Jump to content

ttt03

Members
 View Profile  See their activity

  • Posts

    12

  • Joined

  • Last visited

 Content Type 

Everything posted by ttt03

  1. ttt03
    First notice most files disappeared. Restarted computer in safe-mode, changed the setting of view folder options to show hidden files and operating systm files. After applying the setting it's always reversed to not showing hidden files. All spaces are still occupied as displayed in properties of the folder. Noticed more virus message A potentail disk failure may cause loss of files, applications and documents store on the hard disk ........ and force to "scan and fix" or "cancel and reboot" "RAM memory reliability is extremely low ...." "Cirtical error hard driver critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems." And task manager is blocked. MBAM is also blocked even in safe most. Downloard DDS.scr but it never ends.
  2. ttt03
    under safe mode, downloaded MBAM from cnet.com but was unavailable to install it. Saying "access is denied" at the end of installation and rolled everything back. Rename the downloaded file and the same result.
  3. ttt03
    task manager also blocked by virus.
  4. ttt03
    More virus messages: A potentail disk failure may cause loss of files, applications and documents store on the hard disk ........ and force to "scan and fix" or "cancel and reboot" "RAM memory reliability is extremely low ...." "Cirtical error hard driver critical error. Start a system diagnostics application to scan your hard disk for errors and performance problems."
  5. ttt03
    Most files disappeared. Restarted computer in safe-mode, changed the setting of view folder options to show hidden files and operating systm files. After applying the setting it's always reversed to not showing hidden files. All spaces are still occupied as displayed in properties of the folder. Must be some virus. Help needed and TIA.
  6. ttt03
    Thanks a lot for your big help. I have followed the advice to clean up everything. Have a wonderful night.
  7. ttt03
    1. Adobe upgraded to 9.3 2. J2SE JRE updated to 1.6 update 20 3. TPC executed to clean all temp files 4. MBAM scanned with latest update, no issue reported, logs attached below 5. Eset online scanner with a couple of threats, log attached below ---------------------------------------MBAM logs Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4125 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/21/2010 6:08:35 PM mbam-log-2010-05-21 (18-08-35).txt Scan type: Quick scan Objects scanned: 142016 Time elapsed: 2 minute(s), 17 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------ESet online scan logs ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=5d16970ea8a8a141b1f9427eaf77bb02 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2010-05-21 10:41:16 # local_time=2010-05-21 06:41:16 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=4142 # found=0 # cleaned=0 # scan_time=485 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=7.00.6000.17023 (vista_gdr.100222-0012) # OnlineScanner.ocx=1.0.0.6211 # api_version=3.0.2 # EOSSerial=5d16970ea8a8a141b1f9427eaf77bb02 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2010-05-22 12:21:58 # local_time=2010-05-21 08:21:58 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=77477 # found=3 # cleaned=0 # scan_time=5990 C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\ultra.sys.vir Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{6D3D80B0-5FA3-4DA0-BBE9-33F51C6316AB}\RP78\A0021990.exe probably a variant of Win32/Genetik trojan 00000000000000000000000000000000 I C:\System Volume Information\_restore{6D3D80B0-5FA3-4DA0-BBE9-33F51C6316AB}\RP78\A0022096.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I
  8. ttt03
    completed 50 stages then forced computer restart. Attached here is the new log file ComboFix1.txt
  9. ttt03
