projectx Posted August 26, 2008 ID:25881 Share Posted August 26, 2008 Followed all directions. Ran MBAM... logs follow.Can't get Panda to run. Hangs on page:http://*.mcafee.comO16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cabO16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{2EA5393C-E568-4E79-8109-461FDB59FCDF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2F774C72-7808-4276-A161-DC3DCA8B8408}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{32AD9A87-872B-4D6A-A9B0-E52AF943CD5D}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{3C747279-42F4-49B0-81F7-6CD35BBAA08B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA9BBA3-6260-40B0-9A03-45F602E5C1A7}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA82194-9CCB-4475-962A-9A88D8197D6E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO22 - SharedTaskScheduler: werkjdnfi8wnkjmdfdfkefn - {C5AF49A2-94F3-42BD-F434-3604812C897D} - (no file)O23 - Service: McAfee Application Installer Cleanup (0302741219555362) (0302741219555362mcinstcleanup) - Unknown owner - C:\Users\joe\AppData\Local\Temp\030274~1.EXE (file missing)O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
1972vet Posted August 26, 2008 ID:25888 Share Posted August 26, 2008 What threats did ESET find? You're able to paste the logs here, can you run the ESET scan again and save the results...to do this, click "File" from the menu at the top of the browser. Scroll down to and select "Save as" and save it to your desktop. Change the Save as type: to "Text File (*.txt)", leave the file name as it is then click the Save button. Post that text file back here on your next reply. Thanks! Link to post Share on other sites More sharing options...
projectx Posted August 26, 2008 Author ID:25921 Share Posted August 26, 2008 OK, re-ran all apps.1) MBAM Log looks clean. MBAM Logs to follow. 2) Re-ran ESET, found 0 threats - would not let me capture log.3) HJT Logs to follow. Several things look wrong. (see bold) DNS Entries look suspect, some other things are suspect as well.Your thoughts?--------------------------------------------------------------------------------------------------------------MBAM Log--------------------------------------------------------------------------------------------------------------Malwarebytes' Anti-Malware 1.25Database version: 1088Windows 6.0.6000 9:42:59 AM 8/26/2008mbam-log-08-26-2008 (09-42-59).txtScan type: Quick ScanObjects scanned: 47915Time elapsed: 3 minute(s), 30 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)--------------------------------------------------------------------------------------------------------------ESET Capture (garbage)--------------------------------------------------------------------------------------------------------------Free ESET Online Antivirus ScannerGet a FREE Online Virus ScanUse ESET's Online Antivirus Scan and Make Sure Your System Is CleanScanner | More Details | System Requirements | Help | FAQ View Cart Solutions Products Purchase Download Partners Threat Center Support Company Search Global Sites Online Scanner Security Tips Threats Explained Threat Encyclopedia Blog White Papers Newsletter Signup Podcasts RSS | Contact Us | Privacy | Legal Notices | SitemapCopyright Link to post Share on other sites More sharing options...
1972vet Posted August 27, 2008 ID:25951 Share Posted August 27, 2008 I'm puzzled as to why ESET missed the few trojans you still have in residence. ESET of all would certainly have squawked about a few of these but why it reported finding nothing is a mystery...Download and scan with SUPERAntiSpyware Free for Home UsersDouble-click SUPERAntiSpyware.exe and use the default settings for installation. An icon will be created on your desktop. Double-click that icon to launch the program. If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.) Under "Configuration and Preferences", click the Preferences button. Click the Scanning Control tab. Under Scanner Options make sure the following are checked (leave all others unchecked):Close browsers before scanning. Scan for tracking cookies. Terminate memory threats before quarantining.[*]Click the "Close" button to leave the control center screen. [*]Back on the main screen, under "Scan for Harmful Software" click Scan your computer. [*]On the left, make sure you check C:\Fixed Drive. [*]On the right, under "Complete Scan", choose Perform Complete Scan. [*]Click "Next" to start the scan. Please be patient while it scans your computer. [*]After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK". [*]Make sure everything has a checkmark next to it and click "Next". [*]A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu. [*]If asked if you want to reboot, click "Yes". [*]To retrieve the removal information after reboot, launch SUPERAntispyware again.Click Preferences, then click the Statistics/Logs tab. Under Scanner Logs, double-click SUPERAntiSpyware Scan Log. If there are several logs, click the current dated log and press View log. A text file will open in your default text editor. Please copy and paste the Scan Log results in your next reply.[*]Click Close to exit the program. Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26032 Share Posted August 28, 2008 SUPERAntiSpyware is STILL running...so far it has found 2 registry items and 30 file items.21.5 hours and counting. 2.77 million files. wow.normal? Link to post Share on other sites More sharing options...
