Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Hijack then Generic Win32 error now locksup on Startup


  • This topic is locked This topic is locked
36 replies to this topic

#1 jason70

jason70

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 22 November 2010 - 03:17 PM

The first problem was Google being Hijacked. Eventually the computer slowed down to the point it was unusable. Booted with Ubuntu Linux and ran several Anti-virus scans which found items and removed them. I was able to again get booted into Windows. Ran several other Ad-ware, Malware scans which also found item. System would work okay except that I kept getting a Generic Win32 Error. Details gives a directory and lists svchost.exe.mdmp and appcompat.txt

appcomp.txt file contents.
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="SYSTEM INFO" FILTER="GRABMI_FILTER_SYSTEM">
<MATCHING_FILE NAME="advapi32.dll" SIZE="617472" CHECKSUM="0xA0887D0D" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="Advanced Windows 32 Base API" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="advapi32.dll" INTERNAL_NAME="advapi32.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xA5BB8" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="gdi32.dll" SIZE="286720" CHECKSUM="0x98314A3F" BIN_FILE_VERSION="5.1.2600.5698" BIN_PRODUCT_VERSION="5.1.2600.5698" PRODUCT_VERSION="5.1.2600.5698" FILE_DESCRIPTION="GDI Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5698 (xpsp_sp3_gdr.081022-1932)" ORIGINAL_FILENAME="gdi32" INTERNAL_NAME="gdi32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x4CE95" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5698" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5698" LINK_DATE="10/23/2008 12:36:14" UPTO_LINK_DATE="10/23/2008 12:36:14" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="kernel32.dll" SIZE="989696" CHECKSUM="0x2D998938" BIN_FILE_VERSION="5.1.2600.5781" BIN_PRODUCT_VERSION="5.1.2600.5781" PRODUCT_VERSION="5.1.2600.5781" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5781 (xpsp_sp3_gdr.090321-1317)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xFE572" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5781" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5781" LINK_DATE="03/21/2009 14:06:58" UPTO_LINK_DATE="03/21/2009 14:06:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ntdll.dll" SIZE="714752" CHECKSUM="0xC695BA95" BIN_FILE_VERSION="5.1.2600.5755" BIN_PRODUCT_VERSION="5.1.2600.5755" PRODUCT_VERSION="5.1.2600.5755" FILE_DESCRIPTION="NT Layer DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5755 (xpsp_sp3_gdr.090206-1234)" ORIGINAL_FILENAME="ntdll.dll" INTERNAL_NAME="ntdll.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xBC674" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5755" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5755" LINK_DATE="02/09/2009 12:10:48" UPTO_LINK_DATE="02/09/2009 12:10:48" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="ole32.dll" SIZE="1287168" CHECKSUM="0xB764FEEA" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Microsoft OLE for Windows" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2108)" ORIGINAL_FILENAME="OLE32.DLL" INTERNAL_NAME="OLE32.DLL" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x14744B" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:57" UPTO_LINK_DATE="04/14/2008 00:10:57" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="oleaut32.dll" SIZE="551936" CHECKSUM="0xE8E0E87" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" COMPANY_NAME="Microsoft Corporation" FILE_VERSION="5.1.2600.5512" INTERNAL_NAME="OLEAUT32.DLL" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1993-2001." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8D4E3" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:10:58" UPTO_LINK_DATE="04/14/2008 00:10:58" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="shell32.dll" SIZE="8462336" CHECKSUM="0xFF3C2DF9" BIN_FILE_VERSION="6.0.2900.6018" BIN_PRODUCT_VERSION="6.0.2900.6018" PRODUCT_VERSION="6.00.2900.6018" FILE_DESCRIPTION="Windows Shell Common Dll" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="6.00.2900.6018 (xpsp_sp3_gdr.100726-1746)" ORIGINAL_FILENAME="SHELL32.DLL" INTERNAL_NAME="SHELL32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x813ADA" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="6.0.2900.6018" UPTO_BIN_PRODUCT_VERSION="6.0.2900.6018" LINK_DATE="07/27/2010 06:30:34" UPTO_LINK_DATE="07/27/2010 06:30:34" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="user32.dll" SIZE="578560" CHECKSUM="0x6280E825" BIN_FILE_VERSION="5.1.2600.5512" BIN_PRODUCT_VERSION="5.1.2600.5512" PRODUCT_VERSION="5.1.2600.5512" FILE_DESCRIPTION="Windows XP USER API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.1.2600.5512 (xpsp.080413-2105)" ORIGINAL_FILENAME="user32" INTERNAL_NAME="user32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x8FC76" LINKER_VERSION="0x50001" UPTO_BIN_FILE_VERSION="5.1.2600.5512" UPTO_BIN_PRODUCT_VERSION="5.1.2600.5512" LINK_DATE="04/14/2008 00:11:07" UPTO_LINK_DATE="04/14/2008 00:11:07" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="wininet.dll" SIZE="832512" CHECKSUM="0x3CC34994" BIN_FILE_VERSION="7.0.6000.17080" BIN_PRODUCT_VERSION="7.0.6000.17080" PRODUCT_VERSION="7.00.6000.17080" FILE_DESCRIPTION="Internet Extensions for Win32" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Windows® Internet Explorer" FILE_VERSION="7.00.6000.17080 (vista_gdr.100616-0452)" ORIGINAL_FILENAME="wininet.dll" INTERNAL_NAME="wininet.dll" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0xD7F69" LINKER_VERSION="0x60000" UPTO_BIN_FILE_VERSION="7.0.6000.17080" UPTO_BIN_PRODUCT_VERSION="7.0.6000.17080" LINK_DATE="06/24/2010 12:15:28" UPTO_LINK_DATE="06/24/2010 12:15:28" VER_LANGUAGE="English (United States) [0x409]" />
<MATCHING_FILE NAME="winsock.dll" SIZE="2864" CHECKSUM="0x73AE8088" BIN_FILE_VERSION="3.10.0.103" BIN_PRODUCT_VERSION="3.10.0.103" PRODUCT_VERSION="3.10" FILE_DESCRIPTION="Windows Socket 16-Bit DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows™ Operating System" FILE_VERSION="3.10" ORIGINAL_FILENAME="WINSOCK.DLL" INTERNAL_NAME="WINSOCK" LEGAL_COPYRIGHT="Copyright © Microsoft Corp. 1981-1996" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x10001" VERFILETYPE="0x2" MODULE_TYPE="WIN16" S16BIT_DESCRIPTION="BSD Socket API for Windows" S16BIT_MODULE_NAME="WINSOCK" UPTO_BIN_FILE_VERSION="3.10.0.103" UPTO_BIN_PRODUCT_VERSION="3.10.0.103" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>

System would work pretty good until that error then it would just lock up.
Tried to run a Kasperksy online scan. It failed and I thought AVG was interfering so tried to uninstall AVG and it locked up. Tried to reboot and now if locks up after login. I get my desktop image, but no taskbar or start menu.

Have scanned with:

AVG Free 2011
Spy Bot S&D
Malware

I am pretty sure that the AVG unistall not finishing is causing my lockup after startup, but now I can't get booted to finish.

Safe mode results in a blue screen.

Re-install of Windows is not a preferred option.

I have a Registry backup from before the problems if I could just get it restored.

Any suggestions?

After allowing it to just sit there for about an hour, it finally finished loading windows.

Restarted and it is taking a long time to load again.

Merged posts. ~ OB

Hijack This Report

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:04:57, on 11/23/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17080)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Northwind\Desktop\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\regedit.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-1194882813-1188430357-3457618224-1005\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User '?')
O4 - HKUS\S-1-5-21-1194882813-1188430357-3457618224-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-1194882813-1188430357-3457618224-1005\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (User '?')
O4 - HKUS\.DEFAULT\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (User 'Default user')
O4 - S-1-5-21-1194882813-1188430357-3457618224-1005 Startup: AutorunsDisabled (User '?')
O4 - Startup: AutorunsDisabled
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} (Cisco Systems WebVPN Relay Loader) - https://connect.delmonte.com/+CSCOL+/relayp.cab
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/SW/ENU/VS40/bin/myCioAgt.20060504183849.cab
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect VPN Client Web Control) - https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204669671281
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} (NELaunchCtrl Class) - https://officena.fujifilmsericol.com/NELX.cab
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} (PlayerPT Control) - http://192.168.0.151/PlayerPT.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://iwon.oberon-media.com/online/online2/bejeweled2/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://bradycorp.webex.com/client/T26L/event/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O17 - HKLM\System\CCS\Services\Tcpip\..\{A9972C15-44CB-42A0-B708-E8B2CFD0355E}: NameServer = 65.64.178.3,4.2.2.1
O18 - Protocol: AutorunsDisabled - (no CLSID) - (no file)
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll
O20 - Winlogon Notify: AutorunsDisabled - Invalid registry found
O21 - SSODL: veliyibib - {c75090d9-1c92-49af-bdf5-f2601185e906} - (no file)
O21 - SSODL: bikesizaw - {f57dd996-c839-4180-8b1d-7f3c2cee5418} - (no file)
O21 - SSODL: tofutamar - {c7218411-d672-401a-bfd9-94bff4a45ac9} - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: mujuzedij - {c75090d9-1c92-49af-bdf5-f2601185e906} - (no file)
O22 - SharedTaskScheduler: gahurihor - {f57dd996-c839-4180-8b1d-7f3c2cee5418} - (no file)
O22 - SharedTaskScheduler: jugezatag - {c7218411-d672-401a-bfd9-94bff4a45ac9} - (no file)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

--
End of file - 7669 bytes

Spybot S&D run on 11-23-10 - No infections found

Malwarebytes run on 11-23-10 - Quick Scan - No Infected Items found.

Edited by jason70, 23 November 2010 - 09:38 AM.


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 01 December 2010 - 09:16 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 01 December 2010 - 10:05 AM

Thank you for your response.

I have not resolved my issue yet.

I have attached the Attach.txt file and here is the DDS.txt log:


DDS (Ver_10-11-27.01) - NTFSx86
Run by NorthWind at 8:34:08.87 on Wed 12/01/2010
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_21

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\crypserv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\WINDOWS\system32\hasplms.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Documents and Settings\Northwind\Desktop\procexp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Northwind\Desktop\dds.com
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k eapsvcs
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k dot3svc
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
uSearch Page = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uSearch Bar = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/hws/sb/dell-inc/en/side.html?channel=us
BHO: AutorunsDisabled - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [AdaptecDirectCD] c:\program files\adaptec\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"
mRun: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [openvpn-gui] c:\program files\openvpn\bin\openvpn-gui.exe
mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe
mRun: [QuickFinder Scheduler] "c:\program files\corel\wordperfect office 2002\programs\QFSCHD100.EXE"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe
mRun: [NWTRAY] NWTRAY.EXE
mRunOnce: [Easy Synchronization] c:\program files\logitech\easy synchronization\LogitechEasySync.exe --ports
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10c.exe
mPolicies-system: CompatibleRUPSecurity = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {4B30061A-5B39-11D3-80F8-0090276F843F} - c:\program files\net2phone\Net2fone.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://connect.delmonte.com/+CSCOL+/relayp.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204669671281
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://officena.fujifilmsericol.com/NELX.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} - hxxp://192.168.0.151/PlayerPT.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://iwon.oberon-media.com/online/online2/bejeweled2/popcaploader_v6.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://bradycorp.webex.com/client/T26L/event/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: {A9972C15-44CB-42A0-B708-E8B2CFD0355E} = 65.64.178.3,4.2.2.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
Notify: LMIinit - LMIinit.dll
AppInit_DLLs: c:\windows\system32\fufalovi.dll c:\windows\system32\sidomuri.dll rafesumu.dll c:\windows\system32\fofapuji.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: veliyibib - {c75090d9-1c92-49af-bdf5-f2601185e906} - No File
SSODL: bikesizaw - {f57dd996-c839-4180-8b1d-7f3c2cee5418} - No File
SSODL: tofutamar - {c7218411-d672-401a-bfd9-94bff4a45ac9} - No File
STS: {c75090d9-1c92-49af-bdf5-f2601185e906} - No File
STS: {f57dd996-c839-4180-8b1d-7f3c2cee5418} - No File
STS: {c7218411-d672-401a-bfd9-94bff4a45ac9} - No File
SEH: ShellExecuteHook class: {fe24cd78-7c63-465d-8787-4edf7fc79895} - c:\program files\logitech\easy synchronization\shellexecutehook.dll
LSA: Authentication Packages = msv1_0 nwv1_0
Hosts: 127.0.0.1 www.spywareinfo.com
Hosts: 192.168.0.1 northwind_srv
Hosts: 192.168.20.11 hmi-server

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\northw~1\applic~1\mozilla\firefox\profiles\xp0402uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
FF - plugin: c:\documents and settings\northwind\application data\mozilla\firefox\profiles\xp0402uv.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\docume~1\northw~1\applic~1\mozilla\firefox\profiles\xp0402uv.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\northw~1\applic~1\mozilla\firefox\profiles\xp0402uv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

============= SERVICES / DRIVERS ===============

R? afcdpsrv;Acronis Nonstop Backup service
R? LMIRfsClientNP;LMIRfsClientNP
R? LogReceiver;LogReceiver
R? MfeAVFK;McAfee Inc. MfeAVFK
R? MfeBOPK;McAfee Inc. MfeBOPK
R? MfeRKDK;McAfee Inc. MfeRKDK
R? pcidnt;A-B 1784-PCIDS
R? PulseUsb;Livescribe Pulse Smartpen USB Driver
R? Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger
R? Rockwell HMI Backup Server;Rockwell HMI Backup Server
R? RSI-PKTX-A;RSI-PKTX-A
R? RsiKtControl;RsiKtControl
R? RSLINXNGKtControl;RSLINXNGKtControl
R? RSSERIAL;RSLinx Classic Serial Driver
R? SmartpenBus;Smartpen Enumerator
R? SmartpenCom;Smartpen Communications
R? Viewpoint Manager Service;Viewpoint Manager Service
R? VirtualBackplane;A-B Virtual Backplane
R? vsdatant;vsdatant
R? Wibukey2;Wibukey2
S? afcdp;afcdp
S? EventServer;Rockwell Event Server
S? FTActivationBoost;FactoryTalk Activation Helper
S? FTAE_Archiver;Rockwell Alarm History Archiver
S? FTAE_HistServ;Rockwell Alarm Historian
S? hasplms;HASP License Manager
S? LBeepKE;LBeepKE
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? mfehidk;McAfee Inc. mfehidk
S? NA_Service;NetAccess Service
S? NmspHost;Rockwell Namespace Services
S? PenCommService;Livescribe Pulse Smartpen Service
S? RCFOX;SonicWALL IPsec Driver
S? rcvpn;SonicWALL VPN Adapter
S? RdcyHost;Rockwell Redundancy Services
S? RnaAeServer;Rockwell Alarm Server
S? RnaAlarmMux;Rockwell Alarm Multiplexer
S? Rockwell HMI Framework;Rockwell HMI Framework
S? SSLDrv;SSL-VPN NetExtender Adapter
S? tap0801;TAP-Win32 Adapter V8
S? tdrpman258;Acronis Try&Decide and Restore Points filter (build 258)
S? TVicLPT;TVicLPT
S? uvnc_service;uvnc_service
S? vnccom;vnccom
S? vpnagent;Cisco AnyConnect VPN Agent

=============== File Associations ===============

.scr=AutoCADLTScriptFile

=============== Created Last 30 ================

2010-11-29 20:54:38 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-29 20:48:05 306 ----a-w- c:\windows\myClean.bat
2010-11-29 20:46:48 -------- d-----w- c:\docume~1\northw~1\applic~1\MSNInstaller
2010-11-26 20:36:22 -------- d-----w- C:\downloads
2010-11-19 16:18:04 -------- d-----w- c:\windows\pss
2010-11-17 21:49:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-17 21:49:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-11-17 19:36:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG
2010-11-17 16:16:22 -------- d-----w- c:\docume~1\northw~1\applic~1\AVG10
2010-11-17 16:14:15 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2010-11-17 16:12:46 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2010-11-17 16:03:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2010-11-17 15:23:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\IObit
2010-11-17 14:33:16 -------- d-----w- c:\program files\IObit
2010-11-17 14:33:16 -------- d-----w- c:\docume~1\northw~1\applic~1\IObit
2010-11-16 14:19:36 -------- d---a-w- C:\0-antivirus4linux

==================== Find3M ====================


=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD16 rev.20.0 -> Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x89F43ACE]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV ECX, [EBP+0x8]; MOV EAX, [0x89f4a260]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; CMP ECX, [0x89f4a1e4]; JNZ 0x22; MOV ECX, EAX; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A998030]
3 CLASSPNP[0xBA0E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x89F3EA28]
\Driver\iaStor[0x89F8A8C0] -> IRP_MJ_CREATE -> 0x89F43ACE
kernel: MBR read successfully
_asm { CLI ; MOV AX, 0x1000; MOV SS, AX; MOV SP, 0xb000; MOV AX, 0x0; MOV DS, AX; MOV ES, AX; STI ; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; REP MOVSB ; JMP FAR 0x0:0x621; }
detected disk devices:
\Device\Ide\IAAStorageDevice-0 -> \??\IDE#DiskWDC_WD1600ADFD-75NLR1___________________20.07P20#4&72dddc1&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\iaStor DriverStartIo -> 0x89F43999
user != kernel MBR !!!
Warning: possible TDL4 rootkit infection !
TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

============= FINISH: 8:45:40.37 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 01 December 2010 - 08:15 PM

Hello, jason70.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.







Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.






IMPORTANT: This also appears to be a corporate computer which may be governed by your corporate IT policies. By continuing with this thread, you acknowledge that you understand your IT policies and take full responsibility for anything we do past this point.


Your logs do show signs of infection.



Step 1


You have Advanced SystemCare 3 installed on your system. This is a known rogue program.

Please remove this program via Add/Remove Programs.

It is also a registry cleaner:




Registry Cleaner Warning


I also see that you have a registry cleaner installed (in your case Advanced System Care 3). Here at BC, we do not recommend using registry cleaners. If you do use it, make sure to use a tool like ERUNT to back up your registry first. Merely backing it up yourself via regedit wont' help you if you can't boot up as a result!

See here for more information:
http://www.bleepingcomputer.com/forums/index.php?showtopic=238799&st=0&p=1326578&#entry1326578












Step 2

  • Download TDSSKiller.exe and save it to your desktop.
  • Double-click TDSSKiller.exe to run it.
  • Under "Objects to scan" ensure both "Services and Drivers" and "Boot Sectors" are checked.
  • Click Start scan and allow it to scan for Malicious objects.
  • If malicious objects are found, the default action will be Cure, ensure Cure is selected then click Continue.
  • If suspicious objects are detected, the default action will be Skip, ensure Skip is selected then click Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now and allow the computer to reboot.
  • A log will be created on your root (usually C:) drive. The log is like UtilityName.Version_Date_Time_log.txt.
    for example, C:\TDSSKiller.2.4.1.2_20.04.2010_15.31.43_log.txt
  • If no reboot is required, click on Report. A log file should appear.
  • Please post the contents of the logfile in your next reply

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 December 2010 - 09:21 AM

Thank you for your response and instructions.

I plan to try to clean this drive for now, but will likely reformat and start over in the near term. I will probably keep this computer off of the internet and use a second computer for that until the reformat.

I will let you know when I have completed the items.

Thanks

#6 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 02 December 2010 - 11:21 AM

I followed all of your instructions and the TDSSkiller found Rootkit.Win32.TDSS.tdl4.

I selected cure just as it suggested and pressed the reboot now button when requested.

After it rebooted, I ran the scan again and nothing was found.

Here is the log from the first scan.


2010/12/02 09:47:35.0250 TDSS rootkit removing tool 2.4.10.0 Nov 28 2010 18:35:56
2010/12/02 09:47:35.0250 ================================================================================
2010/12/02 09:47:35.0250 SystemInfo:
2010/12/02 09:47:35.0250
2010/12/02 09:47:35.0250 OS Version: 5.1.2600 ServicePack: 3.0
2010/12/02 09:47:35.0250 Product type: Workstation
2010/12/02 09:47:35.0250 ComputerName: PC017
2010/12/02 09:47:35.0250 UserName: Northwind
2010/12/02 09:47:35.0250 Windows directory: C:\WINDOWS
2010/12/02 09:47:35.0250 System windows directory: C:\WINDOWS
2010/12/02 09:47:35.0250 Processor architecture: Intel x86
2010/12/02 09:47:35.0265 Number of processors: 4
2010/12/02 09:47:35.0265 Page size: 0x1000
2010/12/02 09:47:35.0265 Boot type: Normal boot
2010/12/02 09:47:35.0265 ================================================================================
2010/12/02 09:47:35.0531 Initialize success
2010/12/02 09:47:57.0500 ================================================================================
2010/12/02 09:47:57.0500 Scan started
2010/12/02 09:47:57.0500 Mode: Manual;
2010/12/02 09:47:57.0500 ================================================================================
2010/12/02 09:47:57.0796 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2010/12/02 09:47:57.0828 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/12/02 09:47:57.0843 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/12/02 09:47:57.0890 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2010/12/02 09:47:57.0906 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/12/02 09:47:57.0953 afcdp (ef1afa9752e468013584585666a3b119) C:\WINDOWS\system32\DRIVERS\afcdp.sys
2010/12/02 09:47:57.0984 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/12/02 09:47:58.0015 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/12/02 09:47:58.0031 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2010/12/02 09:47:58.0062 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2010/12/02 09:47:58.0078 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2010/12/02 09:47:58.0109 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2010/12/02 09:47:58.0140 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
2010/12/02 09:47:58.0171 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys
2010/12/02 09:47:58.0203 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
2010/12/02 09:47:58.0218 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys
2010/12/02 09:47:58.0265 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2010/12/02 09:47:58.0281 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2010/12/02 09:47:58.0296 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2010/12/02 09:47:58.0328 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2010/12/02 09:47:58.0343 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2010/12/02 09:47:58.0359 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2010/12/02 09:47:58.0390 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2010/12/02 09:47:58.0421 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/12/02 09:47:58.0437 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/12/02 09:47:58.0515 ati2mtag (8a1a80ef7455244530b117eead8a427f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2010/12/02 09:47:58.0562 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/12/02 09:47:58.0593 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/12/02 09:47:58.0609 b57w2k (8c0403aa21029804f31d869e6b0adedf) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2010/12/02 09:47:58.0656 BANTExt (5d7be7b19e827125e016325334e58ff1) C:\WINDOWS\System32\Drivers\BANTExt.sys
2010/12/02 09:47:58.0687 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/12/02 09:47:58.0718 btaudio (0f249be872f618aaba8d641e81aa3d21) C:\WINDOWS\system32\drivers\btaudio.sys
2010/12/02 09:47:58.0750 BTDriver (07f0a66cfa550b13ad0674ae09e3cba0) C:\WINDOWS\system32\DRIVERS\btport.sys
2010/12/02 09:47:58.0781 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
2010/12/02 09:47:58.0796 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
2010/12/02 09:47:58.0843 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
2010/12/02 09:47:58.0875 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
2010/12/02 09:47:58.0921 BTKRNL (ade37ab15c958f5db2f85431cca8763a) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
2010/12/02 09:47:58.0968 btwhid (6beb0adaa3d2b80e6515eec5d03b7540) C:\WINDOWS\system32\DRIVERS\btwhid.sys
2010/12/02 09:47:59.0000 BTWUSB (a01fd9851406de0870c23759e2f7b6ea) C:\WINDOWS\system32\Drivers\btwusb.sys
2010/12/02 09:47:59.0015 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2010/12/02 09:47:59.0031 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/12/02 09:47:59.0062 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2010/12/02 09:47:59.0078 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/12/02 09:47:59.0109 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/12/02 09:47:59.0140 Cdr4_xp (658cdea65fffac193482e10407e45da1) C:\WINDOWS\system32\drivers\Cdr4_xp.sys
2010/12/02 09:47:59.0156 Cdralw2k (6123da1ec51f4f016554535b88befbf6) C:\WINDOWS\system32\drivers\Cdralw2k.sys
2010/12/02 09:47:59.0187 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/12/02 09:47:59.0203 cdudf_xp (8c7746acde6225a46b58ed7ae09ec166) C:\WINDOWS\system32\drivers\cdudf_xp.sys
2010/12/02 09:47:59.0250 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2010/12/02 09:47:59.0281 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2010/12/02 09:47:59.0328 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2010/12/02 09:47:59.0359 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2010/12/02 09:47:59.0390 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2010/12/02 09:47:59.0421 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2010/12/02 09:47:59.0453 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\WINDOWS\system32\Drivers\frmupgr.sys
2010/12/02 09:47:59.0484 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/12/02 09:47:59.0546 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/12/02 09:47:59.0578 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/12/02 09:47:59.0593 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/12/02 09:47:59.0609 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/12/02 09:47:59.0640 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2010/12/02 09:47:59.0671 Dot4 (3e4b043f8bc6be1d4820cc6c9c500306) C:\WINDOWS\system32\DRIVERS\Dot4.sys
2010/12/02 09:47:59.0718 Dot4Print (77ce63a8a34ae23d9fe4c7896d1debe7) C:\WINDOWS\system32\DRIVERS\Dot4Prt.sys
2010/12/02 09:47:59.0750 Dot4Scan (bd05306428da63369692477ddc0f6f5f) C:\WINDOWS\system32\DRIVERS\Dot4Scan.sys
2010/12/02 09:47:59.0765 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2010/12/02 09:47:59.0781 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/12/02 09:47:59.0812 dvd_2K (800de2dfa19db3fd87aa95308ba0c17b) C:\WINDOWS\system32\drivers\dvd_2K.sys
2010/12/02 09:47:59.0843 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/12/02 09:47:59.0890 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/12/02 09:47:59.0921 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/12/02 09:47:59.0953 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/12/02 09:47:59.0984 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/12/02 09:48:00.0000 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/12/02 09:48:00.0031 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/12/02 09:48:00.0062 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/12/02 09:48:00.0093 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/12/02 09:48:00.0156 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys
2010/12/02 09:48:00.0203 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/12/02 09:48:00.0234 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/12/02 09:48:00.0265 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2010/12/02 09:48:00.0296 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/12/02 09:48:00.0328 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2010/12/02 09:48:00.0343 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2010/12/02 09:48:00.0359 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/12/02 09:48:00.0375 iaStor (1c77a81756d4777ccb0425ae8107fe96) C:\WINDOWS\system32\drivers\iaStor.sys
2010/12/02 09:48:00.0421 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\drivers\Imapi.sys
2010/12/02 09:48:00.0453 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2010/12/02 09:48:00.0468 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/12/02 09:48:00.0500 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/12/02 09:48:00.0531 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/12/02 09:48:00.0546 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/12/02 09:48:00.0562 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/12/02 09:48:00.0593 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/12/02 09:48:00.0609 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/12/02 09:48:00.0640 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/12/02 09:48:00.0656 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/12/02 09:48:00.0671 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/12/02 09:48:00.0687 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/12/02 09:48:00.0718 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/12/02 09:48:00.0750 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/12/02 09:48:00.0781 L8042Kbd (ac728768de636093b4d5ae6361cfadae) C:\WINDOWS\system32\Drivers\L8042Kbd.sys
2010/12/02 09:48:00.0812 LBeepKE (839608e418a68bedc04faa656c7cab5a) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2010/12/02 09:48:00.0859 LHidFilt (24e0ddb99aeccf86bb37702611761459) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2010/12/02 09:48:00.0890 LHidKe (b66a77ed976f41ea6154fa0c1fb67f67) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
2010/12/02 09:48:00.0937 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
2010/12/02 09:48:00.0968 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
2010/12/02 09:48:01.0000 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
2010/12/02 09:48:01.0031 LMouFilt (d58b330d318361a66a9fe60d7c9b4951) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2010/12/02 09:48:01.0046 LMouKE (190e7cb6bcf5fbe0dbb64e8d57087636) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2010/12/02 09:48:01.0093 LUsbFilt (144011d14bd35f4e36136ae057b1aadd) C:\WINDOWS\system32\Drivers\LUsbFilt.Sys
2010/12/02 09:48:01.0140 MfeAVFK (32bcd2aec12cee766b2488731a78127c) C:\WINDOWS\system32\drivers\MfeAVFK.sys
2010/12/02 09:48:01.0156 MfeBOPK (963abf1a4d3a19206f7b059e5a1a190b) C:\WINDOWS\system32\drivers\MfeBOPK.sys
2010/12/02 09:48:01.0187 mfehidk (586a07b1fa933c340d990419d6894d7a) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/12/02 09:48:01.0218 MfeRKDK (820d6aa3f7f0cfa8a1fa8f63d3f1df04) C:\WINDOWS\system32\drivers\MfeRKDK.sys
2010/12/02 09:48:01.0250 mfetdik (3812e49fa67a3f604895f0d0c2e1ef90) C:\WINDOWS\system32\drivers\mfetdik.sys
2010/12/02 09:48:01.0265 mmc_2K (0a35ad036de912858a1c5e9637840724) C:\WINDOWS\system32\drivers\mmc_2K.sys
2010/12/02 09:48:01.0312 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/12/02 09:48:01.0359 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/12/02 09:48:01.0390 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/12/02 09:48:01.0421 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/12/02 09:48:01.0437 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/12/02 09:48:01.0468 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2010/12/02 09:48:01.0500 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/12/02 09:48:01.0531 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/12/02 09:48:01.0562 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/12/02 09:48:01.0593 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/12/02 09:48:01.0609 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/12/02 09:48:01.0640 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/12/02 09:48:01.0671 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/12/02 09:48:01.0687 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/12/02 09:48:01.0718 n558 (88705dc61b9275b82e48904d53031f5b) C:\WINDOWS\system32\Drivers\n558.sys
2010/12/02 09:48:01.0734 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/12/02 09:48:01.0750 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/12/02 09:48:01.0781 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/12/02 09:48:01.0796 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/12/02 09:48:01.0812 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/12/02 09:48:01.0828 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/12/02 09:48:01.0843 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/12/02 09:48:01.0921 NetwareWorkstation (71d3d223bd48834b2f5847b82cf63712) C:\WINDOWS\system32\NetWare\nwfs.sys
2010/12/02 09:48:01.0937 NetworkX (6e75e361c8ca28f3f945e38a5d275c17) C:\WINDOWS\system32\ckldrv.sys
2010/12/02 09:48:01.0984 NICM (a44f0bcf8abdba07b49b12712deeed9c) C:\WINDOWS\system32\drivers\nicm.sys
2010/12/02 09:48:02.0015 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/12/02 09:48:02.0046 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/12/02 09:48:02.0093 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/12/02 09:48:02.0171 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/12/02 09:48:02.0234 NWDHCP (1947eb59a1ae3539cd24a87062a4aa2c) C:\WINDOWS\system32\NetWare\nwdhcp.sys
2010/12/02 09:48:02.0250 NWDNS (0dbdcdc7855ddd64fb5d0af168d7c0b2) C:\WINDOWS\system32\NetWare\nwdns.sys
2010/12/02 09:48:02.0281 NWFILTER (7bbf493e2b4979312fa5b350fcf5a4c4) C:\WINDOWS\system32\NetWare\nwfilter.sys
2010/12/02 09:48:02.0296 NWHOST (b5e3e1e6f837a5f51a2e12234b4a6b85) C:\WINDOWS\system32\NetWare\NWHOST.sys
2010/12/02 09:48:02.0328 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/12/02 09:48:02.0359 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/12/02 09:48:02.0390 NWSAP (2726a6792bbb080ff345ed9a8111360f) C:\WINDOWS\system32\NetWare\NWSAP.sys
2010/12/02 09:48:02.0406 NWSIPX32 (ce2c767909949f370505db1f366fb4fd) C:\WINDOWS\system32\NetWare\nwsipx32.sys
2010/12/02 09:48:02.0421 NWSLP (0b5c354bebc5381b59a196bd7e517814) C:\WINDOWS\system32\NetWare\nwslp.sys
2010/12/02 09:48:02.0437 NWSNS (451ee45b1e7705678001598e14229e20) C:\WINDOWS\system32\NetWare\NWSNS.sys
2010/12/02 09:48:02.0484 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/12/02 09:48:02.0500 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/12/02 09:48:02.0531 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/12/02 09:48:02.0546 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/12/02 09:48:02.0593 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/12/02 09:48:02.0625 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/12/02 09:48:02.0718 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2010/12/02 09:48:02.0734 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2010/12/02 09:48:02.0781 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/12/02 09:48:02.0796 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/12/02 09:48:02.0812 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/12/02 09:48:02.0859 PulseUsb (071ae03df7d37fbbf9766703265ad871) C:\WINDOWS\system32\DRIVERS\PulseUsb.sys
2010/12/02 09:48:02.0890 pwd_2K (1840112f3f3b7ece84dbbd93a70c4135) C:\WINDOWS\system32\drivers\pwd_2K.sys
2010/12/02 09:48:02.0906 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2010/12/02 09:48:02.0921 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2010/12/02 09:48:02.0937 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2010/12/02 09:48:02.0968 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2010/12/02 09:48:02.0984 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2010/12/02 09:48:03.0015 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/12/02 09:48:03.0031 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/12/02 09:48:03.0062 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/12/02 09:48:03.0078 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/12/02 09:48:03.0093 RCFOX (5c72bbc9ca332847e0913168d917d2ee) C:\WINDOWS\system32\Drivers\RCFOX.sys
2010/12/02 09:48:03.0109 rcvpn (808b237c0b31327be1dbd72f14787f7e) C:\WINDOWS\system32\DRIVERS\rcvpn.sys
2010/12/02 09:48:03.0140 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/12/02 09:48:03.0156 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/12/02 09:48:03.0187 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/12/02 09:48:03.0218 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/12/02 09:48:03.0234 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/12/02 09:48:03.0265 RESMGR (16c27d650113b0aa0c8255c561a71cd4) C:\WINDOWS\system32\NetWare\resmgr.sys
2010/12/02 09:48:03.0296 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
2010/12/02 09:48:03.0375 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS
2010/12/02 09:48:03.0406 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS
2010/12/02 09:48:03.0500 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS
2010/12/02 09:48:03.0531 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
2010/12/02 09:48:03.0578 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/12/02 09:48:03.0625 Sentinel (4b926f60ccce0c410591c66446675496) C:\WINDOWS\System32\Drivers\SENTINEL.SYS
2010/12/02 09:48:03.0640 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/12/02 09:48:03.0656 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/12/02 09:48:03.0703 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2010/12/02 09:48:03.0765 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2010/12/02 09:48:03.0843 snapman (5bceb1b306878035dacba6dd18366eda) C:\WINDOWS\system32\DRIVERS\snapman.sys
2010/12/02 09:48:03.0890 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2010/12/02 09:48:03.0921 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2010/12/02 09:48:03.0937 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/12/02 09:48:03.0968 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/12/02 09:48:04.0000 Srv (da852e3e0bf1cea75d756f9866241e57) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/12/02 09:48:04.0031 SRVLOC (95670059a852bb0633db7b096e6c8333) C:\WINDOWS\system32\NetWare\srvloc.sys
2010/12/02 09:48:04.0078 SSLDrv (a7a577c32309fe723fa2ef927464ec6f) C:\WINDOWS\system32\DRIVERS\SSLDrv.sys
2010/12/02 09:48:04.0140 STHDA (9db5dbed65f2d74acd1d20a53898af79) C:\WINDOWS\system32\drivers\sthda.sys
2010/12/02 09:48:04.0171 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys
2010/12/02 09:48:04.0187 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/12/02 09:48:04.0218 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/12/02 09:48:04.0250 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2010/12/02 09:48:04.0281 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2010/12/02 09:48:04.0312 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2010/12/02 09:48:04.0328 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2010/12/02 09:48:04.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/12/02 09:48:04.0375 tap0801 (0c82061920a2de35d33c2c2bb83b1e98) C:\WINDOWS\system32\DRIVERS\tap0801.sys
2010/12/02 09:48:04.0406 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/12/02 09:48:04.0437 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/12/02 09:48:04.0484 tdrpman258 (8de3e45000ba8c9ebb16737d3f83e216) C:\WINDOWS\system32\DRIVERS\tdrpm258.sys
2010/12/02 09:48:04.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/12/02 09:48:04.0546 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/12/02 09:48:04.0593 timounter (3e06987fedbcdfbff8e85ef8108565f9) C:\WINDOWS\system32\DRIVERS\timntr.sys
2010/12/02 09:48:04.0625 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2010/12/02 09:48:04.0671 TVicLPT (f7e10a46eafa1bbe3020e26db1d7ab79) C:\WINDOWS\system32\drivers\TVicLPT.sys
2010/12/02 09:48:04.0703 UdfReadr_xp (e1b5bfba7f1cde1fc28934639e83b3cf) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys
2010/12/02 09:48:04.0718 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/12/02 09:48:04.0750 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2010/12/02 09:48:04.0781 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/12/02 09:48:04.0828 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/12/02 09:48:04.0859 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/12/02 09:48:04.0875 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/12/02 09:48:04.0906 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/12/02 09:48:04.0921 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/12/02 09:48:04.0953 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/12/02 09:48:04.0984 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2010/12/02 09:48:05.0000 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2010/12/02 09:48:05.0062 vmm (189cfded8f2b77cd4dc4972be0a21b78) C:\WINDOWS\system32\Drivers\vmm.sys
2010/12/02 09:48:05.0093 vnccom (b67632451f760797bb183e1fb99f4b39) C:\WINDOWS\system32\Drivers\vnccom.SYS
2010/12/02 09:48:05.0125 vncdrv (4ec979b157d1aa075330362acb5424e5) C:\WINDOWS\system32\DRIVERS\vncdrv.sys
2010/12/02 09:48:05.0140 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/12/02 09:48:05.0171 VPCNetS2 (11f77458f5d3abd76747a628e0da2f6b) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2010/12/02 09:48:05.0203 vpnva (e9513bfa9b5f638358122da13b40e1c2) C:\WINDOWS\system32\DRIVERS\vpnva.sys
2010/12/02 09:48:05.0234 vsbus (3995d1e95f3c621467da4bce868cdc90) C:\WINDOWS\system32\DRIVERS\vsb.sys
2010/12/02 09:48:05.0265 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
2010/12/02 09:48:05.0312 vserial (3feb02f2eebaa3f099e279c258ef786e) C:\WINDOWS\system32\DRIVERS\vserial.sys
2010/12/02 09:48:05.0359 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/12/02 09:48:05.0390 wceusbsh (4a954a20a4c73d6db13c0fe25f3f1b0c) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
2010/12/02 09:48:05.0437 Wdf01000 (4769596d7cc0f5fa447d2babc239672a) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2010/12/02 09:48:05.0484 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/12/02 09:48:05.0515 Wibukey (4b0246d2c51470c29f80a3f3110bc141) C:\WINDOWS\system32\drivers\wibukey.sys
2010/12/02 09:48:05.0546 Wibukey2 (b2bd7e7d274b2addbe5cfcf85fe62041) C:\WINDOWS\system32\drivers\wibukey2.sys
2010/12/02 09:48:05.0609 winusb (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\winusb.sys
2010/12/02 09:48:05.0671 WudfPf (729f76cd53af1685ca4c4c058519c58c) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/12/02 09:48:05.0703 WudfRd (a2aafcc8a204736296d937c7c545b53f) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/12/02 09:48:05.0812 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/12/02 09:48:05.0828 ================================================================================
2010/12/02 09:48:05.0828 Scan finished
2010/12/02 09:48:05.0828 ================================================================================
2010/12/02 09:48:05.0843 Detected object count: 1
2010/12/02 09:49:04.0328 \HardDisk1 - will be cured after reboot
2010/12/02 09:49:04.0328 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 02 December 2010 - 07:01 PM