    1. Download bootdisk for XP Pro SP2 from MS website 2. Download combofix 3. Drag bootdisk into combofix and recovery console succesfully installed 4. Has McAfee VirusScan enterprise installed on computer and forced to start every 5 minutes thus cannot be completely disabled, tried best to manually disable it whenever possible 5. Ran combofix, first it detected something rootkit and forced a restart 6. After restart, combofix continue running, complete 50 stagas, deleted a couple of files and report generated. During the period there is nothing else on screen so I couldn't disable McAfee VirusScan enterprise. Seems google search no longer redirected. However when I am trying to ping any server within a command window, I always got intermittent request time out. And Cisco V PN client still cannot establish connection. ComboFix.txt
  10. ttt03
    Frist I had trouble download and save the RKUnhookerLE.exe file. Then I downloaded it from another computer and transfer to this one. Get the following warning when executing RKUnhookerLE.exe Rooktit Unhooker has detected parsaite inside itself! It is recommened to remove parasite, okay? Parasite type: Unknown remote thread Thread ID: 3308 Priority: 8 Thread start address: 0x77DF848A Module: advapi32.dll Scan report are too long to paste and attached here as a txt file. Thanks a lot. RkUnhooker.txt
  11. ttt03
    Yesterday I started experiencing google redirect issue. Always have McAfee enterprise version on. Tried several tools either says clean or doesn't remove it, including MBAM with the latest update. Thanks in advance for your kind help. MBAM logs, HijackThis logs are attached here. Then followed the instructions here 1. DeFogger - Disable Completed 2. DDS.txt posted below and attach.txt attached 3. GMER Rootkit Scanner always crashes my computer after scanning for a while. No logs saved. DDS (Ver_10-03-17.01) - NTFSx86 Run by TTU1 at 9:34:02.85 on Fri 05/21/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.5.0_13 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3572.2895 [GMT -4:00] AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} ============== Running Processes =============== C:\lotus\notes\nslsvice.exe C:\Program Files\Novell\CASA\bin\micasad.exe C:\lotus\notes\nsl.exe C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\CmgShieldSvc.exe C:\WINDOWS\system32\EMSService.exe C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k eapsvcs C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k dot3svc C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe C:\WINDOWS\system32\spoolsv.exe c:\windows\drivers\e6400\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Courion Corporation\Courion Client Manager\CourClientSvr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\cpsyssrv.exe C:\lotus\notes\ntmulti.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ABC\Licenser\i386\clientnt.exe C:\Siaudit2\QPDiscovery.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\iprntctl.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\CMGShieldUI.exe C:\WINDOWS\system32\EmsServiceHelper.exe C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-gui.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\TTu1\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/webhp?client=aff-ime uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://online/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mSearchAssistant = hxxp://www.google.com/ie mWinlogon: System=c:\program files\novell\zenworks\bin\preboot\ZISWIN.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_13\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptcl.dll TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File EB: &IEWatch: {e69657ff-19ac-4849-bf35-91243eef1687} - c:\program files\iewatch\IEWatch.dll EB: ieHTTPHeaders: {ed2dd609-156e-44ee-b2ec-b93544f5a0d6} - c:\program files\iehttpheaders\ieHTTPTrace.dll uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg mRun: [nwiz] nwiz.exe /installquiet mRun: [NWTRAY] NWTRAY.EXE mRun: [Credant] mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [shStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON mRun: [Google Pinyin 2 Autoupdater] "c:\program files\google\google pinyin 2\GooglePinyinDaemon.exe" mRun: [NVHotkey] RUNDLL32.EXE nvHotkey.dll,Start mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe mRun: [EmsService] EmsServiceHelper.exe mRun: [ZenNotifyIcon] c:\program files\novell\zenworks\bin\ZenNotifyIcon.exe mRun: [ZENWorksUserDaemon] c:\program files\novell\zenworks\bin\ZenUserDaemon.exe mRun: [NalView] c:\program files\novell\zenworks\bin\nalview.