1972vet Posted August 28, 2008 ID:26038 Share Posted August 28, 2008 Normal? No...that is, if you don't have 2.77 million files. The size of the disk and the amount of files all play a part in the time it takes to complete a scan. Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26039 Share Posted August 28, 2008 I realize that, I just didn''t know if there was a race condition this things gets stuck in where it loops on a subset of files. Link to post Share on other sites More sharing options...
1972vet Posted August 28, 2008 ID:26040 Share Posted August 28, 2008 The scanner shows you a scanning progress at the top of the window. Does it appear stuck on a particular file or is the file path still changing showing each file in succession as it scans? Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26043 Share Posted August 28, 2008 It keeps changing. Seems to spend a good deal of time on DriverStore\FileRepository\* and revisits it often. Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26044 Share Posted August 28, 2008 Here's the Log:SUPERAntiSpyware Scan Loghttp://www.superantispyware.comGenerated 08/27/2008 at 08:32 PMApplication Version : 4.20.1046Core Rules Database Version : 3549Trace Rules Database Version: 1537Scan type : Complete ScanTotal Scan Time : 00:05:04Memory items scanned : 660Memory threats detected : 0Registry items scanned : 8168Registry threats detected : 2File items scanned : 3155782File threats detected : 30Adware.Vundo Variant HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler#{C5AF49A2-94F3-42BD-F434-3604812C897D} HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks#{C3F6F4FE-85F6-4D0C-98DE-15324B09F149}Adware.Tracking Cookie C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@www.googleadservices[3].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@collective-media[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.revsci[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@findwhat[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@msnportalbeetsearchapr2007.112.2o7[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@www.eztrackz[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.adap[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@wmvmedialease[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@trafficmp[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@pro-market[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@specificclick[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@interclick[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@app.insightgrit[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@overture[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@www.googleadservices[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@adbrite[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@revsci[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@anad.tacoda[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@stats.renault[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.motogp[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@tacoda[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@adopt.specificclick[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@stats.renault[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@www.googleadservices[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.monster[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.traderonline[2].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@ads.pointroll[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@click.highspeedbackbone[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@coxhsi.112.2o7[1].txt C:\Users\joe\AppData\Roaming\Microsoft\Windows\Cookies\joe@msnportal.112.2o7[1].txt Link to post Share on other sites More sharing options...
1972vet Posted August 28, 2008 ID:26074 Share Posted August 28, 2008 OK, let's see a fresh HijackThis log. How's it running now? Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26078 Share Posted August 28, 2008 Still a few suspect items. See bold.------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 8:20:41 AM, on 8/28/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exeC:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exeC:\Program Files\AirPort\APAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Steam\Steam.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Pantone\huey\hueyTray.exeC:\Program Files\SolidWorks\swScheduler\swBOEngine.exeC:\Windows\ehome\ehmsas.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Users\joe\AppData\Local\Temp\SolidWorksLicTemp.0001c:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.mcafee.comO17 - HKLM\System\CCS\Services\Tcpip\..\{2EA5393C-E568-4E79-8109-461FDB59FCDF}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{2F774C72-7808-4276-A161-DC3DCA8B8408}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{32AD9A87-872B-4D6A-A9B0-E52AF943CD5D}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{3C747279-42F4-49B0-81F7-6CD35BBAA08B}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{7FA9BBA3-6260-40B0-9A03-45F602E5C1A7}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\..\{BDA82194-9CCB-4475-962A-9A88D8197D6E}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: McAfee Application Installer Cleanup (0302741219555362) (0302741219555362mcinstcleanup) - Unknown owner - C:\Users\joe\AppData\Local\Temp\030274~1.EXE (file missing)O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: Moldflow Product Security (MFPS Daemon) - Unknown owner - C:\PROGRA~1\Moldflow\PRODUC~1\mfpsd.exeO23 - Service: Dimension 3D Printers Service (ModelServerWinServiceP) - Stratasys, Inc. - C:\Program Files\Dimension\CatalystEX 3.0\nt\ModelServer.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Plastics Insight 6.1 Job Manager (synjm61) - Unknown owner - C:\Program Files\Moldflow\Plastics Insight 6.1\bin\mpijm.exeO23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmus.exe (file missing)O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 14025 bytes Link to post Share on other sites More sharing options...