Hello, jason70.


Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 03 December 2010 - 02:26 PM

I had a little problem when I went to run ComboFix.

First it thinks that AVG Free 2011 was running. I had previously uninstalled the software, but I thought maybe that something had remained, so I checked the services and could not find anything. I also checked but could not find any visible indication the program is still installed. At that point I tried to exit out of ComboFix by clicking the X, but was not successful. When it asked if I wanted to install the Windows Recovery Console, I selected No hoping it would give me the option to continue or quit, but it just continued.

Here is the log from that scan. I have NOT run anything further.

ComboFix 10-12-02.05 - NorthWind 12/03/2010 8:25.1.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2473 [GMT -6:00]
Running from: c:\documents and settings\Northwind\Desktop\etavaresCF.exe
AV: AVG Anti-Virus Free Edition 2011 *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Northwind\Application Data\.#
c:\documents and settings\Northwind\Application Data\.#\MBX@131C@383F80.###
c:\documents and settings\Northwind\Application Data\.#\MBX@131C@383FB0.###
c:\documents and settings\Northwind\Application Data\.#\MBX@14C0@383F80.###
c:\documents and settings\Northwind\Application Data\.#\MBX@14C0@383FB0.###
c:\documents and settings\Northwind\g2mdlhlpx.exe
c:\documents and settings\Northwind\System
c:\documents and settings\Northwind\System\win_qs7.jqx
c:\windows\Downloaded Program Files\popcaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system32\Cache
c:\windows\system32\UNWISE.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-11-03 to 2010-12-03 )))))))))))))))))))))))))))))))
.

2010-12-02 22:45 . 2010-12-02 22:45 -------- d-----w- C:\emptydir
2010-11-29 20:55 . 2010-11-29 20:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2010-11-29 20:54 . 2010-11-29 20:54 -------- d-----w- c:\windows\system32\%APPDATA%
2010-11-29 20:48 . 2009-08-19 10:08 306 ----a-w- c:\windows\myClean.bat
2010-11-29 20:46 . 2010-11-29 20:46 -------- d-----w- c:\documents and settings\Northwind\Application Data\MSNInstaller
2010-11-26 20:36 . 2010-11-26 20:40 -------- d-----w- C:\downloads
2010-11-19 15:11 . 2010-11-19 15:11 -------- d-----w- c:\documents and settings\Control
2010-11-17 21:49 . 2010-11-29 21:03 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-17 21:49 . 2010-11-29 20:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-17 19:36 . 2010-11-17 19:36 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG
2010-11-17 19:27 . 2010-11-29 20:42 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-11-17 16:16 . 2010-11-17 16:16 -------- d-----w- c:\documents and settings\Northwind\Application Data\AVG10
2010-11-17 16:14 . 2010-11-17 16:14 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2010-11-17 16:03 . 2010-11-17 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData
2010-11-17 15:23 . 2010-11-17 15:23 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2010-11-17 14:33 . 2010-11-17 16:10 -------- d-----w- c:\documents and settings\Northwind\Application Data\IObit
2010-11-17 14:33 . 2010-11-17 14:33 -------- d-----w- c:\program files\IObit
2010-11-16 14:19 . 2010-11-16 17:49 -------- d---a-w- C:\0-antivirus4linux