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\connec~1.lnk - c:\program files\connected\CBSysTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\sshtec~1.lnk - c:\program files\ssh communications security\ssh tectia\ssh tectia aux\support binaries\ssh-broker-gui.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{f3c1de9e-5e16-4ba9-b854-7b53a45e3579}\Icon3E5562ED7.ico uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1) uPolicies-explorer: NoWelcomeScreen = 1 (0x1) uPolicies-explorer: DisallowRun = 1 (0x1) uPolicies-disallowrun: 1 = ds-rwe.exe uPolicies-disallowrun: 2 = jusched.exe uPolicies-disallowrun: 3 = kazaa.exe uPolicies-disallowrun: 4 = limewirewin.exe uPolicies-disallowrun: 5 = ssl32dr.exe uPolicies-disallowrun: 6 = windde32.exe uPolicies-disallowrun: 7 = winlog.exe mPolicies-explorer: NoWelcomeScreen = 1 (0x1) mPolicies-system: CompatibleRUPSecurity = 1 (0x1) mPolicies-system: SynchronousMachineGroupPolicy = 1 (0x1) mPolicies-system: SynchronousUserGroupPolicy = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_13\bin\ssv.dll IE: {78E5BB46-9A20-402F-BA66-B5634D177D77} - {E69657FF-19AC-4849-BF35-91243EEF1687} - c:\program files\iewatch\IEWatch.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {EF3CEDAA-71DE-494f-A700-9648BD0F0BA9} - {ED2DD609-156E-44EE-B2EC-B93544F5A0D6} - c:\program files\iehttpheaders\ieHTTPTrace.dll Trusted Zone: harvardpilgrim.org Trusted Zone: healthtrioconnect.com Trusted Zone: hphc.org DPF: {6C64B50D-0472-4CD6-9312-644BEF37D4E6} - hxxps://aim.hphc.org/AIM/Courion/AccessOptions/HTML/PasswordCourierSS/CourLocal.CAB DPF: {7663D970-69AA-40EB-9B59-6C4F02DE264D} - hxxps://aim-dev.hphc.org/AIM/Courion/AccessOptions/HTML/PasswordCourierSS/CourLocal.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_13-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://btconferencing.webex.com/client/T27L10NSP11EP11/webex/ieatgpc.cab Notify: CMGShieldNP - CmgShieldNP.dll Notify: LCredMgr - c:\program files\novell\casa\bin\lcredmgr.dll Notify: nzrNotifier - nzrNotifier.dll Notify: PCANotify - PCANotify.dll SEH: ZENworks Adaptive Agent: {763370c4-268e-4308-a60c-d8da0342be32} - c:\program files\novell\zenworks\bin\NalShell.dll LSA: Authentication Packages = msv1_0 nwv1_0 ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\ttu1\applic~1\mozilla\firefox\profiles\ttu1\ FF - prefs.js: browser.startup.homepage - hxxp://online.hphc.org/ FF - plugin: c:\documents and settings\ttu1\application data\mozilla\firefox\profiles\ttu1\extensions\ietab@ip.cn\plugins\npCoralIETab.dll FF - plugin: c:\documents and settings\ttu1\application data\mozilla\plugins\npnzrPlugin.dll FF - plugin: c:\program files\java\jre1.5.0_13\bin\NPJPI150_13.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\local-settings.js - pref("general.config.filename", "mozilla.cfg");c:\program files\mozilla firefox\greprefs\security-prefs.js:pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2009-3-12 404080] R1 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.sys [2003-5-5 24365] R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.sys [2003-4-21 10901] R1 mferkdk;VSCore mferkdk;c:\program files\mcafee\virusscan enterprise\mferkdk.sys [2009-1-27 31848] R1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2009-10-26 34671] R2 ABC Client Monitor;ABC Client Monitor;c:\windows\abc\licenser\i386\clientnt.exe [2009-10-26 262212] R2 CMGShield;CMG Shield;c:\windows\system32\CmgShieldSvc.exe [2009-3-12 2053480] R2 CourClientSvr;CourClientSvr;c:\program files\courion corporation\courion client manager\CourClientSvr.exe [2010-3-23 151552] R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-1-22 808296] R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-1-22 20840] R2 EMS;EMS;c:\windows\system32\EmsService.exe [2009-3-12 709992] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2009-5-18 103744] R2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\Mcshield.exe [2009-1-27 144704] R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\VsTskMgr.exe [2009-1-27 54608] R2 Monitor System;Monitor System;c:\windows\system32\cpsyssrv.exe [2009-10-26 135168] R2 Novell Identity Store;Novell Identity Store;c:\program files\novell\casa\bin\micasad.exe [2009-6-24 245760] R2 Novell ZENworks Agent Service;Novell ZENworks Agent Service;c:\program files\novell\zenworks\bin\ZenworksWindowsService.exe [2009-11-26 28672] R2 nzwinvnc;Novell ZENworks Remote Management powered by VNC;c:\program files\novell\zenworks\bin\nzrWinVNC.exe [2009-11-20 2379776] R2 QP: Discovery Agent;QP: Discovery Agent;c:\siaudit2\QPDiscovery.exe [2006-11-3 352256] R2 WNTHW;WNTHW;c:\windows\system32\drivers\WNTHW.SYS [2010-3-23 9176] R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2009-7-9 112128] R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2009-7-9 32808] R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [2009-8-31 31896] R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [2009-7-9 244368] R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-10-26 73512] R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-10-26 34408] R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-10-26 177864] S0 cerc6;cerc6; [x] S0 mterbb;mterbb;c:\windows\system32\drivers\pysrcu.sys --> c:\windows\system32\drivers\pysrcu.sys [?] S0 xyvdmknu;xyvdmknu;c:\windows\system32\drivers\dpqd.sys --> c:\windows\system32\drivers\dpqd.sys [?] S3 awhost32;pcAnywhere Host Service;c:\program files\symantec\pcanywhere\awhost32.exe [2003-5-29 106496] S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [2009-3-12 161128] S3 QP: Discovery Update Agent;QP: Discovery Update Agent;c:\siaudit2\QPDUpdateService.exe [2006-3-24 192512] S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2007-11-14 394952] S3 ZENPreAgent;Novell ZENworks Pre Agent;c:\windows\novell\zenworks\bin\ZENPreAgent.exe [2010-3-18 192512] S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2005-9-23 2799808] =============== Created Last 30 ================ 2010-05-21 13:23:23 0 ----a-w- c:\documents and settings\ttu1\defogger_reenable 2010-05-20 18:31:53 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2010-05-20 16:26:41 12464 ----a-w- c:\windows\system32\avgrsstx.dll.install_backup 2010-05-20 16:26:40 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys.install_backup 2010-05-20 16:26:39 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys.install_backup 2010-05-20 16:26:35 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys.install_backup 2010-05-20 16:26:34 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys.install_backup 2010-05-20 16:24:19 0 d-----w- c:\program files\AVG 2010-05-14 15:53:06 0 d-----w- c:\docume~1\ttu1\applic~1\webex 2010-05-13 20:23:20 459264 -c----w- c:\windows\system32\dllcache\msfeeds.dll 2010-05-13 20:23:20 268288 -c----w- c:\windows\system32\dllcache\iertutil.dll 2010-05-13 20:23:19 63488 -c----w- c:\windows\system32\dllcache\icardie.dll 2010-05-13 20:23:19 52224 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll 2010-05-13 20:23:19 380928 -c----w- c:\windows\system32\dllcache\ieapfltr.dll 2010-05-13 20:23:18 991232 -c----w- c:\windows\system32\dllcache\ieframe.dll.mui 2010-05-13 20:23:18 2452872 -c----w- c:\windows\system32\dllcache\ieapfltr.dat 2010-05-13 20:23:18 13824 -c----w- c:\windows\system32\dllcache\ieudinit.exe 2010-05-13 20:23:16 6067200 -c----w- c:\windows\system32\dllcache\ieframe.dll 2010-05-12 12:44:42 0 d-----w- c:\docume~1\ttu1\applic~1\Novell 2010-05-10 13:35:52 11062 ----a-w- C:\AttestationCheckAIM.vbe 2010-05-01 15:39:42 2444 ----a-w- c:\windows\system32\SiteList.xml 2010-04-29 19:38:29 0 d-----w- c:\documents and settings\ttu1\VSWebCache ==================== Find3M ==================== 2010-04-29 19:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-04-29 19:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-04-02 14:29:13 15596 ----a-w- c:\windows\fonts\3of9.ttf 2010-03-26 01:45:28 131600 ----a-w- c:\windows\system32\nvModes.dat 2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll 2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll 2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-01 22:19:08 6253 ----a-w- c:\program files\eula.rtf ============= FINISH: 9:34:59.14 =============== mbam_log_2010_05_20__15_45_50_.txt hijackthis.txt Attach.txt