1972vet Posted August 28, 2008 ID:26086 Share Posted August 28, 2008 Please answer this question:How's it running now?...and allow me to point out what is suspect. Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26089 Share Posted August 28, 2008 Seems better, but some programs still are a bit jumpy, slow then normal. Link to post Share on other sites More sharing options...
1972vet Posted August 28, 2008 ID:26095 Share Posted August 28, 2008 The O17 entries relate to http://*.mcafee.comThis entry should have gone away with the first reboot after installation of McAfeeO23 - Service: McAfee Application Installer Cleanup (0302741219555362) (0302741219555362mcinstcleanup) - Unknown owner - C:\Users\joe\AppData\Local\Temp\030274~1.EXE (file missing)Close all windows now except for HijackThis (that includes this browser window), then click the Fix Checked button.Reboot the computer into Safe mode.Once in safe mode and logged on as administrator, please continue with the instructions below:Locate and delete the following files/folders indicated in Bold text:C:\Windows\TEMP\inst1.exeC:\Users\joe\AppData\Local\Temp\winlogan.exeC:\Windows\TEMP\setup1013.exe Reboot and post a fresh HijackThis log. Thanks! Link to post Share on other sites More sharing options...
projectx Posted August 28, 2008 Author ID:26105 Share Posted August 28, 2008 ran all instructions. Logs follow.What is Windows Tribute Service? See bold below.Still require Acrobat 8.0 as it is part of the AdobeCS3 package and can't be removed seperately. Also, don't have distiller upgrade package.---------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:50:27 PM, on 8/28/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\taskeng.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exeC:\Program Files\AirPort\APAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\System32\rundll32.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Pantone\huey\hueyTray.exeC:\Program Files\SolidWorks\swScheduler\swBOEngine.exeC:\Windows\ehome\ehmsas.exeC:\Users\joe\AppData\Local\Temp\SolidWorksLicTemp.0001C:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [solidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /schedulerO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exeO4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeO4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\Users\joe\AppData\Local\Temp\E_S3BCE.tmp" /EF "HKCU"O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\joe\appdata\local\temp\SO5C08~1.SH! (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\joe\appdata\local\temp\SO5C08~1.SH! (User 'Default user')O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exeO4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: McAfee Application Installer Cleanup (0302741219555362) (0302741219555362mcinstcleanup) - Unknown owner - C:\Users\joe\AppData\Local\Temp\030274~1.EXE (file missing)O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel Link to post Share on other sites More sharing options...
1972vet Posted August 29, 2008 ID:26121 Share Posted August 29, 2008 As serious a vulnerability that exists with the out of date Adobe reader, along with the fact that the software author has recommended to update the software...and that you won't comply with those recommendations means we cannot go any further and expect successful results.The McAfee installer cleanup service is harmless...you can delete it using HijackThis. Check the service name to make certain to use the name that appears there. Click start-->run...type services.msc and click "OK". Scroll down that list and locate the McAfee Installer Cleanup and double-click on it. When the Properties box opens, check the Service name...not the display name. Using that Service name, please do the following: Open HijackThis and click the Open the Misc. Tools section button. Next, click the Delete an NT service... button. Copy and paste that service name that you found in the service properties box into the "Delete a Windows NT Service" box that opened.Affirm any prompts. Close HijackThis and reboot the system.Are you having any other issues that we can help with? Link to post Share on other sites More sharing options...