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-09 20:54 . 2009-11-09 20:54 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-11-09 20:54 . 2009-11-09 20:54 125848 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-11-09 20:54 . 2009-11-09 20:54 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-11-09 20:54 . 2009-11-09 20:54 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2008-02-28 19:30 . 2006-12-15 16:27 8784 ------w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2008-02-28 19:33 . 2006-12-15 16:27 245408 ------w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]
"AdaptecDirectCD"="c:\program files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [2008-05-12 684032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2006-02-08 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-10 49152]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2006-04-26 143360]
"IndexSearch"="c:\program files\Scansoft\PaperPort\IndexSearch.exe" [2002-08-12 36864]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 76304]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-02-28 63048]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"PaperPort PTD"="c:\program files\Scansoft\PaperPort\pptd40nt.exe" [2002-08-12 45108]
"QuickFinder Scheduler"="c:\program files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE" [2001-04-02 77887]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-21 282624]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 28672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Easy Synchronization"="c:\program files\Logitech\Easy Synchronization\LogitechEasySync.exe" [2005-10-05 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="c:\windows\system32\Macromed\Flash\FlashUtil10c.exe" [2009-07-18 257440]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
AutoCAD LT Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-3-5 10872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-29 561213]
CorelCENTRAL 10.lnk - c:\windows\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe [2006-11-22 5222]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{FE24CD78-7C63-465D-8787-4EDF7FC79895}"= "c:\program files\Logitech\Easy Synchronization\shellexecutehook.dll" [2005-10-05 69632]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2010-06-09 21:21 87424 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SmartUI.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
backup=c:\windows\pss\SmartUI.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Northwind^Start Menu^Programs^Startup^DING!.lnk]
path=c:\documents and settings\Northwind\Start Menu\Programs\Startup\DING!.lnk
backup=c:\windows\pss\DING!.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Northwind^Start Menu^Programs^Startup^Notify.lnk]
path=c:\documents and settings\Northwind\Start Menu\Programs\Startup\Notify.lnk
backup=c:\windows\pss\Notify.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Northwind^Start Menu^Programs^Startup^Shortcut to taskmgr.lnk]
path=c:\documents and settings\Northwind\Start Menu\Programs\Startup\Shortcut to taskmgr.lnk
backup=c:\windows\pss\Shortcut to taskmgr.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
2008-04-14 00:12 110592 ----a-w- c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Kernel and Hardware Abstraction Layer]
2008-02-29 08:12 76304 ----a-w- c:\windows\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWTRAY]
2002-03-12 15:37 28672 ----a-w- c:\windows\system32\nwtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2006-04-07 20:02 1343488 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WWNetDDE"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"vpnagent"=3 (0x3)
"Viewpoint Manager Service"=3 (0x3)
"uvnc_service"=2 (0x2)
"SWAGENT"=3 (0x3)
"SONICWALL_NetExtender"=3 (0x3)
"slssvc"=3 (0x3)
"RsvcHost"=2 (0x2)
"RSLinxNG"=2 (0x2)
"RSLinx"=2 (0x2)
"Rockwell Tag Server"=3 (0x3)
"Rockwell HMI Framework"=2 (0x2)
"Rockwell HMI Diagnostics"=2 (0x2)
"Rockwell HMI Backup Server"=3 (0x3)
"Rockwell HMI Alarm Logger"=3 (0x3)
"Rockwell HMI Activity Logger"=3 (0x3)
"RNADirMultiplexor"=3 (0x3)
"RNADirectory"=2 (0x2)
"RNADiagReceiver"=3 (0x3)
"RNADiagnosticsService"=2 (0x2)
"RnaAlarmMux"=2 (0x2)
"RnaAeServer"=2 (0x2)
"RdcyHost"=2 (0x2)
"RampartSvc"=3 (0x3)
"PenCommService"=3 (0x3)
"ose"=3 (0x3)
"OpenVPNService"=3 (0x3)
"odserv"=3 (0x3)
"NmspHost"=2 (0x2)
"NA_Service"=2 (0x2)
"myAgtSvc"=2 (0x2)
"MDM"=2 (0x2)
"McShield"=2 (0x2)
"LogReceiver"=3 (0x3)
"LogMeIn"=3 (0x3)
"Logitech Easy Synchronization"=3 (0x3)
"LMIMaint"=3 (0x3)
"LBTServ"=3 (0x3)
"Lavasoft Ad-Aware Service"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"idsvc"=3 (0x3)
"IDriverT"=3 (0x3)
"IAANTMon"=3 (0x3)
"Harmony"=2 (0x2)
"FTAE_HistServ"=2 (0x2)
"FTAE_Archiver"=2 (0x2)
"FTActivationBoost"=2 (0x2)
"FS Service Control"=2 (0x2)
"EventServer"=3 (0x3)
"EventClientMultiplexer"=3 (0x3)
"EngineServer"=2 (0x2)
"dnWhoDisp"=3 (0x3)
"CVPND"=3 (0x3)
"cusrvc"=3 (0x3)
"btwdins"=3 (0x3)
"Ati HotKey Poller"=3 (0x3)
"afcdpsrv"=3 (0x3)
"AcrSch2Svc"=3 (0x3)
"aaLogger"=3 (0x3)
"avgwd"=2 (0x2)
"AVGIDSAgent"=2 (0x2)
"SMTPSVC"=2 (0x2)
"AudioSrv"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"=
"c:\\Program Files\\RAISE\\RFQ Builder\\RFQBldr.exe"=
"c:\\Program Files\\Corel\\WordPerfect Office 2002\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\Common Files\\ArchestrA\\aaLogger.exe"=
"c:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe"=
"c:\\Program Files\\Wonderware\\InTouch\\wm.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\RAISE\\Proposal Builder\\PropBldr.exe"=
"c:\\Program Files\\RAISE\\eCADWorks Clipboard\\ABECADCB.EXE"=
"c:\\Program Files\\SonicWALL\\SonicWALL Global VPN Client\\SWGVpnClient.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\WIBUKEY\\Server\\WkSvW32.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RdcyHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\NmspHost.exe"=
"c:\\Program Files\\Rockwell Software\\BOOTP-DHCP Server\\BootpServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Wonderware\\InTouch\\view.exe"=
"c:\\Program Files\\EPLAN\\Electric P8\\1.9.6\\BIN\\W3u.exe"=
"c:\\Program Files\\Senomix\\Senomix Timesheets Entry\\local\\Timesheet Entry.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\WINDOWS\\system32\\taskmgr.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\BTStackServer.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Southwest Airlines\\Ding\\Ding.exe"=
"c:\\WINDOWS\\system32\\dwwin.exe"=
"c:\\WINDOWS\\system32\\inetsrv\\inetinfo.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\AlmCliSrvWrap.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\AlmMpx.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\AlarmQB.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\AlmSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\CommandCliSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\CommandCliTagHMIService.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\CommandErrorLogSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\DatalogServ.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\DerivedTags.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\DisplayClient.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\DlgRdRp.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\DlgRdServ.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\EventDetector.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\ServerFramework.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe"=
"c:\\Program Files\\Rockwell Software\\RSView Enterprise\\RSAlarmFileReader.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAeServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmMux.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaAlarmDetector.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\CounterMonitor.exe"=
"c:\\Novell\\GroupWise\\grpwise.exe"=
"c:\\Novell\\GroupWise\\notify.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\EPLAN\\Electric P8\\1.9.11\\BIN\\W3u.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"135:TCP"= 135:TCP:Port 135 TCP
"102:TCP"= 102:TCP:DAS SI 102
"502:TCP"= 502:TCP:Modicon 502
"1434:UDP"= 1434:UDP:SQL Server Browser 1434
"1433:TCP"= 1433:TCP:SQL TCP 1433
"2221:TCP"= 2221:TCP:DAS ABTCP 2221
"2222:TCP"= 2222:TCP:DAS ABTCP 2222
"2223:TCP"= 2223:TCP:DAS ABTCP 2223
"5413:TCP"= 5413:TCP:Port 5413
"9001:TCP"= 9001:TCP:vista 9001
"9002:TCP"= 9002:TCP:EnvMngr 9002
"9003:TCP"= 9003:TCP:MsgMngr 9003
"9004:TCP"= 9004:TCP:SecMngr 9004
"9006:TCP"= 9006:TCP:RedMngr 9006
"9007:TCP"= 9007:TCP:UnilinkMngr 9007
"9008:TCP"= 9008:TCP:BatchMngr 9008
"9011:TCP"= 9011:TCP:LogMngr 9011
"9012:TCP"= 9012:TCP:InfoMngr 9012
"9013:UDP"= 9013:UDP:RedMngrX 9013
"9014:UDP"= 9014:UDP:RedMngrX2 9014
"9015:TCP"= 9015:TCP:HistQMngrvista 9015
"9016:TCP"= 9016:TCP:HistQReader 9016
"44818:TCP"= 44818:TCP:Logix 44818
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2/22/2010 14:14 911680]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [7/2/2007 14:44 91136]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [9/29/2008 14:49 66848]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [8/13/2009 15:12 70944]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [8/13/2009 15:12 152864]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/14/2007 16:37 3712]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [2/28/2008 14:31 12856]
R2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [11/5/2009 10:21 49152]
R2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [6/11/2009 08:16 222496]
R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [2/18/2010 12:23 265728]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [6/11/2009 08:16 222496]
R2 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [8/13/2009 15:12 275744]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [8/13/2009 15:12 787744]
R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [7/3/2009 00:47 509216]
R2 TVicLPT;TVicLPT;c:\windows\system32\drivers\TVicLPT.sys [3/19/2007 13:57 15536]
R2 uvnc_service;uvnc_service;c:\program files\UltraVNC\winvnc.exe [9/29/2009 15:54 1693128]
R2 vnccom;vnccom;c:\windows\system32\drivers\vnccom.SYS [8/16/2006 12:11 6016]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2/22/2010 14:14 160288]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [6/11/2009 08:15 222496]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [7/2/2007 14:44 23180]
R3 SSLDrv;SSL-VPN NetExtender Adapter;c:\windows\system32\drivers\SSLDrv.sys [2/4/2008 18:46 20504]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [10/1/2006 06:37 26624]
R3 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [7/7/2008 07:50 399032]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2/22/2010 14:14 2480048]
S3 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [8/13/2009 11:18 91424]
S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?]
S3 PulseUsb;Livescribe Pulse Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [10/19/2009 12:59 20096]
S3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [7/3/2009 00:47 83232]
S3 Rockwell HMI Backup Server;Rockwell HMI Backup Server;c:\program files\Rockwell Software\RSView Enterprise\Rockwell HMI Backup Server.exe [7/3/2009 00:47 107808]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 14:38 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [7/5/2008 18:19 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [4/23/2002 19:02 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [7/5/2008 18:19 155440]
S3 SmartpenBus;Smartpen Enumerator;c:\windows\system32\DRIVERS\SmartpenBus.sys --> c:\windows\system32\DRIVERS\SmartpenBus.sys [?]
S3 SmartpenCom;Smartpen Communications;c:\windows\system32\DRIVERS\SmartpenCom.sys --> c:\windows\system32\DRIVERS\SmartpenCom.sys [?]
S3 Wibukey2;Wibukey2;c:\windows\system32\drivers\wibukey2.sys [7/8/2004 07:54 17408]
.
Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-02 c:\windows\Tasks\Backup Profiles.job
- c:\documents and settings\Northwind\My Documents\Backup\LocalProfile.cmd [2009-10-30 16:06]

2010-12-02 c:\windows\Tasks\Belarc.job
- c:\progra~1\Belarc\Advisor\System\NPBelv32.dll [2007-12-14 21:35]

2010-11-17 c:\windows\Tasks\Defrag.job
- c:\windows\SYSTEM32\defrag.exe [2004-08-11 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: {A9972C15-44CB-42A0-B708-E8B2CFD0355E} = 65.64.178.3,4.2.2.1
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} - hxxps://connect.delmonte.com/+CSCOL+/relayp.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab
DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} - hxxps://officena.fujifilmsericol.com/NELX.cab
FF - ProfilePath - c:\documents and settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
FF - plugin: c:\documents and settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Extension: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\moveplayer@movenetworks.com
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
------- File Associations -------
.
.scr=AutoCADLTScriptFile
.
- - - - ORPHANS REMOVED - - - -

SharedTaskScheduler-{c75090d9-1c92-49af-bdf5-f2601185e906} - (no file)
SharedTaskScheduler-{f57dd996-c839-4180-8b1d-7f3c2cee5418} - (no file)
SharedTaskScheduler-{c7218411-d672-401a-bfd9-94bff4a45ac9} - (no file)
SSODL-veliyibib-{c75090d9-1c92-49af-bdf5-f2601185e906} - (no file)
SSODL-bikesizaw-{f57dd996-c839-4180-8b1d-7f3c2cee5418} - (no file)
SSODL-tofutamar-{c7218411-d672-401a-bfd9-94bff4a45ac9} - (no file)
MSConfigStartUp-Advanced SystemCare 3 - c:\program files\IObit\Advanced SystemCare 3\AWC.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-MVS Splash - c:\program files\McAfee\Managed VirusScan\DesktopUI\XTray.exe
AddRemove-Hardlock Device Drivers - c:\windows\system32\UNWISE.EXE
AddRemove-{10B15004-CD2A-49BD-ACB7-DFA124F39273} - c:\program files\InstallShield Installation Information\{10B15004-CD2A-49BD-ACB7-DFA124F39273}\setup.exe -runfromtemp -l0x0009 -removeonly\ -REMV



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-03 08:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe???????????>j?w??????@???D????????|P?E????|???????????????|????P?E?????????8???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\windows\system32\LMIinit.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'Explorer.exe'(5488)
c:\windows\system32\WININET.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL
c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Logitech\Bluetooth\LBTSERV.EXE
c:\program files\Common Files\ArchestrA\aaLogger.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\crypserv.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Common Files\ArchestrA\NTServApp.exe
c:\windows\system32\hasplms.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\Logitech\Easy Synchronization\servicestub.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\MODBUSDRV.exe
c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe
c:\program files\Common Files\Rockwell\RnaDirServer.exe
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe
c:\program files\Logitech\SetPoint\LBTWiz.exe
c:\windows\stsystra.exe
c:\program files\Skype\Phone\Skype.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2010-12-03 08:45:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-03 14:45

Pre-Run: 98,019,241,984 bytes free
Post-Run: 98,448,474,112 bytes free

- - End Of File - - FDDAF329AFA3B7CD5892346534AA8899

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 03 December 2010 - 07:44 PM

Hello, jason70.

OK, before we continue, please run AVG remover.

Download AVG Remover(32bit) 2011 and save it to your desktop.

Double click to run it and follow the prompts. Reboot when it's done if it doesn't automatically reboot.

Next, are you running an antivirus? It's hard to tell as the instructions were to disable it in the logs I've asked you to do. If not, please install one. Good free ones include Avira AntiVir and Avast, and there are others as well.

Once that's done, please let me know.

Also, how is your computer running at this point?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 06 December 2010 - 09:35 AM

etavares

I downloaded and ran the AVG remover, rebooted and had no problems.

We are using Sonicwall Enforced Client which uses McAfee. I do not currently have it installed, but I also do not have the computer connected to the internet. I have been downloading files from another computer and transferring using a USB jump drive. I have also not been using the computer while we are working through this, but it starts right up with no delays and everything that I have done so far has been just fine since running the Tdsskiller.

Once I get the green light from you, I will reinstall the Sonicwall/McAfee and start using it on a regular basis. I just did not want to take a chance of interfering with the process.

Let me know what's next.

jason70

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 06 December 2010 - 07:26 PM

Hello, jason70.

At this point, you can turn on your security and plug into the internet. We do have some more cleanup to go, but should be safe at this point.



We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Select "Use Safelist" under "Extra Registry"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTListIt.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 07 December 2010 - 11:22 AM

Virus Software installed and reconnected to the internet.

Working good so far.

OTL.txt and Extras.txt contents below



OTL logfile created on: 12/7/2010 08:28:28 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Northwind\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 91.83 Gb Free Space | 61.64% Space Free | Partition Type: NTFS
Drive J: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive K: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive L: | 1.94 Gb Total Space | 1.64 Gb Free Space | 84.63% Space Free | Partition Type: FAT
Drive M: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive N: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive P: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive Q: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive R: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive S: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive T: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive U: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive V: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive Y: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

Computer Name: PC017 | User Name: Northwind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/12/07 08:26:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Northwind\Desktop\OTL.exe
PRC - [2010/10/27 00:10:10 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/27 00:10:00 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/09 15:21:56 | 000,116,104 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\ramaint.exe
PRC - [2010/06/09 15:21:24 | 000,378,248 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LMIGuardian.exe
PRC - [2010/05/14 10:44:46 | 000,501,480 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2010/01/11 14:45:50 | 007,592,472 | ---- | M] (Novell, Inc.) -- C:\Novell\GroupWise\grpwise.exe
PRC - [2010/01/07 23:40:58 | 000,212,992 | ---- | M] (Novell, Inc.) -- C:\Novell\GroupWise\notify.exe
PRC - [2009/11/24 10:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009/11/12 03:49:16 | 000,361,632 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009/11/12 03:48:30 | 005,106,904 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009/08/13 15:12:44 | 000,070,944 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
PRC - [2009/08/13 15:12:40 | 000,152,864 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
PRC - [2009/07/03 00:46:56 | 000,083,232 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
PRC - [2009/06/11 08:16:46 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe
PRC - [2009/06/11 08:16:38 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\NmspHost.exe
PRC - [2009/06/11 08:15:22 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Common Files\Rockwell\EventServer.exe
PRC - [2009/06/10 22:34:06 | 000,028,672 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
PRC - [2008/09/29 14:49:46 | 000,066,848 | ---- | M] (Rockwell Automation Inc.) -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
PRC - [2008/05/27 16:17:44 | 000,434,176 | ---- | M] (Rockwell Automation, Inc.) -- C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
PRC - [2008/05/12 16:09:00 | 000,684,032 | ---- | M] (Roxio) -- C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe
PRC - [2008/05/02 01:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 01:42:18 | 000,059,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\LBTWiz.exe
PRC - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
PRC - [2008/05/02 01:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/25 15:25:20 | 000,787,208 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\LU\LogitechUpdate.exe
PRC - [2008/04/25 15:25:12 | 000,191,752 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\LU\LULnchr.exe
PRC - [2008/04/13 18:12:25 | 001,414,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mmc.exe
PRC - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/19 11:53:38 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) -- C:\WINDOWS\system32\hasplms.exe
PRC - [2008/02/28 14:31:50 | 000,063,048 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
PRC - [2008/02/28 14:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe
PRC - [2007/10/16 06:29:10 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2007/06/26 15:11:48 | 000,217,088 | ---- | M] (Rockwell Automation) -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
PRC - [2006/11/29 21:37:20 | 000,561,213 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2006/06/22 13:15:48 | 000,462,848 | ---- | M] (Southwest Airlines) -- C:\Program Files\Southwest Airlines\Ding\Ding.exe
PRC - [2006/04/07 14:02:24 | 001,343,488 | ---- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2006/03/20 21:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2006/02/28 19:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2005/10/05 11:00:44 | 000,053,248 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe
PRC - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe
PRC - [2005/08/18 02:55:00 | 000,099,328 | ---- | M] () -- C:\Program Files\OpenVPN\bin\openvpn-gui.exe
PRC - [2003/10/23 22:37:56 | 000,217,194 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
PRC - [2003/02/03 10:29:12 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
PRC - [2002/08/12 08:33:34 | 000,045,108 | ---- | M] (ScanSoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
PRC - [2002/03/12 09:37:28 | 000,028,672 | ---- | M] (Novell, Inc.) -- C:\WINDOWS\system32\nwtray.exe