  12. ttt03
    Computer running slow and being redirected to random websites when clicking links on google search result page. Tried numbers of tools but got no luck so far. TIA. Running on Windows XP SP 3 and IE7 Here's the log files from MBAM (with latest udpate) and HijackThis 2.0.4 ---------------------------------------------------------------------------------- MBAM logs Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4121 Windows 5.1.2600 Service Pack 3 Internet Explorer 7.0.5730.13 5/20/2010 3:45:50 PM mbam-log-2010-05-20 (15-45-50).txt Scan type: Full scan (C:\|D:\|) Objects scanned: 219127 Time elapsed: 20 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 2 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urlvjyoc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\urlvjyoc (Rogue.AntivirusSuite.Gen) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) ---------------------------------------------------------------------------------- HT logs Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 3:36:41 PM, on 5/20/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.17023) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\lotus\notes\nslsvice.exe C:\Program Files\Novell\CASA\bin\micasad.exe C:\lotus\notes\nsl.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\CmgShieldSvc.exe C:\WINDOWS\system32\EMSService.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe C:\WINDOWS\system32\spoolsv.exe c:\windows\drivers\e6400\stacsv.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe C:\WINDOWS\System32\SCardSvr.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Connected\AgentSrv.EXE C:\Program Files\Courion Corporation\Courion Client Manager\CourClientSvr.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe C:\WINDOWS\system32\cpsyssrv.exe C:\lotus\notes\ntmulti.exe C:\Program Files\McAfee\Common Framework\naPrdMgr.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\ABC\Licenser\i386\clientnt.exe C:\Siaudit2\QPDiscovery.exe C:\WINDOWS\Explorer.EXE C:\Program Files\IDT\WDM\sttray.exe C:\WINDOWS\system32\AESTFltr.exe C:\WINDOWS\system32\NWTRAY.EXE C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE C:\WINDOWS\system32\iprntctl.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\System32\CMGShieldUI.exe C:\WINDOWS\system32\EmsServiceHelper.exe C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe C:\Program Files\Connected\CBSysTray.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-gui.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Lotus\Notes\NLNOTES.EXE C:\Lotus\Notes\ntaskldr.EXE C:\Documents and Settings\TTu1\Local Settings\Temporary Internet Files\Content.IE5\IFQTWRUZ\windows-kb890830-v3.7[1].exe c:\6db68166d79cbe990bbfb20adcaf\mrtstub.exe C:\WINDOWS\system32\MRT.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\TTu1\Local Settings\Temp\jkos-TTu1\binaries\ScanningProcess.exe C:\Documents and Settings\TTu1\Local Settings\Temp\jkos-TTu1\binaries\ScanningProcess.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\TTu1\Desktop\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://online/ O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [iPrint Tray] C:\WINDOWS\system32\iprntctl.exe TRAY_ICON O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "C:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" O4 - HKLM\..\Run: [NVHotkey] RUNDLL32.EXE nvHotkey.dll,Start O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE c:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CmgShieldUI] C:\WINDOWS\System32\CMGShieldUI.exe O4 - HKLM\..\Run: [EmsService] EmsServiceHelper.exe O4 - HKLM\..