Valiante
2008-07-23, 14:35
One of our workstations was infected with various malware, including the braviax.exe process, etc. Got that cleaned up after numerous safe-mode configurations that actually allowed Spybot to run. Once it had cleaned once, all was well.
Trouble is, now the SERVER's exhibiting almost exactly the same symptoms, with the exception of the braviax.exe process. I can't launch Spybot or Internet Explorer and I can't boot in safemode as this is a live box.
Below is my HiJackThis log. Is there anything I can do?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:45, on 23/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINNT\system32\ntfrs.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
c:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\WinRoute Pro\wrctrl.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\WinRoute Pro\wrctrl.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC DVR-4-Net.lnk = C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164051388031
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB5431E8-87F9-44DC-B2DF-81627BE530AC}: NameServer = 192.168.15.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O23 - Service: Network Associates Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: McAfee GroupShield Exchange (AVExch32Service) - Network Associates, Inc. - C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Unknown owner - C:\Temp\DSET\dataeng\bin\dcstor32.exe (file missing)
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
--
End of file - 11580 bytes
Trouble is, now the SERVER's exhibiting almost exactly the same symptoms, with the exception of the braviax.exe process. I can't launch Spybot or Internet Explorer and I can't boot in safemode as this is a live box.
Below is my HiJackThis log. Is there anything I can do?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:26:45, on 23/07/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\WINNT\system32\cba\pds.exe
C:\WINNT\System32\llssrv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
C:\Program Files\Microsoft BackOffice\Connectivity\POP3 Connector\vmimb.exe
C:\Program Files\Microsoft SQL Server\MSSQL$BKUPEXEC\Binn\sqlservr.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
C:\WINNT\system32\ntfrs.exe
C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\System32\locator.exe
C:\WINNT\system32\r_server.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\wins.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\tcpsvcs.exe
C:\WINNT\System32\dns.exe
C:\WINNT\system32\ams_ii\hndlrsvc.exe
C:\WINNT\system32\MsgSys.EXE
C:\WINNT\system32\ams_ii\iao.exe
C:\WINNT\system32\cba\xfr.exe
C:\WINNT\System32\ismserv.exe
C:\WINNT\System32\modemshr.exe
C:\WINNT\System32\msdtc.exe
D:\Program Files\Exchsrvr\bin\exmgmt.exe
D:\Program Files\Exchsrvr\bin\mad.exe
C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe
c:\Program Files\Microsoft Shared Fax\Bin\FXSSVC.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlagent.exe
C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
D:\Program Files\Exchsrvr\bin\store.exe
D:\Program Files\Exchsrvr\bin\emsmta.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
C:\Program Files\McAfee\GroupShield Exchange\i386\odcmd.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\WINNT\system32\atiptaxx.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
C:\Program Files\WinRoute Pro\wrctrl.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\rdpclip.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\PFU\ScanSnap\PfuSsSct.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\WinRoute Pro\wrctrl.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = SERVER:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [PRONoMgr.exe] c:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [PfuSsSct.exe] C:\Program Files\PFU\ScanSnap\PfuSsSct.exe /Station
O4 - HKLM\..\Run: [VxTaskbarMgr] C:\Program Files\VERITAS\VxUpdate\VxTaskbarMgr.exe
O4 - HKCU\..\Run: [WrCtrl] "C:\Program Files\WinRoute Pro\wrctrl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKUS\.DEFAULT\..\Run: [internat.exe] internat.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Global Startup: CardMinder Viewer.lnk = C:\Program Files\PFU\ScanSnap\CardMinder V3.0\CardLauncher.exe
O4 - Global Startup: Conversion to PDF with ScanSnap Organizer.lnk = C:\Program Files\PFU\ScanSnap\Organizer\Ocr\PfuSsOrgOcr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PC DVR-4-Net.lnk = C:\Program Files\PC DVR-4-Net\PC DVR-4-Net\PC DVR-4-Net.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: ScanSnap Manager.lnk = C:\Program Files\PFU\ScanSnap\Driver\PfuSsMon.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1164051388031
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{AB5431E8-87F9-44DC-B2DF-81627BE530AC}: NameServer = 192.168.15.2
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = CBAC-AIRCON.local
O23 - Service: Network Associates Alert Manager (AlertManager) - McAfee Division of Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Alert Manager\amgrsrvc.exe
O23 - Service: McAfee GroupShield Exchange (AVExch32Service) - Network Associates, Inc. - C:\Program Files\McAfee\GroupShield Exchange\i386\AVExch32.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Backup Exec Remote Agent for Windows Servers (BackupExecAgentAccelerator) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beremote.exe
O23 - Service: Backup Exec Agent Browser (BackupExecAgentBrowser) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benetns.exe
O23 - Service: Backup Exec Device & Media Service (BackupExecDeviceMediaService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\pvlsvr.exe
O23 - Service: Backup Exec Job Engine (BackupExecJobEngine) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\bengine.exe
O23 - Service: Backup Exec Naming Service (BackupExecNamingService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\benser.exe
O23 - Service: Backup Exec Server (BackupExecRPCService) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\beserver.exe
O23 - Service: Systems Management Data Manager (dcstor32) - Unknown owner - C:\Temp\DSET\dataeng\bin\dcstor32.exe (file missing)
O23 - Service: ExecView Communication Module (ECM) (ECM Service) - VERITAS Software Corporation - C:\Program Files\VERITAS\Backup Exec\NT\ECM\ECM.exe
O23 - Service: Microsoft H.323 Gatekeeper (GKSVC) - Unknown owner - svchost.exe (file missing)
O23 - Service: Intel Alert Handler - Intel® Corporation - C:\WINNT\system32\ams_ii\hndlrsvc.exe
O23 - Service: Intel Alert Originator - Intel® Corporation - C:\WINNT\system32\ams_ii\iao.exe
O23 - Service: Intel File Transfer - Intel® Corporation - C:\WINNT\system32\cba\xfr.exe
O23 - Service: Intel PDS - Intel® Corporation - C:\WINNT\system32\cba\pds.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: mr2kserv - Unknown owner - C:\Program Files\Dell\OpenManage\Array Manager\mr2kserv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - c:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: McAfee Log Service (Network Associates Log Service) - Network Associates, Inc. - C:\Program Files\Common Files\McAfee\log and quarantine\bin\i386\NAIlgpip.exe
O23 - Service: McAfee Outbreak Manager (Outbreak Manager) - Network Associates, Inc. - C:\Program Files\Common Files\Network Associates\Outbreak Manager\Outbreak.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINNT\system32\r_server.exe
O23 - Service: Disk Management Service (VxSvc) - VERITAS Software Corp. - C:\Program Files\Dell\OpenManage\Array Manager\VxSvc.exe
--
End of file - 11580 bytes