========== Modules (SafeList) ==========

MOD - [2010/12/07 08:26:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Northwind\Desktop\OTL.exe
MOD - [2009/07/12 02:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 01:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2006/11/29 21:41:44 | 000,077,824 | ---- | M] (Broadcom Corporation.) -- C:\WINDOWS\system32\BtMmHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/06/09 15:21:56 | 000,116,104 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2010/02/22 14:14:05 | 002,480,048 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2010/02/18 12:23:54 | 000,265,728 | ---- | M] (Livescribe) [Disabled | Stopped] -- C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe -- (PenCommService)
SRV - [2009/11/12 03:49:10 | 000,660,664 | ---- | M] (Acronis) [Disabled | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009/08/13 15:12:44 | 000,070,944 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe -- (FTAE_Archiver)
SRV - [2009/08/13 15:12:42 | 000,275,744 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RnaAeServer.exe -- (RnaAeServer)
SRV - [2009/08/13 15:12:40 | 000,152,864 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe -- (FTAE_HistServ)
SRV - [2009/08/13 15:12:38 | 000,787,744 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe -- (RnaAlarmMux)
SRV - [2009/08/13 11:18:58 | 000,091,424 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe -- (LogReceiver)
SRV - [2009/07/03 00:47:52 | 000,152,864 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe -- (Rockwell Tag Server)
SRV - [2009/07/03 00:47:50 | 000,509,216 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe -- (Rockwell HMI Framework)
SRV - [2009/07/03 00:47:32 | 000,083,232 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe -- (Rockwell HMI Alarm Logger)
SRV - [2009/07/03 00:47:28 | 000,107,808 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\Rockwell HMI Backup Server.exe -- (Rockwell HMI Backup Server)
SRV - [2009/07/03 00:47:28 | 000,103,712 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe -- (Rockwell HMI Activity Logger)
SRV - [2009/07/03 00:46:56 | 000,083,232 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe -- (Rockwell HMI Diagnostics)
SRV - [2009/06/11 08:18:38 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Rockwell\RsvcHost.exe -- (RsvcHost)
SRV - [2009/06/11 08:17:30 | 000,902,432 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Rockwell\RnaDirServer.exe -- (RNADirectory)
SRV - [2009/06/11 08:17:26 | 001,013,024 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe -- (RNADirMultiplexor)
SRV - [2009/06/11 08:17:18 | 000,148,768 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe -- (RNADiagReceiver)
SRV - [2009/06/11 08:16:46 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RdcyHost.exe -- (RdcyHost)
SRV - [2009/06/11 08:16:38 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\NmspHost.exe -- (NmspHost)
SRV - [2009/06/11 08:15:22 | 000,222,496 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Running] -- C:\Program Files\Common Files\Rockwell\EventServer.exe -- (EventServer)
SRV - [2009/06/11 08:15:18 | 000,292,128 | ---- | M] (Rockwell Automation, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe -- (EventClientMultiplexer)
SRV - [2009/06/10 22:34:06 | 000,028,672 | ---- | M] (Rockwell Automation Inc.) [Auto | Running] -- C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe -- (RNADiagnosticsService)
SRV - [2009/04/03 18:07:54 | 001,693,128 | ---- | M] (UltraVNC) [Disabled | Stopped] -- C:\Program Files\UltraVNC\WinVNC.exe -- (uvnc_service)
SRV - [2009/02/16 16:03:22 | 000,202,016 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)
SRV - [2008/09/29 14:49:46 | 000,066,848 | ---- | M] (Rockwell Automation Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe -- (FTActivationBoost)
SRV - [2008/08/22 15:42:40 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/07/25 09:39:26 | 001,971,768 | ---- | M] (Rockwell Automation, Inc.) [Auto | Stopped] -- C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE -- (RSLinx)
SRV - [2008/07/07 07:50:28 | 000,399,032 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/05/27 11:20:38 | 000,070,952 | ---- | M] (Rockwell Automation, Inc.) [Disabled | Stopped] -- C:\Program Files\Rockwell Software\RSLinx\dnwhodisp.exe -- (dnWhoDisp)
SRV - [2008/05/02 01:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/13 18:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/04/08 17:40:54 | 000,263,600 | ---- | M] (SonicWALL Inc.) [Disabled | Stopped] -- C:\Program Files\SonicWALL\SSL-VPN\NetExtender\NEService.exe -- (SONICWALL_NetExtender)
SRV - [2008/03/19 11:53:38 | 002,558,464 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Auto | Running] -- C:\WINDOWS\System32\hasplms.exe -- (hasplms)
SRV - [2008/02/28 14:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/07/17 20:42:58 | 000,080,688 | ---- | M] (Invensys Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArchestrA\wwnetdde.exe -- (WWNetDDE)
SRV - [2007/07/17 18:58:22 | 000,229,446 | ---- | M] (Invensys Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArchestrA\aaLogger.exe -- (aaLogger)
SRV - [2007/07/16 10:58:02 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007/06/26 15:11:48 | 000,217,088 | ---- | M] (Rockwell Automation) [Auto | Running] -- C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe -- (RSLinxNG)
SRV - [2006/10/01 06:37:42 | 000,016,384 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2006/04/26 06:38:50 | 000,081,920 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMon) Intel®
SRV - [2006/02/28 19:10:18 | 000,069,632 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2005/10/05 11:00:06 | 000,065,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Logitech\Easy Synchronization\servicestub.exe -- (Logitech Easy Synchronization)
SRV - [2005/09/13 16:22:52 | 000,049,152 | ---- | M] (Schneider Automation SAS) [Disabled | Stopped] -- C:\WINDOWS\system32\NA_Service.exe -- (NA_Service)
SRV - [2005/05/04 17:43:04 | 000,040,960 | ---- | M] (Invensys Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\ArchestrA\slssvc.exe -- (slssvc)
SRV - [2005/01/18 08:17:56 | 000,036,864 | ---- | M] (Novell, Inc.) [Disabled | Stopped] -- C:\WINDOWS\system32\cusrvc.exe -- (cusrvc)
SRV - [2005/01/12 12:37:28 | 000,032,845 | ---- | M] (Wonderware Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\ArchestrA\NTServApp.exe -- (FS Service Control)
SRV - [2004/12/02 07:28:32 | 000,098,304 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)
SRV - [2004/10/15 09:12:38 | 000,131,072 | ---- | M] (SonicWALL, Inc.) [Disabled | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\VirtualBackplane.sys -- (VirtualBackplane)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SmartpenCom.sys -- (SmartpenCom)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\SmartpenBus.sys -- (SmartpenBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\pcidnt.sys -- (pcidnt)
DRV - File not found [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\DS1410D.SYS -- (DS1410D)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\etavaresCF\catchme.sys -- (catchme)
DRV - [2010/06/09 15:21:38 | 000,083,360 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2010/02/22 14:14:06 | 000,160,288 | ---- | M] (Acronis) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\afcdp.sys -- (afcdp)
DRV - [2010/02/22 14:14:02 | 000,911,680 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\tdrpm258.sys -- (tdrpman258) Acronis Try&Decide and Restore Points filter (build 258)
DRV - [2010/02/22 14:14:01 | 000,581,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/02/22 14:13:33 | 000,158,272 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2009/12/15 14:29:42 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2009/12/15 14:29:34 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/12/15 14:29:30 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/12/15 14:29:26 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/12/15 13:29:52 | 000,055,304 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/07/22 13:42:04 | 000,020,096 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PulseUsb.sys -- (PulseUsb)
DRV - [2008/08/11 12:40:58 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/07 07:50:28 | 000,024,176 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2008/07/05 18:19:52 | 000,155,440 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\RSSERIAL.SYS -- (RSSERIAL)
DRV - [2008/07/05 18:19:50 | 000,039,067 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\RSIKT.SYS -- (RsiKtControl)
DRV - [2008/05/12 16:09:01 | 000,144,250 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\pwd_2K.sys -- (pwd_2K)
DRV - [2008/05/12 16:09:00 | 000,241,280 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\cdudf_xp.sys -- (cdudf_xp)
DRV - [2008/05/12 16:09:00 | 000,206,464 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys -- (UdfReadr_xp)
DRV - [2008/05/12 16:09:00 | 000,030,662 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2008/05/12 16:09:00 | 000,025,930 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2008/05/12 16:08:59 | 000,062,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2008/05/12 16:08:59 | 000,023,436 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2008/04/13 12:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2008/04/13 12:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp)
DRV - [2008/04/13 10:36:05 | 000,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/18 14:45:34 | 000,350,720 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\aksfridge.sys -- (aksfridge)
DRV - [2008/02/29 02:13:46 | 000,028,944 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2008/02/29 02:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 02:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/02/28 14:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/02/04 18:46:00 | 000,020,504 | ---- | M] (SonicWALL Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SSLDrv.sys -- (SSLDrv)
DRV - [2007/09/21 03:10:20 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2007/09/11 13:40:30 | 000,046,336 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshhl.sys -- (akshhl)
DRV - [2007/08/15 06:27:18 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\n558.sys -- (n558)
DRV - [2007/07/16 10:57:12 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007/01/31 12:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dne2000.sys -- (DNE)
DRV - [2007/01/18 14:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2007/01/03 16:25:18 | 000,027,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV - [2006/12/21 07:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/04 12:33:36 | 000,067,672 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2006/12/04 12:33:34 | 000,863,402 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2006/12/04 12:33:34 | 000,047,907 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2006/12/04 12:33:34 | 000,030,459 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/12/04 12:33:32 | 000,329,901 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2006/11/22 09:01:48 | 000,693,760 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2006/11/22 09:01:48 | 000,100,096 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2006/11/22 09:01:46 | 000,327,168 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (winusb)
DRV - [2006/10/25 18:10:54 | 000,003,712 | ---- | M] (Logitech Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/10/01 06:37:02 | 000,026,624 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0801.sys -- (tap0801)
DRV - [2006/09/05 11:43:32 | 000,027,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/09/05 11:43:20 | 000,071,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/25 18:40:00 | 001,156,808 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/04/26 11:23:52 | 000,250,880 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2006/03/19 14:41:08 | 000,143,872 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/02/07 23:55:36 | 001,480,704 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/01/09 20:47:27 | 000,031,846 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2005/10/05 11:00:06 | 000,047,104 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vserial.sys -- (vserial)
DRV - [2005/10/05 11:00:06 | 000,018,167 | ---- | M] (ELTIMA Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vsb.sys -- (vsbus)
DRV - [2005/08/19 06:08:12 | 000,497,423 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwfs.sys -- (NetwareWorkstation)
DRV - [2005/06/23 17:18:00 | 000,035,568 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwdns.sys -- (NWDNS)
DRV - [2005/05/26 17:14:00 | 000,015,891 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\NetWare\nwfilter.sys -- (NWFILTER)
DRV - [2005/05/05 16:38:06 | 000,155,697 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\srvloc.sys -- (SRVLOC)
DRV - [2005/01/26 08:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/03 13:51:38 | 000,020,332 | ---- | M] (Novell, Inc.) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwslp.sys -- (NWSLP)
DRV - [2004/10/15 09:46:12 | 000,091,136 | ---- | M] (SonicWALL, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\RCFOX.SYS -- (RCFOX)
DRV - [2004/08/19 11:34:06 | 000,038,848 | ---- | M] (Novell, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\nicm.sys -- (NICM)
DRV - [2004/08/16 14:52:02 | 000,017,101 | ---- | M] (Novell, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\NetWare\nwdhcp.sys -- (NWDHCP)
DRV - [2004/08/03 21:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/07/12 15:52:20 | 000,041,888 | ---- | M] (Novell, Inc.) [File_System | Auto | Stopped] -- C:\WINDOWS\system32\NetWare\nwsipx32.sys -- (NWSIPX32)
DRV - [2004/06/26 12:22:00 | 000,006,016 | ---- | M] (RDV Soft) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\vnccom.SYS -- (vnccom)
DRV - [2004/06/26 12:22:00 | 000,004,736 | ---- | M] (RDV Soft) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\vncdrv.sys -- (vncdrv)
DRV - [2004/06/01 17:19:34 | 000,027,249 | ---- | M] (Novell, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\NetWare\resmgr.sys -- (RESMGR)
DRV - [2004/02/17 14:16:58 | 000,011,856 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\NetWare\nwhost.sys -- (NWHOST)
DRV - [2004/02/11 04:04:00 | 000,070,656 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\wibukey.sys -- (Wibukey)
DRV - [2004/02/11 04:04:00 | 000,017,408 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wibukey2.sys -- (Wibukey2)
DRV - [2003/12/18 11:20:50 | 000,147,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2003/09/19 18:23:40 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2003/08/20 13:01:22 | 000,023,180 | ---- | M] (SonicWALL, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rcvpn.sys -- (rcvpn)
DRV - [2003/03/12 08:41:38 | 000,015,536 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TVicLPT.sys -- (TVicLPT)
DRV - [2003/02/26 13:51:18 | 000,023,232 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsap.sys -- (NWSAP)
DRV - [2003/02/13 06:27:38 | 000,005,808 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\NetWare\nwsns.sys -- (NWSNS)
DRV - [2002/11/13 14:38:40 | 000,016,447 | ---- | M] (Rockwell Automation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS -- (RSI-PKTX-A)
DRV - [2002/04/23 19:02:26 | 000,038,999 | ---- | M] (Rockwell Software Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\RSIKTNG.SYS -- (RSLINXNGKtControl)
DRV - [2001/08/17 13:07:44 | 000,019,072 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow)
DRV - [2001/08/17 13:07:42 | 000,030,688 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3)
DRV - [2001/08/17 13:07:40 | 000,028,384 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi)
DRV - [2001/08/17 13:07:36 | 000,032,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx)
DRV - [2001/08/17 13:07:34 | 000,016,256 | ---- | M] (Symbios Logic Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810)
DRV - [2001/08/17 12:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 12:52:20 | 000,045,312 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160)
DRV - [2001/08/17 12:52:20 | 000,040,320 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080)
DRV - [2001/08/17 12:52:18 | 000,049,024 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280)
DRV - [2001/08/17 12:52:16 | 000,179,584 | ---- | M] (Mylex Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k)
DRV - [2001/08/17 12:52:12 | 000,017,280 | ---- | M] (American Megatrends Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x)
DRV - [2001/08/17 12:52:00 | 000,026,496 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc)
DRV - [2001/08/17 12:51:58 | 000,014,848 | ---- | M] (Advanced System Products, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550)
DRV - [2001/08/17 12:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)
DRV - [2001/08/17 12:51:54 | 000,006,656 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-inc&channel=us
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findweather/getForecast?addfav=
IE - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.wunderground.com/cgi-bin/findweather/getForecast?addfav="
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/29 14:55:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/26 14:39:16 | 000,000,000 | ---D | M]

[2008/08/27 06:45:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Northwind\Application Data\Mozilla\Extensions
[2010/11/22 08:56:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions
[2010/06/25 06:39:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/11/20 08:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\LogMeInClient@logmein.com
[2008/03/10 17:04:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Northwind\Application Data\Mozilla\Firefox\Profiles\xp0402uv.default\extensions\moveplayer@movenetworks.com
[2010/11/26 14:39:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/16 08:22:42 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/08/25 06:39:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009/11/09 14:54:26 | 000,027,976 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll
[2009/11/09 14:54:26 | 000,125,848 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll
[2009/11/09 14:54:35 | 000,046,408 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\atmccli.dll
[2009/11/09 14:54:40 | 000,098,712 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\ieatgpc.dll
[2009/11/09 14:54:25 | 000,060,824 | ---- | M] (WebEx Communications, Inc) -- C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2008/05/19 13:57:00 | 002,641,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npRACtrl.dll
[2008/07/03 16:08:36 | 000,163,840 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2008/02/28 13:30:00 | 000,008,784 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\ractrlkeyhook.dll
[2008/02/28 13:33:00 | 000,245,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\unicows.dll