\Run: [ZenNotifyIcon] C:\Program Files\Novell\Zenworks\bin\ZenNotifyIcon.exe O4 - HKLM\..\Run: [ZENWorksUserDaemon] C:\Program Files\Novell\ZENworks\bin\ZenUserDaemon.exe O4 - HKLM\..\Run: [NalView] C:\Program Files\Novell\ZENworks\bin\nalview.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [urlvjyoc] C:\Documents and Settings\TTu1\Local Settings\Application Data\gvrctdcsf\sgmxeldtssd.exe O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [urlvjyoc] C:\Documents and Settings\TTu1\Local Settings\Application Data\gvrctdcsf\sgmxeldtssd.exe O4 - Global Startup: Connected TaskBar Icon.LNK = C:\Program Files\Connected\CBSysTray.exe O4 - Global Startup: SSH Tectia Broker.lnk = C:\Program Files\SSH Communications Security\SSH Tectia\SSH Tectia AUX\Support binaries\ssh-broker-gui.exe O4 - Global Startup: VPN Client.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_13\bin\ssv.dll O9 - Extra button: IEWatch Professional - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll O9 - Extra 'Tools' menuitem: IEWatch - {78E5BB46-9A20-402F-BA66-B5634D177D77} - C:\Program Files\IEWatch\IEWatch.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: (no name) - {EF3CEDAA-71DE-494f-A700-9648BD0F0BA9} - C:\Program Files\ieHTTPHeaders\ieHTTPTrace.dll O9 - Extra 'Tools' menuitem: Display ieHTTPHeaders... - {EF3CEDAA-71DE-494f-A700-9648BD0F0BA9} - C:\Program Files\ieHTTPHeaders\ieHTTPTrace.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: *.harvardpilgrim.org O15 - Trusted Zone: *.hphc.org O16 - DPF: {6C64B50D-0472-4CD6-9312-644BEF37D4E6} (CourLocal2 Class) - https://aim.hphc.org/AIM/Courion/AccessOpti...S/CourLocal.CAB O16 - DPF: {7663D970-69AA-40EB-9B59-6C4F02DE264D} (CourLocal Class) - https://aim-dev.hphc.org/AIM/Courion/Access...S/CourLocal.CAB O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://btconferencing.webex.com/client/T27...bex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EHEALTH.HPHC.ORG O17 - HKLM\Software\..\Telephony: DomainName = EHEALTH.HPHC.ORG O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EHEALTH.HPHC.ORG O20 - Winlogon Notify: CMGShieldNP - CmgShieldNP.dll (file missing) O20 - Winlogon Notify: LCredMgr - C:\Program Files\Novell\CASA\bin\lcredmgr.dll O20 - Winlogon Notify: nzrNotifier - nzrNotifier.dll (file missing) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: ABC Client Monitor - ABC Enterprise Systems Ltd. - C:\WINDOWS\ABC\Licenser\i386\clientnt.exe O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Connected\AgentSrv.EXE O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe O23 - Service: CMG Shield (CMGShield) - CREDANT Technologies, Inc. - C:\WINDOWS\system32\CmgShieldSvc.exe O23 - Service: CourClientSvr - Courion Corporation - C:\Program Files\Courion Corporation\Courion Client Manager\CourClientSvr.exe O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe O23 - Service: EMS - CREDANT Technologies, Inc. - C:\WINDOWS\system32\EMSService.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\lotus\notes\nslsvice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe O23 - Service: Monitor System - Unknown owner - C:\WINDOWS\system32\cpsyssrv.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\lotus\notes\ntmulti.exe O23 - Service: Novell Identity Store - Novell, Inc - C:\Program Files\Novell\CASA\bin\micasad.exe O23 - Service: Novell ZENworks Agent Service - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\ZenworksWindowsService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Novell ZENworks Remote Management powered by VNC (nzwinvnc) - Novell, Inc. - C:\Program Files\Novell\ZENworks\bin\nzrWinVNC.exe O23 - Service: QP: Discovery Agent - PS'SOFT - C:\Siaudit2\QPDiscovery.exe O23 - Service: QP: Discovery Update Agent - Unknown owner - C:\Siaudit2\QPDUpdateService.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\windows\drivers\e6400\stacsv.exe O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe O23 - Service: Novell ZENworks Pre Agent (ZENPreAgent) - Unknown owner - C:\WINDOWS\novell\zenworks\bin\ZENPreAgent.exe -- End of file - 12277 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.