeira\AppData\Local\temp 2010-12-28 19:07 . 2010-12-28 19:07 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-12-28 17:57 . 2010-12-28 17:57 -------- d-----w- C:\fix 2010-12-27 22:47 . 2010-12-27 22:47 56400 ----a-w- c:\windows\system32\drivers\tmrkb.sys 2010-12-27 22:47 . 2010-12-27 22:47 190032 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-12-27 20:21 . 2010-12-27 20:16 12468680 ----a-w- c:\temp\windows-kb890830-v3.14.exe 2010-12-27 04:22 . 2010-11-12 23:53 472808 ----a-w- c:\windows\system32\deployJava1.dll 2010-12-27 03:53 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys 2010-12-27 02:41 . 2010-12-27 04:30 -------- d-----w- c:\program files\Windows Live Safety Center 2010-12-27 00:12 . 2010-12-27 16:15 -------- d-----w- C:\bad 2010-12-24 07:40 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D5351544-A83D-4874-B696-9220D8595D54}\mpengine.dll 2010-12-24 04:10 . 2010-12-24 04:10 3584 ----a-w- c:\windows\system32\ms.dll 2010-12-09 14:36 . 2010-12-09 14:36 -------- d-----w- c:\users\wprew\AppData\Local\ElevatedDiagnostics 2010-12-02 12:49 . 2010-12-02 12:49 -------- d-----w- c:\program files\Common Files\4Team 2010-12-02 12:49 . 2010-12-02 12:49 -------- d-----w- c:\program files\4Team Corporation 2010-12-02 11:57 . 2010-12-02 11:57 -------- d-----w- c:\users\wprew\AppData\Local\Downloaded Installations . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-12-20 23:09 . 2010-11-28 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-12-20 23:08 . 2010-11-28 16:07 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-10-27 04:40 . 2010-10-27 04:40 501424 ----a-w- c:\windows\system32\SGrid4Team.ocx 2010-10-27 04:40 . 2010-10-27 04:40 231088 ----a-w- c:\windows\system32\CompareLib.dll 2010-10-19 15:41 . 2010-01-07 20:49 222080 ------w- c:\windows\system32\MpSigStub.exe 2010-09-30 17:02 . 2010-09-30 17:02 597664 ----a-w- c:\windows\system32\Lib4Team.dll 2010-09-30 17:02 . 2010-09-30 17:02 22720 ----a-w- c:\windows\system32\ForTeam.Licensing.Wrapper.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-09-03 288312] "acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 153640] "accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 400936] "DagentUI"="c:\program files\Altiris\Dagent\dagentui.exe" [2008-02-27 476424] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2008-03-14 136512] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2008-09-29 124240] "AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712] "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-09-23 38840] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-09-22 640440] "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-07-29 136216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-07-29 171032] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-07-29 170520] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] c:\users\wprew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 227712] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\POP Peeper] 2010-09-09 22:09 1511424 ----a-w- c:\_pf\POP Peeper\POPPeeper.exe R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2008-09-29 64432] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] R3 NVMJRBVU;NVMJRBVU;c:\users\wprew\AppData\Local\Temp\NVMJRBVU.exe [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152] R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-07-22 13824] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-08 1343400] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2009-10-10 13936] S1 nm3;Microsoft Network Monitor 3 Driver;c:\windows\system32\DRIVERS\nm3.sys [2010-06-09 39736] S1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-07-22 17920] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 207400] S2 Altiris Deployment Agent;Altiris Deployment Agent;c:\program files\Altiris\Dagent\dagent.exe [2008-02-27 640264] S2 DB2MGMTSVC_TACOM26;DB2 Management Service (TACOM26);c:\_pf\Quest\Toad for Data Analysts 2.6.1\SQLLIB\BIN\db2mgmtsvc.exe [2009-12-17 37736] S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2009-10-10 4707688] S2 dtpd;ShrewSoft DNS Proxy Daemon;c:\program files\ShrewSoft\VPN Client\dtpd.exe [2010-08-17 54544] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2010-07-16 26168] S2 iked;ShrewSoft IKE Daemon;c:\program files\ShrewSoft\VPN Client\iked.exe [2010-08-17 726288] S2 ipsecd;ShrewSoft IPSEC Daemon;c:\program files\ShrewSoft\VPN Client\ipsecd.exe [2010-08-17 541968] S2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\EngineServer.exe [2008-09-29 19456] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2008-09-29 67904] S2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [2010-06-24 91456] S3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-07-29 482176] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2009-10-10 164976] S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [2009-06-13 221912] S3 NETw5s32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840] S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [2009-07-20 49152] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] GPSvcGroup REG_MULTI_SZ GPSvc HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . . ------- Supplementary Scan ------- . uStart Page = about:blank TCP: {DCD83D69-C29F-4DB1-9034-4FCAA1D9C3E5} = 10.10.10.25,10.10.10.26 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} - hxxp://pvdapp34/projectserver/objects/pjclient.cab DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} - hxxp://pvdapp22/SCRSDE/Reports/activeXViewer/activexviewer.cab DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} - hxxp://pvdapp34/projectserver/objects/1033/pjcintl.cab . - - - - ORPHANS REMOVED - - - - HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe SafeBoot-Wdf01000.sys AddRemove-LSI Soft Modem - c:\windows\agrsmdel . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(748) c:\_pf\WinSCP\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\DisplayLink Core Software\DisplayLinkUserAgent.exe c:\windows\system32\AEADISRV.EXE c:\program files\LSI SoftModem\agrsmsvc.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe c:\program files\McAfee\VirusScan Enterprise\mfeann.exe c:\windows\system32\conhost.exe c:\windows\system32\WUDFHost.exe c:\windows\system32\taskhost.exe c:\program files\DisplayLink Core Software\DisplayLinkUI.exe c:\windows\system32\conhost.exe c:\program files\Motorola\MotoConnectService\MotoConnect.exe c:\program files\windows defender\MpCmdRun.exe . ************************************************************************** . Completion time: 2010-12-28 14:21:42 - machine was rebooted ComboFix-quarantined-files.txt 2010-12-28 19:21 Pre-Run: 92,735,991,808 bytes free Post-Run: 92,576,546,816 bytes free - - End Of File - - C59D225FB0286683B2DA8F2B7B2BE5A5
  9. Ran TDSSKiller, no threats found of any sort. ~bp
  10. I seem to have a problem on this system where certain search results from google when selected redirect to a different site. I have scanned with MBAM but it comes up clean. I'm posting the HJT log file in case you can see something that helps locate the problem in it. ~gs2gf Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 5:40:07 PM, on 12/27/2010 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16700) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe C:\Program Files\ActivIdentity\ActivClient\acevents.exe C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe C:\Program Files\Altiris\Dagent\dagentui.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\WindowsMobile\wmdc.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Windows\System32\igfxtray.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE C:\Windows\System32\mobsync.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conhost.exe E:\scan\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 1.2.3.4 test1 #comment O1 - Hosts: 1.2.3.4 test #comment O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - (no file) O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll O3 - Toolbar: &Linkman - {5C9DCA26-CEC4-4280-A831-D622D4DBF113} - C:\_pf\Linkman\LinkmanCom.dll O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [acevents] "C:\Program Files\ActivIdentity\ActivClient\acevents.exe" O4 - HKLM\..\Run: [accrdsub] "C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" O4 - HKLM\..\Run: [DagentUI] C:\Program Files\Altiris\Dagent\dagentui.exe O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [igfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...s/wlscctrl2.cab O16 - DPF: {4A3CBDDD-C4DC-4C38-B44F-704DAEF628AE} (PjAdoInfo3 Class) - http://pvdapp34/projectserver/objects/pjclient.cab O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab O16 - DPF: {A1B8A30B-8AAA-4A3E-8869-1DA509E8A011} (Crystal ActiveX Report Viewer Control 10.0) - http://pvdapp22/SCRSDE/Reports/activeXView...tivexviewer.cab O16 - DPF: {AF9A1421-E128-4D5F-A37E-039F305867B9} (Pj11enuC Class) - http://pvdapp34/projectserver/objects/1033/pjcintl.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jwu.edu O17 - HKLM\Software\..\Telephony: DomainName = jwu.edu O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD83D69-C29F-4DB1-9034-4FCAA1D9C3E5}: Domain = jwu.edu O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD83D69-C29F-4DB1-9034-4FCAA1D9C3E5}: NameServer = 10.10.10.25,10.10.10.26 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jwu.edu O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = jwu.edu O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe O23 - Service: Altiris Deployment Agent - Altiris, Inc. - C:\Program Files\Altiris\Dagent\dagent.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: DB2 Management Service (TACOM26) (DB2MGMTSVC_TACOM26) - International Business Machines Corporation - C:\_pf\Quest\Toad for Data Analysts 2.6.1\SQLLIB\BIN\db2mgmtsvc.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: ShrewSoft DNS Proxy Daemon (dtpd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\dtpd.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\Windows\system32\Hpservice.exe O23 - Service: ShrewSoft IKE Daemon (iked) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\iked.exe O23 - Service: ShrewSoft IPSEC Daemon (ipsecd) - Unknown owner - C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: NVMJRBVU - Sysinternals - www.sysinternals.com - C:\Users\wprew\AppData\Local\Temp\NVMJRBVU.exe -- End of file - 10158 bytes