O1 HOSTS File: ([2010/12/03 08:38:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - AutorunsDisabled - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Bluetooth Connection Assistant] File not found
O4 - HKLM..\Run: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
O4 - HKLM..\Run: [NWTRAY] C:\WINDOWS\System32\nwtray.exe (Novell, Inc.)
O4 - HKLM..\Run: [openvpn-gui] C:\Program Files\OpenVPN\bin\openvpn-gui.exe ()
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files\Corel\WordPerfect Office 2002\Programs\QFSCHD100.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe (Rockwell Automation, Inc.)
O4 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O4 - HKLM..\RunOnce: [Easy Synchronization] C:\Program Files\Logitech\Easy Synchronization\LogitechEasySync.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\S-1-5-18..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe (Adobe Systems Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoCAD LT Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe (Autodesk, Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk = C:\WINDOWS\Installer\{A0B295C3-FD3C-11D4-A811-0090279106C3}\I_26dadCC.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\AutorunsDisabled [2010/11/17 13:36:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe (Southwest Airlines)
O4 - Startup: C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\Notify.lnk = C:\Novell\GroupWise\notify.exe (Novell, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: CompatibleRUPSecurity = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra Button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra 'Tools' menuitem : Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe (Net2Phone)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\NetWare\nwws2nds.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\WINDOWS\system32\NetWare\nwws2sap.dll (Novell, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\WINDOWS\system32\NetWare\nwws2slp.dll (Novell, Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {2AB1C516-D654-4D3A-B3D6-2185BBCEB409} https://connect.delmonte.com/+CSCOL+/relayp.cab (Cisco Systems WebVPN Relay Loader)
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} https://connect.delmonte.com/CACHE/stc/1/binaries/vpnweb.cab (Cisco AnyConnect VPN Client Web Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1204669671281 (MUWebControl Class)
O16 - DPF: {6EEFD7B1-B26C-440D-B55A-1EC677189F30} https://officena.fujifilmsericol.com/NELX.cab (NELaunchCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {9E065E4A-BD9D-4547-8F90-985DC62A5591} http://192.168.0.151/PlayerPT.cab (PlayerPT Control)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} http://iwon.oberon-media.com/online/online2/bejeweled2/popcaploader_v6.cab (PopCapLoader Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://bradycorp.webex.com/client/T26L/event/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - Reg Error: Key error. File not found
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (NWGINA.DLL) - C:\WINDOWS\System32\nwgina.dll (Novell, Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logitech\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Northwind\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Northwind\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {FE24CD78-7C63-465D-8787-4EDF7FC79895} - C:\Program Files\Logitech\Easy Synchronization\shellexecutehook.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/31 09:44:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/08/11 16:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.PBW -- [ NTFS ]
O32 - AutoRun File - [2008/04/29 16:55:24 | 000,000,000 | ---D | M] - M:\AutoCAD Activations -- [ NWFS ]
O32 - AutoRun File - [2005/06/10 10:06:22 | 000,000,000 | ---D | M] - V:\AutomationDirect -- [ NWFS ]
O32 - AutoRun File - [2008/05/22 10:53:04 | 000,000,000 | ---D | M] - Y:\AutoCad -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/07 08:28:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Northwind\Desktop\OTL.exe
[2010/12/06 08:22:05 | 001,086,304 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Northwind\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/03 08:21:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/12/03 08:21:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/12/03 08:21:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/12/03 08:21:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/12/03 08:21:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/12/03 08:21:15 | 004,329,496 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Northwind\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/12/03 08:05:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/12/02 09:47:33 | 001,344,088 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Northwind\Desktop\tdsskiller.exe
[2010/11/30 16:58:35 | 008,799,239 | ---- | C] (McAfee Inc.) -- C:\Documents and Settings\Northwind\Desktop\stinger10101176.exe
[2010/11/29 14:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Mozilla
[2010/11/29 14:55:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2010/11/29 14:54:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\%APPDATA%
[2010/11/29 14:52:59 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/11/29 14:46:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Northwind\Application Data\MSNInstaller
[2010/11/26 14:36:22 | 000,000,000 | ---D | C] -- C:\downloads
[2010/11/22 09:03:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Northwind\Desktop\GooredFix Backups
[2010/11/22 09:02:59 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Northwind\Desktop\GooredFix.exe
[2010/11/19 10:18:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/11/18 17:10:31 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Northwind\Desktop\mbam-setup-1.46.exe
[2010/11/18 16:46:23 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Northwind\Desktop\HijackThis.exe
[2010/11/17 15:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010/11/17 15:49:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/11/17 15:43:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/11/17 13:36:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG
[2010/11/17 13:27:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/17 10:16:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Northwind\Application Data\AVG10
[2010/11/17 10:14:15 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/11/17 10:12:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2010/11/17 10:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/11/17 09:23:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2010/11/17 08:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\IObit
[2010/11/17 08:33:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Northwind\Application Data\IObit
[2010/11/16 08:19:36 | 000,000,000 | ---D | C] -- C:\0-antivirus4linux
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/07 08:26:50 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Northwind\Desktop\OTL.exe
[2010/12/07 08:16:28 | 000,532,822 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/12/07 08:16:28 | 000,105,486 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/12/07 08:16:27 | 000,000,086 | ---- | M] () -- C:\WINDOWS\WPCMAPI.INI
[2010/12/07 08:12:53 | 000,002,535 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CorelCENTRAL 10.lnk
[2010/12/07 08:12:29 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/12/07 08:12:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/12/07 08:12:02 | 3487,195,136 | -HS- | M] () -- C:\hiberfil.sys
[2010/12/07 08:10:50 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/12/06 16:45:47 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Backup Profiles.job
[2010/12/06 12:18:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/12/06 12:08:38 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\Defrag.job
[2010/12/06 08:20:48 | 001,086,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Northwind\Desktop\avg_remover_stf_x86_2011_1165.exe
[2010/12/03 16:32:04 | 000,228,650 | ---- | M] () -- C:\Documents and Settings\Northwind\My Documents\(Pc017).html
[2010/12/03 16:30:47 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\Belarc.job
[2010/12/03 08:38:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/12/03 08:03:00 | 003,983,941 | R--- | M] () -- C:\Documents and Settings\Northwind\Desktop\etavaresCF.exe
[2010/12/02 09:38:02 | 001,344,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Northwind\Desktop\tdsskiller.exe
[2010/12/01 08:33:42 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Northwind\Desktop\dds.com
[2010/12/01 08:23:54 | 000,630,272 | ---- | M] () -- C:\Documents and Settings\Northwind\Desktop\dds.scr
[2010/12/01 07:40:39 | 000,000,017 | ---- | M] () -- C:\Documents and Settings\Northwind\Desktop\stinger10101176.opt
[2010/11/30 16:58:10 | 008,799,239 | ---- | M] (McAfee Inc.) -- C:\Documents and Settings\Northwind\Desktop\stinger10101176.exe
[2010/11/29 14:53:52 | 000,001,372 | ---- | M] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/26 14:39:18 | 000,001,657 | ---- | M] () -- C:\Documents and Settings\Northwind\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/22 14:57:47 | 245,791,822 | ---- | M] () -- C:\Documents and Settings\Northwind\Desktop\registry 11-22-10.reg
[2010/11/22 09:02:59 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Northwind\Desktop\GooredFix.exe
[2010/11/18 16:58:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Northwind\Desktop\mbam-setup-1.46.exe
[2010/11/18 16:40:42 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Northwind\Desktop\HijackThis.exe
[2010/11/17 13:31:12 | 208,392,014 | ---- | M] () -- C:\Documents and Settings\Northwind\Desktop\11-17-10 pc017 registry backup.reg
[2010/11/17 09:35:20 | 004,329,496 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Northwind\Desktop\avg_free_stb_all_2011_1153_cnet.exe
[2010/11/08 01:20:24 | 000,089,088 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/07 08:10:55 | 000,002,074 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
[2010/12/07 08:10:55 | 000,001,818 | ---- | C] () -- C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\DING!.lnk
[2010/12/07 08:10:55 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2010/12/07 08:10:55 | 000,001,724 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
[2010/12/07 08:10:55 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk
[2010/12/07 08:10:55 | 000,000,643 | ---- | C] () -- C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\Shortcut to taskmgr.lnk
[2010/12/07 08:10:55 | 000,000,624 | ---- | C] () -- C:\Documents and Settings\Northwind\Start Menu\Programs\Startup\Notify.lnk
[2010/12/03 16:32:03 | 000,228,650 | ---- | C] () -- C:\Documents and Settings\Northwind\My Documents\(Pc017).html
[2010/12/03 08:21:44 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/03 08:21:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/12/03 08:21:44 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/03 08:21:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/12/03 08:21:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/12/03 08:03:36 | 003,983,941 | R--- | C] () -- C:\Documents and Settings\Northwind\Desktop\etavaresCF.exe
[2010/12/01 08:34:06 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Northwind\Desktop\dds.com
[2010/12/01 08:25:00 | 000,630,272 | ---- | C] () -- C:\Documents and Settings\Northwind\Desktop\dds.scr
[2010/12/01 07:40:39 | 000,000,017 | ---- | C] () -- C:\Documents and Settings\Northwind\Desktop\stinger10101176.opt
[2010/11/29 14:53:52 | 000,001,372 | ---- | C] () -- C:\WINDOWS\System32\Improve Your PC.lnk
[2010/11/29 14:48:05 | 000,000,306 | ---- | C] () -- C:\WINDOWS\myClean.bat
[2010/11/26 14:39:18 | 000,001,657 | ---- | C] () -- C:\Documents and Settings\Northwind\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/11/22 14:56:41 | 245,791,822 | ---- | C] () -- C:\Documents and Settings\Northwind\Desktop\registry 11-22-10.reg
[2010/11/17 13:30:10 | 208,392,014 | ---- | C] () -- C:\Documents and Settings\Northwind\Desktop\11-17-10 pc017 registry backup.reg
[2010/09/24 07:16:29 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Q514ds8R8.dat
[2009/11/05 10:21:51 | 000,000,128 | ---- | C] () -- C:\WINDOWS\System32\FTDIUN2K.INI
[2009/11/05 10:21:50 | 000,013,888 | ---- | C] () -- C:\WINDOWS\WDTGR.DLL
[2009/11/05 10:21:50 | 000,008,096 | ---- | C] () -- C:\WINDOWS\WCDTGR.DLL
[2009/11/05 10:21:50 | 000,006,656 | ---- | C] () -- C:\WINDOWS\WNETWAY.DLL
[2009/11/05 10:21:50 | 000,004,064 | ---- | C] () -- C:\WINDOWS\WNETWT16.DLL
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/05/11 10:13:25 | 000,000,066 | ---- | C] () -- C:\WINDOWS\W3u.INI
[2009/03/19 12:34:32 | 000,002,560 | ---- | C] () -- C:\Documents and Settings\Northwind\Local Settings\Application Data\SecurityDescriptorStream.act
[2008/09/30 07:35:43 | 000,008,324 | ---- | C] () -- C:\Documents and Settings\Northwind\Local Settings\Application Data\WT61US.UWL
[2008/09/05 06:51:28 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc
[2008/08/13 09:49:33 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2008/07/25 10:08:34 | 000,036,408 | ---- | C] () -- C:\WINDOWS\System32\LINXVDD.DLL
[2008/06/06 15:47:22 | 000,013,408 | ---- | C] () -- C:\WINDOWS\System32\tabinst.dll
[2008/06/06 15:47:22 | 000,004,032 | ---- | C] () -- C:\WINDOWS\System32\tabins16.dll
[2008/06/03 16:49:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MERuntime.INI
[2008/06/02 19:56:18 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/06/02 19:56:14 | 000,031,846 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/06/02 19:56:14 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/03/08 20:53:10 | 000,155,700 | ---- | C] () -- C:\WINDOWS\System32\ODMA32.DLL
[2008/02/28 14:30:08 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll
[2008/01/29 13:54:45 | 000,000,072 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/01/18 12:02:56 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QEX.INI
[2008/01/18 11:55:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/12/14 16:47:33 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2007/08/28 12:17:20 | 000,002,392 | ---- | C] () -- C:\WINDOWS\IFPClient.ini
[2007/08/15 06:27:18 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/07/31 09:43:48 | 000,000,276 | ---- | C] () -- C:\WINDOWS\PVB.INI
[2007/07/16 10:58:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2007/07/16 10:58:00 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2007/06/22 11:59:04 | 000,245,760 | ---- | C] () -- C:\WINDOWS\System32\ABECADDll.dll
[2007/06/18 12:41:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2007/06/18 12:41:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth2.dll
[2007/06/18 12:41:52 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\clauth1.dll
[2007/06/18 12:41:52 | 000,000,475 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2007/06/18 12:41:52 | 000,000,073 | ---- | C] () -- C:\WINDOWS\System32\ssprs.dll
[2007/05/25 14:13:58 | 000,315,392 | ---- | C] () -- C:\WINDOWS\System32\Ec1DllSum.dll
[2007/05/25 14:13:58 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Ec1ToECAD.dll
[2007/05/21 13:39:13 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\_UNODBC.dll
[2007/05/21 13:37:12 | 000,000,011 | ---- | C] () -- C:\WINDOWS\NetWare.INI
[2007/05/18 08:12:29 | 000,000,068 | ---- | C] () -- C:\WINDOWS\ccolwiz.ini
[2007/02/07 15:57:11 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Northwind\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/02/06 09:19:25 | 000,010,001 | ---- | C] () -- C:\WINDOWS\PropBldr.INI
[2007/02/06 07:33:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Northwind\Application Data\$_hpcst$.hpc
[2007/01/12 11:14:56 | 000,022,720 | ---- | C] () -- C:\WINDOWS\System32\haspds_msi.dll
[2006/12/14 14:43:58 | 000,000,084 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2006/12/14 14:43:58 | 000,000,050 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2006/11/29 21:24:10 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2006/11/29 09:30:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\spcpro.INI
[2006/11/22 12:22:54 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\N2PUtil.dll
[2006/11/22 12:21:43 | 000,041,472 | ---- | C] () -- C:\WINDOWS\qvphook.dll
[2006/08/31 12:51:33 | 000,003,288 | ---- | C] () -- C:\WINDOWS\RFQBldr.INI
[2006/08/29 15:38:32 | 000,094,274 | ---- | C] () -- C:\WINDOWS\System32\HPBHealr.dll
[2006/08/29 15:38:22 | 000,003,399 | R--- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
[2006/08/29 15:38:22 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini
[2006/08/29 14:38:22 | 000,000,885 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2006/08/29 14:38:22 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2006/08/29 14:38:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2006/08/29 14:38:12 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2006/08/29 14:31:36 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2006/08/29 10:52:28 | 000,000,203 | ---- | C] () -- C:\WINDOWS\MFIMPORT.INI
[2006/08/29 10:47:34 | 000,000,075 | ---- | C] () -- C:\WINDOWS\abecadcb.ini
[2006/08/29 10:46:58 | 000,000,062 | ---- | C] () -- C:\WINDOWS\abecad.ini
[2006/08/29 10:40:00 | 000,005,991 | ---- | C] () -- C:\WINDOWS\fw.ini
[2006/08/23 12:56:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\frontpg.ini
[2006/08/23 12:52:23 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/08/23 12:52:23 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/08/23 12:51:59 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2006/08/23 12:51:59 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2006/08/23 12:51:59 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2006/08/18 10:38:29 | 000,000,086 | ---- | C] () -- C:\WINDOWS\WPCMAPI.INI
[2006/08/18 10:25:39 | 000,000,031 | ---- | C] () -- C:\WINDOWS\opera.ini
[2006/08/18 08:26:05 | 000,000,026 | ---- | C] () -- C:\WINDOWS\VSLevel2.INI
[2006/08/16 12:17:28 | 000,000,032 | ---- | C] () -- C:\WINDOWS\EvMoveW.INI
[2006/08/01 14:09:38 | 000,000,247 | ---- | C] () -- C:\WINDOWS\RLEIcons.ini
[2006/08/01 14:09:38 | 000,000,143 | ---- | C] () -- C:\WINDOWS\EDS.INI
[2006/08/01 13:59:14 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Northwind\Local Settings\Application Data\fusioncache.dat
[2006/08/01 13:59:04 | 000,000,182 | ---- | C] () -- C:\WINDOWS\rocksoft.ini
[2006/07/06 12:18:49 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\wibuKJni.dll
[2006/06/29 08:48:52 | 000,003,894 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/16 16:41:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/16 16:24:10 | 000,000,393 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/09/29 14:16:12 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\strtstop.dll
[2005/07/28 17:38:20 | 000,234,496 | ---- | C] () -- C:\WINDOWS\System32\lgnwnt32.dll
[2005/07/06 14:28:56 | 000,245,843 | ---- | C] () -- C:\WINDOWS\System32\nwshlxnt.dll
[2005/04/18 07:43:00 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\setupw2k.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/08/11 16:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 16:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 16:07:24 | 000,004,313 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/02/05 15:31:42 | 000,045,119 | ---- | C] () -- C:\WINDOWS\System32\dprpcw32.dll
[2002/08/12 07:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 15:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[2001/10/04 13:40:54 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nwslog32.dll
[2001/03/13 16:26:18 | 000,000,294 | ---- | C] () -- C:\WINDOWS\NET2FONE.INI
[2000/10/26 09:51:24 | 003,076,141 | ---- | C] () -- C:\WINDOWS\System32\MSOWC.DLL
[2000/01/20 08:15:14 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\lgncon32.dll
[1999/01/11 03:37:36 | 000,002,757 | ---- | C] () -- C:\WINDOWS\System32\rdrstats.ini
[1998/12/07 13:11:22 | 000,227,840 | ---- | C] () -- C:\WINDOWS\System32\lmgr325a.dll
[1997/02/27 06:04:24 | 000,198,680 | ---- | C] () -- C:\WINDOWS\System32\WL40ENT.DLL
[1997/02/27 06:04:10 | 000,023,064 | ---- | C] () -- C:\WINDOWS\System32\WTR40T.DLL
[1996/05/14 08:50:22 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\prtwin32.dll
[1995/08/22 07:36:12 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\nwpsrv32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4