projectx Posted August 29, 2008 Author ID:26210 Share Posted August 29, 2008 Removed installer service. Thanks for the notes.Log follows.I'm working on getting the Adobe Distiller 9.0 package, will take some time but I'll keep pushing.In the meantime I think we've exorcised the demons (daemons!) so thanks for all your patience and assistance.You can probably close this thread.Thanks again.--------------------------------------------------------------------------------------------------------Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:31:36 PM, on 8/29/2008Platform: Windows Vista (WinNT 6.00.1904)MSIE: Internet Explorer v7.00 (7.00.6000.16711)Boot mode: NormalRunning processes:C:\Windows\system32\Dwm.exeC:\Windows\system32\taskeng.exeC:\Windows\Explorer.EXEC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\PowerISO\PWRISOVM.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeC:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exeC:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exeC:\Windows\sttray.exeC:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exeC:\Windows\System32\rundll32.exeC:\Program Files\AirPort\APAgent.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Windows\System32\rundll32.exeC:\Program Files\SiteAdvisor\6261\SiteAdv.exeC:\Program Files\McAfee.com\Agent\mcagent.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeC:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exeC:\Windows\ehome\ehtray.exeC:\Program Files\Windows Media Player\wmpnscfg.exeC:\Program Files\Pantone\huey\hueyTray.exeC:\Program Files\SolidWorks\swScheduler\swBOEngine.exeC:\Windows\ehome\ehmsas.exeC:\Users\joe\AppData\Local\Temp\SolidWorksLicTemp.0001C:\Program Files\Windows Media Player\wmplayer.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\iTunes\iTunes.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://usatoday.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dllO3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dllO4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hideO4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXEO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXEO4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exeO4 - HKLM\..\Run: [sigmatelSysTrayApp] sttray.exeO4 - HKLM\..\Run: [solidWorks_CheckForUpdates] "C:\Program Files\Common Files\SolidWorks Installation Manager\Scheduler\sldIMScheduler.exe" /schedulerO4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStartO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exeO4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files\AirPort\APAgent.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exeO4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exeO4 - HKLM\..\Run: [siteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkeyO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exeO4 - HKCU\..\Run: [iSUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -schedulerO4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exeO4 - HKCU\..\Run: [steam] "c:\program files\steam\steam.exe" -silentO4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exeO4 - HKCU\..\Run: [EPSON Stylus Photo 1400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE /FU "C:\Users\joe\AppData\Local\Temp\E_S3BCE.tmp" /EF "HKCU"O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\joe\appdata\local\temp\SO5C08~1.SH! (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [DelayShred] c:\PROGRA~1\mcafee\mshr\ShrCL.EXE /P7 /q c:\users\joe\appdata\local\temp\SO5C08~1.SH! (User 'Default user')O4 - Startup: SolidWorks Task Scheduler Engine.lnk = C:\Program Files\SolidWorks\swScheduler\swBOEngine.exeO4 - Global Startup: hueyTray.lnk = C:\Program Files\Pantone\huey\hueyTray.exeO8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLLO9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dllO13 - Gopher Prefix: O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dllO23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exeO23 - Service: Apple iPhone Configuration Web Utility - Apple, Inc. - C:\Program Files\Apple\iPhone Configuration Web Utility\iPhoneConfigurationWebUtilityService.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: Marvell RAID Event Agent (Marvell RAID) - Unknown owner - C:\Program Files\Marvell\61xx\svc\mvraidsvc.exeO23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exeO23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exeO23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exeO23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exeO23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exeO23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exeO23 - Service: Moldflow Product Security (MFPS Daemon) - Unknown owner - C:\PROGRA~1\Moldflow\PRODUC~1\mfpsd.exeO23 - Service: Dimension 3D Printers Service (ModelServerWinServiceP) - Stratasys, Inc. - C:\Program Files\Dimension\CatalystEX 3.0\nt\ModelServer.exeO23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exeO23 - Service: MRU Web Service (MRUWebService) - Apache Software Foundation - C:\Program Files\Marvell\61xx\Apache2\bin\Apache.exeO23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exeO23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exeO23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exeO23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exeO23 - Service: Plastics Insight 6.1 Job Manager (synjm61) - Unknown owner - C:\Program Files\Moldflow\Plastics Insight 6.1\bin\mpijm.exeO23 - Service: Windows Tribute Service - Unknown owner - C:\Windows\system32\kdmus.exe (file missing)O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe--End of file - 13353 bytes Link to post Share on other sites More sharing options...
1972vet Posted August 30, 2008 ID:26226 Share Posted August 30, 2008 1972vet asked:Are you having any other issues that we can help with? Link to post Share on other sites More sharing options...
JeanInMontana Posted September 5, 2008 ID:26853 Share Posted September 5, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts