ReneeMichelle
2008-08-06, 00:18
I found out about this nasty piece of work yesterday, when a now on my list member of my family opened an infected file on my computer. I ran PC Tools, Windows Defender, and Spybot S&D and this keeps showing up. I downloaded HJT and this is my log. This is a machine I use in my home; it is not networked. I'd appreciate some help, please.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:51 PM, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\SEAGENT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Print Audit Inc\Print Audit 5\Client\pa5clint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PrintKey\PRINTKEY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\wrmrtr46\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wakemedweb.wakemed.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wakemedweb.wakemed.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMbbeb08a4] Rundll32.exe "C:\WINDOWS\system32\wbguqecr.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5891] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8041] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4408] command /c del "C:\WINDOWS\system32\wbguqecr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7557] cmd /c del "C:\WINDOWS\system32\wbguqecr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6214] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1532] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2579] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7658] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://wakemedweb.wakemed.org
O15 - Trusted Zone: http://*.helpdesk
O15 - Trusted Zone: http://*.scheduling.com
O15 - Trusted Zone: http://*.smnetlinct
O15 - Trusted Zone: http://www.thomsonhc.com
O15 - Trusted Zone: http://scriptnet.wakemed.org
O15 - Trusted Zone: http://*.wakemed.org
O15 - Trusted Zone: http://*.wmcnt046
O15 - Trusted Zone: http://*.wmcnt047
O15 - Trusted Zone: http://*.helpdesk (HKLM)
O15 - Trusted Zone: http://*.scheduling.com (HKLM)
O15 - Trusted Zone: http://www.thomsonhc.com (HKLM)
O15 - Trusted Zone: http://*.wakemed.org (HKLM)
O15 - Trusted Zone: http://*.wmcnt046 (HKLM)
O15 - Trusted Zone: http://*.wmcnt047 (HKLM)
O16 - DPF: BBTActiveXCryptoInstall - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/BBTActiveXCryptoInstall.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41FC6285-5B23-4B01-81FF-128488A54F8A} - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/softmednetclientcore.cab
O16 - DPF: {43FD544E-CA49-4E7C-AA2D-EAC09DE389C2} (ExpresivNC.ExpresivNetClient) - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/SoftMedNetClient.cab
O16 - DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} (DshSetForegroundWin Class) - http://clinicalview.wakemed.org/dsh/prod/html/SMSDSHSETFOREGROUND.CAB
O16 - DPF: {5929AFC0-A272-40BF-AEF1-038521950846} (Sheller Class) - http://clinicalview.wakemed.org/dsh/prod/html/SmsDshSheller2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217897612647
O16 - DPF: {CFDCBEFF-24E5-49B9-9172-91D7E2C834F2} - http://smnetlinct/netclient/softmednetclientcore.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://access.wakemed.org/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5353/mcfscan.cab
O16 - DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} (Download Class) - http://clinicalview.wakemed.org/dsh/prod/html/SmsDshDownload.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\Software\..\Telephony: DomainName = wakemed.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wakemed.org
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Altiris Security Audit Agent (SEAGENT) - Altiris - C:\WINDOWS\system32\SEAGENT.EXE
--
End of file - 9651 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:00:51 PM, on 8/5/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Altiris\AClient\AClient.exe
C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
C:\WINDOWS\system32\ccsrvc.exe
C:\Program Files\Altiris\Carbon Copy\shellker.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\SEAGENT.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\PROGRA~1\Altiris\CARBON~1\client.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\Program Files\Altiris\AClient\AClntUsr.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Network Associates\Common Framework\McTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Print Audit Inc\Print Audit 5\Client\pa5clint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\PrintKey\PRINTKEY.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\wrmrtr46\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://wakemedweb.wakemed.org
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://wakemedweb.wakemed.org/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [BMbbeb08a4] Rundll32.exe "C:\WINDOWS\system32\wbguqecr.dll",s
O4 - HKLM\..\RunOnce: [Spybot - Search & Destroy] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA5891] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC8041] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4408] command /c del "C:\WINDOWS\system32\wbguqecr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7557] cmd /c del "C:\WINDOWS\system32\wbguqecr.dll_old"
O4 - HKLM\..\RunOnce: [SpybotDeletingA6214] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC1532] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2579] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O4 - HKLM\..\RunOnce: [SpybotDeletingC7658] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://wakemedweb.wakemed.org
O15 - Trusted Zone: http://*.helpdesk
O15 - Trusted Zone: http://*.scheduling.com
O15 - Trusted Zone: http://*.smnetlinct
O15 - Trusted Zone: http://www.thomsonhc.com
O15 - Trusted Zone: http://scriptnet.wakemed.org
O15 - Trusted Zone: http://*.wakemed.org
O15 - Trusted Zone: http://*.wmcnt046
O15 - Trusted Zone: http://*.wmcnt047
O15 - Trusted Zone: http://*.helpdesk (HKLM)
O15 - Trusted Zone: http://*.scheduling.com (HKLM)
O15 - Trusted Zone: http://www.thomsonhc.com (HKLM)
O15 - Trusted Zone: http://*.wakemed.org (HKLM)
O15 - Trusted Zone: http://*.wmcnt046 (HKLM)
O15 - Trusted Zone: http://*.wmcnt047 (HKLM)
O16 - DPF: BBTActiveXCryptoInstall - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/BBTActiveXCryptoInstall.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41FC6285-5B23-4B01-81FF-128488A54F8A} - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/softmednetclientcore.cab
O16 - DPF: {43FD544E-CA49-4E7C-AA2D-EAC09DE389C2} (ExpresivNC.ExpresivNetClient) - http://scriptnet.wakemed.org/SoftMedSPF/Modules/WorkList/Controls/SoftMedNetClient.cab
O16 - DPF: {575AC44B-C254-48B4-8102-20F29D72A60E} (DshSetForegroundWin Class) - http://clinicalview.wakemed.org/dsh/prod/html/SMSDSHSETFOREGROUND.CAB
O16 - DPF: {5929AFC0-A272-40BF-AEF1-038521950846} (Sheller Class) - http://clinicalview.wakemed.org/dsh/prod/html/SmsDshSheller2.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217897612647
O16 - DPF: {CFDCBEFF-24E5-49B9-9172-91D7E2C834F2} - http://smnetlinct/netclient/softmednetclientcore.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupSP1 Control) - https://access.wakemed.org/dana-cached/setup/JuniperSetupSP1.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5353/mcfscan.cab
O16 - DPF: {FD0ECA0C-6403-48CB-91C0-6C73EF7771AA} (Download Class) - http://clinicalview.wakemed.org/dsh/prod/html/SmsDshDownload.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\Software\..\Telephony: DomainName = wakemed.org
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = wakemed.org
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = wakemed.org
O23 - Service: Altiris Client Service (AClient) - Altiris, Inc. - C:\Program Files\Altiris\AClient\AClient.exe
O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe
O23 - Service: Altiris Carbon Copy (CarbonCopy32) - Altiris - C:\WINDOWS\system32\ccsrvc.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: DameWare Mini Remote Control (DWMRCS) - DameWare Development LLC - C:\WINDOWS\SYSTEM32\DWRCS.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Altiris Security Audit Agent (SEAGENT) - Altiris - C:\WINDOWS\system32\SEAGENT.EXE
--
End of file - 9651 bytes