< End of report >


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


OTL Extras logfile created on: 12/7/2010 08:28:28 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Northwind\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 69.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148.96 Gb Total Space | 91.83 Gb Free Space | 61.64% Space Free | Partition Type: NTFS
Drive J: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive K: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive L: | 1.94 Gb Total Space | 1.64 Gb Free Space | 84.63% Space Free | Partition Type: FAT
Drive M: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive N: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive P: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive Q: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive R: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive S: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive T: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS
Drive U: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive V: | 1546.27 Gb Total Space | 1305.57 Gb Free Space | 84.43% Space Free | Partition Type: NWFS
Drive Y: | 2771.32 Gb Total Space | 1484.32 Gb Free Space | 53.56% Space Free | Partition Type: NTFS

Computer Name: PC017 | User Name: Northwind | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

[HKEY_USERS\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"102:TCP" = 102:TCP:*:Enabled:DAS SI 102
"135:TCP" = 135:TCP:*:Enabled:DCOM 135
"502:TCP" = 502:TCP:*:Enabled:Modicon 502
"1434:UDP" = 1434:UDP:*:Enabled:SQL Server Browser 1434
"1433:TCP" = 1433:TCP:*:Enabled:SQL TCP 1433
"2221:TCP" = 2221:TCP:*:Enabled:DAS ABTCP 2221
"2222:TCP" = 2222:TCP:*:Enabled:DAS ABTCP 2222
"2223:TCP" = 2223:TCP:*:Enabled:DAS ABTCP 2223
"5413:TCP" = 5413:TCP:*:Enabled:Port 5413
"80:TCP" = 80:TCP:*:Enabled:SuiteVoyager 80
"443:TCP" = 443:TCP:*:Enabled:SuiteVoyager 443
"9001:TCP" = 9001:TCP:*:Enabled:vista 9001
"9002:TCP" = 9002:TCP:*:Enabled:EnvMngr 9002
"9003:TCP" = 9003:TCP:*:Enabled:MsgMngr 9003
"9004:TCP" = 9004:TCP:*:Enabled:SecMngr 9004
"9006:TCP" = 9006:TCP:*:Enabled:RedMngr 9006
"9007:TCP" = 9007:TCP:*:Enabled:UnilinkMngr 9007
"9008:TCP" = 9008:TCP:*:Enabled:BatchMngr 9008
"9011:TCP" = 9011:TCP:*:Enabled:LogMngr 9011
"9012:TCP" = 9012:TCP:*:Enabled:InfoMngr 9012
"9013:UDP" = 9013:UDP:*:Enabled:RedMngrX 9013
"9014:UDP" = 9014:UDP:*:Enabled:RedMngrX2 9014
"9015:TCP" = 9015:TCP:*:Enabled:HistQMngrvista 9015
"9016:TCP" = 9016:TCP:*:Enabled:HistQReader 9016
"44818:TCP" = 44818:TCP:*:Enabled:Logix 44818
"59152:UDP" = 59152:UDP:*:Enabled:SonicWALL Anti-Virus Compliance Port 59152
"59153:UDP" = 59153:UDP:*:Enabled:SonicWALL Anti-Virus Compliance Port 59153

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"135:TCP" = 135:TCP:*:Enabled:Port 135 TCP
"102:TCP" = 102:TCP:*:Enabled:DAS SI 102
"502:TCP" = 502:TCP:*:Enabled:Modicon 502
"1434:UDP" = 1434:UDP:*:Enabled:SQL Server Browser 1434
"1433:TCP" = 1433:TCP:*:Enabled:SQL TCP 1433
"2221:TCP" = 2221:TCP:*:Enabled:DAS ABTCP 2221
"2222:TCP" = 2222:TCP:*:Enabled:DAS ABTCP 2222
"2223:TCP" = 2223:TCP:*:Enabled:DAS ABTCP 2223
"5413:TCP" = 5413:TCP:*:Enabled:Port 5413
"9001:TCP" = 9001:TCP:*:Enabled:vista 9001
"9002:TCP" = 9002:TCP:*:Enabled:EnvMngr 9002
"9003:TCP" = 9003:TCP:*:Enabled:MsgMngr 9003
"9004:TCP" = 9004:TCP:*:Enabled:SecMngr 9004
"9006:TCP" = 9006:TCP:*:Enabled:RedMngr 9006
"9007:TCP" = 9007:TCP:*:Enabled:UnilinkMngr 9007
"9008:TCP" = 9008:TCP:*:Enabled:BatchMngr 9008
"9011:TCP" = 9011:TCP:*:Enabled:LogMngr 9011
"9012:TCP" = 9012:TCP:*:Enabled:InfoMngr 9012
"9013:UDP" = 9013:UDP:*:Enabled:RedMngrX 9013
"9014:UDP" = 9014:UDP:*:Enabled:RedMngrX2 9014
"9015:TCP" = 9015:TCP:*:Enabled:HistQMngrvista 9015
"9016:TCP" = 9016:TCP:*:Enabled:HistQReader 9016
"44818:TCP" = 44818:TCP:*:Enabled:Logix 44818
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\ArchestrA\aaLogger.exe" = C:\Program Files\Common Files\ArchestrA\aaLogger.exe:*:Enabled:aaLogger.exe -- (Invensys Systems, Inc.)
"C:\Program Files\Common Files\ArchestrA\slssvc.exe" = C:\Program Files\Common Files\ArchestrA\slssvc.exe:*:Enabled:Slssvc.exe -- (Invensys Systems, Inc.)
"C:\Program Files\Wonderware\InTouch\wm.exe" = C:\Program Files\Wonderware\InTouch\wm.exe:*:Enabled:wm.exe -- (Invensys Systems, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:mmc.exe -- (Microsoft Corporation)
"C:\WINDOWS\system32\OpcEnum.exe" = C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe -- (OPC Foundation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE" = C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE:*:Enabled:RSLinx.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe" = C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTest.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe" = C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RsvcHost.exe" = C:\Program Files\Common Files\Rockwell\RsvcHost.exe:*:Enabled:RsvcHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RdcyHost.exe" = C:\Program Files\Common Files\Rockwell\RdcyHost.exe:*:Enabled:RdcyHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\NmspHost.exe" = C:\Program Files\Common Files\Rockwell\NmspHost.exe:*:Enabled:NmspHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaDirServer.exe" = C:\Program Files\Common Files\Rockwell\RnaDirServer.exe:*:Enabled:RnaDirServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\EventServer.exe" = C:\Program Files\Common Files\Rockwell\EventServer.exe:*:Enabled:EventServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\DaClient.exe" = C:\Program Files\Common Files\Rockwell\DaClient.exe:*:Enabled:DaClient.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe" = C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe" = C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe -- (Rockwell Automation Inc.)
"C:\Program Files\Common Files\Rockwell\VStudio.exe" = C:\Program Files\Common Files\Rockwell\VStudio.exe:*:Enabled:VStudio.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" = C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe:*:Enabled:RSLinxNG.exe -- (Rockwell Automation)
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe" = C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Wonderware\InTouch\view.exe" = C:\Program Files\Wonderware\InTouch\view.exe:*:Enabled:view.exe -- (Invensys Systems, Inc.)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- File not found
"C:\WINDOWS\system32\inetsrv\inetinfo.exe" = C:\WINDOWS\system32\inetsrv\inetinfo.exe:*:Enabled:inetinfo.exe -- (Microsoft Corporation)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmCliSrvWrap.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmCliSrvWrap.exe:*:Enabled:AlmCliSrvWrap.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmMpx.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmMpx.exe:*:Enabled:AlmMpx.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlarmQB.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlarmQB.exe:*:Enabled:AlarmQB.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmSrv.exe:*:Enabled:AlmSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliSrv.exe:*:Enabled:CommandCliSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliTagHMIService.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliTagHMIService.exe:*:Enabled:CommandCliTagHMIService.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandErrorLogSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandErrorLogSrv.exe:*:Enabled:CommandErrorLogSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DatalogServ.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DatalogServ.exe:*:Enabled:DatalogServ.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DerivedTags.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DerivedTags.exe:*:Enabled:DerivedTags.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DisplayClient.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DisplayClient.exe:*:Enabled:DisplayClient.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdRp.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdRp.exe:*:Enabled:DlgRdRp.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdServ.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdServ.exe:*:Enabled:DlgRdServ.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\EventDetector.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\EventDetector.exe:*:Enabled:EventDetector.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\MERuntime.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\MERuntime.exe:*:Enabled:MERuntime.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe:*:Enabled:ServerFramework.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe:*:Enabled:TagSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\RSAlarmFileReader.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\RSAlarmFileReader.exe:*:Enabled:RSAlarmFileReader.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAeServer.exe" = C:\Program Files\Common Files\Rockwell\RnaAeServer.exe:*:Enabled:RnaAeServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe" = C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe:*:Enabled:RnaAlarmMux.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAlarmDetector.exe" = C:\Program Files\Common Files\Rockwell\RnaAlarmDetector.exe:*:Enabled:RnaAlarmDetector.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\CounterMonitor.exe" = C:\Program Files\Common Files\Rockwell\CounterMonitor.exe:*:Enabled:CounterMonitor.exe -- (Rockwell Automation, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\UltraVNC\winvnc.exe" = C:\Program Files\UltraVNC\winvnc.exe:*:Enabled:VNC server for Win32 -- (UltraVNC)
"C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe" = C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RsvcHost.exe" = C:\Program Files\Common Files\Rockwell\RsvcHost.exe:*:Enabled:RsvcHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaDirServer.exe" = C:\Program Files\Common Files\Rockwell\RnaDirServer.exe:*:Enabled:RnaDirServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\EventServer.exe" = C:\Program Files\Common Files\Rockwell\EventServer.exe:*:Enabled:EventServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\DaClient.exe" = C:\Program Files\Common Files\Rockwell\DaClient.exe:*:Enabled:DaClient.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe" = C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe" = C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe -- (Rockwell Automation Inc.)
"C:\Program Files\Common Files\Rockwell\VStudio.exe" = C:\Program Files\Common Files\Rockwell\VStudio.exe:*:Enabled:VStudio.exe -- (Rockwell Automation, Inc.)
"C:\WINDOWS\system32\OpcEnum.exe" = C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe -- (OPC Foundation)
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe" = C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe:*:Enabled:RSLinxNG.exe -- (Rockwell Automation)
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe" = C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\RAISE\RFQ Builder\RFQBldr.exe" = C:\Program Files\RAISE\RFQ Builder\RFQBldr.exe:*:Enabled:RAISE ProposalWorks -- (Rockwell Automation)
"C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe" = C:\Program Files\Corel\WordPerfect Office 2002\Register\NAVBrowser.exe:*:Enabled:NAVBrowser -- (Naviant, Inc.)
"C:\Program Files\Common Files\ArchestrA\aaLogger.exe" = C:\Program Files\Common Files\ArchestrA\aaLogger.exe:*:Enabled:aaLogger.exe -- (Invensys Systems, Inc.)
"C:\Program Files\Common Files\ArchestrA\slssvc.exe" = C:\Program Files\Common Files\ArchestrA\slssvc.exe:*:Enabled:Slssvc.exe -- (Invensys Systems, Inc.)
"C:\Program Files\Wonderware\InTouch\wm.exe" = C:\Program Files\Wonderware\InTouch\wm.exe:*:Enabled:wm.exe -- (Invensys Systems, Inc.)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:mmc.exe -- (Microsoft Corporation)
"C:\Program Files\RAISE\Proposal Builder\PropBldr.exe" = C:\Program Files\RAISE\Proposal Builder\PropBldr.exe:*:Enabled:RAISE ProposalWorks -- (Rockwell Automation)
"C:\Program Files\RAISE\eCADWorks Clipboard\ABECADCB.EXE" = C:\Program Files\RAISE\eCADWorks Clipboard\ABECADCB.EXE:*:Enabled:ABECAD Clipboard -- (Rockwell Automation)
"C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe" = C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe:*:Enabled:SonicWALL Global VPN Client -- (SonicWALL, Inc.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)
"C:\Program Files\WIBUKEY\Server\WkSvW32.exe" = C:\Program Files\WIBUKEY\Server\WkSvW32.exe:*:Enabled:WIBU-KEY Network server management -- (WIBU-SYSTEMS AG)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE" = C:\Program Files\Rockwell Software\RSLinx\RSLINX.EXE:*:Enabled:RSLinx.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe" = C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTest.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe" = C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v17.00.00 (CPR 9 SR 1) -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RdcyHost.exe" = C:\Program Files\Common Files\Rockwell\RdcyHost.exe:*:Enabled:RdcyHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\NmspHost.exe" = C:\Program Files\Common Files\Rockwell\NmspHost.exe:*:Enabled:NmspHost.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\BOOTP-DHCP Server\BootpServer.exe" = C:\Program Files\Rockwell Software\BOOTP-DHCP Server\BootpServer.exe:*:Enabled:BOOTP/DHCP Server -- (Rockwell Automation)
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe" = C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v16.03.00 (CPR 9) -- (Rockwell Automation, Inc.)
"C:\Program Files\Wonderware\InTouch\view.exe" = C:\Program Files\Wonderware\InTouch\view.exe:*:Enabled:view.exe -- (Invensys Systems, Inc.)
"C:\Program Files\EPLAN\Electric P8\1.9.6\BIN\W3u.exe" = C:\Program Files\EPLAN\Electric P8\1.9.6\BIN\W3u.exe:*:Enabled:EPLAN W3 -- (EPLAN Software & Service GmbH & Co. KG)
"C:\Program Files\Senomix\Senomix Timesheets Entry\local\Timesheet Entry.exe" = C:\Program Files\Senomix\Senomix Timesheets Entry\local\Timesheet Entry.exe:*:Enabled:Timesheet Entry -- ()
"C:\Program Files\UltraVNC\vncviewer.exe" = C:\Program Files\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe" = C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe:*:Enabled:BTSTAC~1 -- (Broadcom Corporation.)
"C:\Program Files\Southwest Airlines\Ding\Ding.exe" = C:\Program Files\Southwest Airlines\Ding\Ding.exe:*:Enabled:Ding -- (Southwest Airlines)
"C:\WINDOWS\system32\dwwin.exe" = C:\WINDOWS\system32\dwwin.exe:*:Enabled:dwwin -- (Microsoft Corporation)
"C:\WINDOWS\system32\inetsrv\inetinfo.exe" = C:\WINDOWS\system32\inetsrv\inetinfo.exe:*:Enabled:inetinfo.exe -- (Microsoft Corporation)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmCliSrvWrap.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmCliSrvWrap.exe:*:Enabled:AlmCliSrvWrap.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmMpx.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmMpx.exe:*:Enabled:AlmMpx.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlarmQB.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlarmQB.exe:*:Enabled:AlarmQB.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\AlmSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\AlmSrv.exe:*:Enabled:AlmSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliSrv.exe:*:Enabled:CommandCliSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliTagHMIService.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandCliTagHMIService.exe:*:Enabled:CommandCliTagHMIService.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\CommandErrorLogSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\CommandErrorLogSrv.exe:*:Enabled:CommandErrorLogSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DatalogServ.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DatalogServ.exe:*:Enabled:DatalogServ.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DerivedTags.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DerivedTags.exe:*:Enabled:DerivedTags.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DisplayClient.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DisplayClient.exe:*:Enabled:DisplayClient.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdRp.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdRp.exe:*:Enabled:DlgRdRp.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdServ.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\DlgRdServ.exe:*:Enabled:DlgRdServ.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\EventDetector.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\EventDetector.exe:*:Enabled:EventDetector.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\MERuntime.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\MERuntime.exe:*:Enabled:MERuntime.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe:*:Enabled:ServerFramework.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe:*:Enabled:TagSrv.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Rockwell Software\RSView Enterprise\RSAlarmFileReader.exe" = C:\Program Files\Rockwell Software\RSView Enterprise\RSAlarmFileReader.exe:*:Enabled:RSAlarmFileReader.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAeServer.exe" = C:\Program Files\Common Files\Rockwell\RnaAeServer.exe:*:Enabled:RnaAeServer.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe" = C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe:*:Enabled:RnaAlarmMux.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\RnaAlarmDetector.exe" = C:\Program Files\Common Files\Rockwell\RnaAlarmDetector.exe:*:Enabled:RnaAlarmDetector.exe -- (Rockwell Automation, Inc.)
"C:\Program Files\Common Files\Rockwell\CounterMonitor.exe" = C:\Program Files\Common Files\Rockwell\CounterMonitor.exe:*:Enabled:CounterMonitor.exe -- (Rockwell Automation, Inc.)
"C:\Novell\GroupWise\grpwise.exe" = C:\Novell\GroupWise\grpwise.exe:*:Enabled:Novell GroupWise -- (Novell, Inc.)
"C:\Novell\GroupWise\notify.exe" = C:\Novell\GroupWise\notify.exe:*:Enabled:Novell Notify -- (Novell, Inc.)
"C:\Program Files\EPLAN\Electric P8\1.9.11\BIN\W3u.exe" = C:\Program Files\EPLAN\Electric P8\1.9.11\BIN\W3u.exe:*:Enabled:EPLAN W3 -- (EPLAN Software & Service GmbH & Co. KG)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)
"{0100BD88-3990-431F-9175-AB60E31AFFDE}" = EPLAN License Client
"{025FDB98-8432-4A9A-A5B4-4BAD3721F332}" = PLC Generator
"{02EB132C-4AEE-4FCA-BF73-DB98671FF106}" = Database Merge Tool 1.0.1
"{03C94855-CC7A-456B-9E83-DA6CF25F65F3}" = Symbol Factory 2.0
"{05FA026B-8010-477D-82A2-4FA8B7900870}" = Rockwell Automation 1769 Analog Module Profiles
"{065717D4-B980-434B-B778-0F14FBDB4AC3}" = Cisco AnyConnect VPN Client
"{09590EF8-C176-4EED-8A16-33B20E19BB5D}" = promis-e Add-on 5.06 Service Pack
"{09649073-1F94-4F45-ACD8-6317956C694C}" = Rockwell Automation Drives SCANport Module Profiles
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0D847E60-13F6-4266-8D66-B5C7ACF2EBE4}" = Rockwell Automation 1734 Analog Module Profiles
"{10050017-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Start Page Media v17.00.05
"{13C4C1BC-6362-40DE-9CB3-48E1AC8A8CC7}" = Rockwell Automation 1732 Discrete Module Profiles
"{14F4B291-1684-4AB9-95C3-2B66260E515D}" = Rockwell Automation 1738 ASCII Module Profiles
"{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}" = Cisco Systems VPN Client 5.0.01.0600
"{17B66E83-1BC9-11D5-A54A-0090278A1BB8}" = Microsoft FrontPage Client - English
"{1971326E-F56C-4FB1-ACC9-C5E3036D2640}" = promis-e 2007 (A)
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20010017-D5FD-11DA-A128-000C29473C90}" = RSLogix 5000 Online Books v17.00.00
"{20610409-CA18-41A6-9E21-A93AE82EE7C5}" = Visual Studio .NET Professional 2003 - English
"{21062C6C-BA38-4646-B6AB-0F09B8E55121}" = RSLogix 5000 Module Profile Core
"{21F5098D-0C9E-4637-AD49-F037F6275990}" = NMAS Client (3.1.0.8)
"{248A5B8A-942E-4C67-96AF-ED41BACA800E}" = Rockwell Automation 1734 ASCII Module Profiles
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 21
"{26E1BFB0-E87E-4696-9F89-B467F01F81E5}" = Broadcom Advanced Control Suite
"{2BF0655E-B036-43F6-9230-BB45CB07F004}" = RSNetWorx for ControlNet 9.00.00 (CPR 9 SR 1)
"{2D2DDF11-FB28-4D96-A5BA-9A3AF0EA14E0}" = FactoryTalk Alarms and Events 2.20.00 (CPR 9 SR 2)
"{30010017-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v17.00.00 (CPR 9 SR 1)
"{30010115-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v15.01
"{30010316-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v16.03.00 (CPR 9)
"{30010413-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v13.04
"{30010612-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v12.06
"{30010710-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v10.07
"{30011611-EC33-11D6-A408-F6139379CBFB}" = RSLogix 5000 v11.16
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.0
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{325EE2FD-DB48-4A9A-9459-1C6CCA2D284E}" = PicoSoft 6
"{32FF6F27-37C3-46E9-B39E-56CD420415D1}" = FactoryTalk® View Site Edition 5.10.00 (CPR 9 SR 2)
"{34540622-805E-4CC7-98CF-65A43E99CF4D}" = RSLinx Classic 2.54.00 CPR 9 SR 1
"{3459512F-9223-4DCA-B555-CF00EDAF1B9C}" = Rockwell Automation 1769 Discrete Module Profiles
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{357187EE-8B25-467D-A567-88C735932174}" = Rockwell Automation 1734 Discrete Module Profiles
"{39363D4F-BF1C-447C-8014-F7966A9975D9}" = Rockwell Automation 1734 Specialty Module Profiles
"{3E77CC74-82B8-4A2A-9A6C-5E45370E57C4}" = LogMeIn
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{4634B79A-3562-4AC0-B6A2-DF9E2D285EBC}" = ClearKeeper
"{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}" = Rockwell Automation 1756 CNet Comms Module Profiles
"{490A0AB2-4AD1-4593-A718-929D36BCD53C}" = SA MODBUS Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A91F16D-0D06-4487-86F6-418ADCDFC8DF}" = PicoSoft 6 Pro
"{4ADCBF6A-1769-4958-905D-9FF1F733056C}" = ecsPublisher 5.6
"{4BBDAB71-0634-4E2A-8E50-8860FB6BA220}" = FactoryTalk Activation Client 3.02 (CPR 9 SR 2)
"{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"{4DCD7A41-ED36-45CA-BD29-7030EDCB9FC2}" = promis-e V8i (M)
"{4E8B84D4-778C-4DE6-8CBC-2586D438D295}" = Rockwell Automation USB CIP Driver Package
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)
"{517AA455-8CC9-4281-87A4-865E71947DC9}" = RSLogix 5000 IEC61131-3 Translation Tool
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{56D614BA-A250-4C3E-8F79-43B3BC611D21}" = Parker Isysnet ASCII Module Profile
"{5757AE1A-1DB4-4898-9806-09F77FBD5E57}" = MSDN Library for Visual Studio .NET 2003
"{5783F2D7-4009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2006 - English
"{5783F2D7-6009-0409-0002-0060B0CE6BBA}" = AutoCAD LT 2008 - English
"{57EF8F37-4213-498E-A6D0-79DC2D96CA45}" = Rockwell Automation 1738 Discrete Module Profiles 2
"{5977421B-2072-4DA7-9A18-90AF4BB24268}" = Rockwell Automation 1769 Controller Module Profiles
"{5B860FC6-C088-4D53-9A1D-10BBE33BE045}" = Rockwell Automation Generic Safety Module Profiles
"{5C2E0840-A4C1-4EA7-AD65-21D8E1823186}" = BatchLOGIX
"{5D312C74-93CA-4B79-BEBB-95D3982379E1}" = VBA (3821h)
"{5FA8620C-8B05-4CD0-9E93-E29AD4D0AA87}" = Rockwell Windows Firewall Configuration Utility 1.00.04
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{60C6C5B8-6D81-4849-800F-0400C7FA1C70}" = Rockwell Automation 1738 Discrete Module Profiles 3
"{61684039-18B0-4C81-9F3F-F9FB848967D3}" = GroupWise
"{63BEBA47-EAAA-4152-A70C-6385430C81C6}" = RSLinx Enterprise 5.20.00000 (CPR 9 SR 2)
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.7
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B977FCD-28E0-47C6-8056-E5FF477D898E}" = Parker Isysnet Discrete Module Profiles 2
"{6C7DDE5A-6A22-4D65-BA0F-AB41289A1E70}" = Microsoft Windows CE 5.0 Emulator
"{6D943539-D3DF-4062-95BA-789A6D494E3E}" = QuikLOGIX
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7159B8D9-0527-4C33-875F-E5FBA8FC435D}" = RSLogix 5000 Compare v3
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{71D74FCD-8DB9-4BEB-9C9D-1D19F2E02AE3}" = Microsoft Report Viewer Redistributable 2005
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75753F03-0AE0-4E7F-8FBE-155B213F6A43}" = Hoffman Panel Builder
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78921186-FCF5-4832-8FD1-088339BE6FAE}" = Rockwell Automation 1738 Analog Module Profiles
"{7BCFC80E-8D88-4B7C-AF62-A629521B3274}" = BootP-DHCP Server
"{7CB1A5C6-0EF4-4E6D-92CA-D96ADED5F2A4}" = Rockwell Automation 1769 Specialty Module Profiles
"{7D3C6066-4659-4A2E-8D8E-EE93E206FF99}" = Rockwell Automation 1756 HART Module Profiles
"{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}" = DeviceNet Node Commissioning Tool
"{80FA8F02-B48D-4208-89F1-AA1100C960B5}" = Rockwell Automation 1769 Boolean Module Profiles
"{82EF602F-913D-4EF5-B7E3-765FD34134E9}" = promis-e Add-on 5.06
"{830A6D6D-D9FA-4171-9288-1FCFB6C7367E}" = Wonderware InTouch
"{833ACF16-EA4E-43D4-8E93-6E333C2EE459}" = Rockwell Automation Drives PowerFlex 7 Module Profiles
"{8372A29B-CE1C-4419-B479-8493027B41AA}" = Rockwell Automation 1769 ASCII Module Profiles
"{8391EA99-A1EF-4EF3-97EE-BE966DBA3411}" = Rockwell Automation 1791DS Discrete Module Profiles
"{84031A18-BA9A-4156-A74F-E05B52DDFCE2}" = DING!
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{892747AF-0D5F-46A0-90FD-730D454261FB}" = CenterONE
"{893727BF-9C7C-483F-9E69-D8314DB21186}" = Parker Isysnet Discrete Module Profiles
"{8A8C5496-0460-489E-8CB9-8F62E09F033D}" = Tag Data Monitor Tool
"{8B9852AF-B0B0-47B7-9BC5-89A95D77B6C9}" = MP3 Player Utilities 4.17
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_SMALLBUSINESSR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_SMALLBUSINESSR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_SMALLBUSINESSR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel Matrix Storage Manager
"{90F50409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core
"{90F60409-6000-11D3-8CFE-0150048383C9}" = Visual Basic for Applications ® Core - English
"{91120000-00CA-0000-0000-0000000FF1CE}" = Microsoft Office Small Business 2007
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-00CA-0000-0000-0000000FF1CE}_SMALLBUSINESSR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{927DB57A-2A2A-4DC5-9E07-234C9F285F03}" = Parker Isysnet Discrete Module Profiles 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9AE0E408-37BC-4B89-B768-252DE878CE7A}" = Logix CPU Security Tool
"{A0B295C3-FD3C-11D4-A811-0090279106C3}" = WordPerfect Office 2002
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications ® Core - English
"{A1C775C8-CBD3-49B0-A72C-4C751378B2F4}" = RSLogix 5000 Setup Installer
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A393179D-478D-40C7-A6A2-90B9F34C2341}" = Rockwell Automation 1738 Discrete Module Profiles
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A4440267-14C7-4FFD-AC02-3948B718A309}" = DriveTools V3.01
"{A4512736-8D63-4298-9271-5329931FA46B}" = Microsoft SQL Server Management Studio Express
"{A6F82CD1-E338-4D47-B6DA-907040B7624A}" = Rockwell Automation 1734 Discrete Module Profiles 2
"{A7DB7470-C9DF-11D4-B49F-0006294FC964}" = TwidoSoft
"{A8AD990E-355A-4413-8647-A9B168978423}_is1" = UltraVNC v1.0.2
"{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}" = Rockwell Automation 1756 ENet Comms Module Profiles
"{AC134D03-97F1-45B9-B32A-52E885AFA895}" = Mobile Phone Suite Easy Synchronization
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000604}" = Adobe Acrobat and Reader 6.0.4 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-0000-BA7E-000000000001}" = Adobe Acrobat 6.0.1 Standard
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{AC76BA86-7AD7-2447-0000-800000000003}" = Chinese Simplified Fonts Support For Adobe Reader 8
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{B100A292-14C5-4E41-AE27-0229BFBFDA9F}" = RSLogix 5000 DeviceNet Tag Generator
"{B101C040-7C44-11D5-B326-0003474EAECA}" = Product Selection Toolbox Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B9ED7828-4CB8-4873-95F5-64525C9229BE}" = Rockwell Automation 1769 Analog Module Profiles
"{BA35560D-EE87-40BD-A84B-48F4CD939D38}" = Tag Upload Download Tool
"{BA88D32C-873C-4C70-A2CF-2C884E698299}" = RSLogix 5000 Module Profile Setup Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1EFEE0F-87EB-481A-A8F4-903069F12236}" = Parker Isysnet Analog Module Profiles
"{C4CF38A1-29FD-439E-B734-08E3CE46FA22}" = Logix5000 Clock Update Tool
"{C6645398-C6A3-4850-AD39-F1BB8FCDD524}" = Bentley MicroStation PowerDraft V8i 08.11.05.17
"{CB1AF399-1DAA-44DF-BDAC-0EB0120015A9}" = Rockwell Automation Drives PowerFlex 7 2 Module Profiles
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDC70E7C-08FA-4EA6-B6EE-15FB9BB4E3F0}" = DriveTools v3.03 Patch
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D02CEF5F-56D4-432C-B4BB-25B8AF6BC1EB}" = RSLogix 5000 System Updates
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1337876-6370-48F5-B0DD-2ADD32298FF8}" = Livescribe Desktop
"{D1596264-A65A-42C3-84C7-54D2D446E992}" = RSLogix5000 Data Preserved Download Tool
"{D16FBBE1-31E6-4288-9EEA-905AAA65A154}" = Safety Accelerator Toolkit for GuardLogix Systems
"{D2AEA257-E1F9-46B5-9293-856C8EAE2D16}" = Rockwell Automation Drives PowerFlex 4 Module Profiles
"{D46576DB-A61E-406A-ACCC-74DE8BB07768}" = RSLogix 500 English 7.30.10 (CPR 9)
"{D4D24FE5-FAB3-4FE2-AFFC-623955F4DF3A}" = Visual Studio.NET Baseline - English
"{D613E094-CA9D-4D73-B389-FC35D63C21DC}" = Fujitsu COBOL Free Run-time
"{DE6BBFB2-B81E-4FBD-825F-EAC90F54D311}" = Rockwell Automation 1769 Embedded Module Profiles
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E101823F-C3DE-4B43-9EB3-D36DEE6FCAA3}" = EPLAN Electric P8 1.9.10
"{E10D2C16-8584-41C5-8DCD-DC91554B1158}" = EPLAN Electric P8 1.9.11
"{E10FD61C-CE64-440D-BB3C-BAF99A1BE287}" = EPLAN Electric P8 1.9.6
"{E1407C99-DDB0-461E-919F-9C580A5ECC5A}" = EPLAN Data Portal 1.9.6
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA
"{E477C386-788C-48A4-8150-38990356032E}" = Logix5000 Task Monitor
"{EA743326-308F-49B5-8DF9-73D65F0299C9}" = ExpensAble 6
"{EDFE2142-CFB3-44AB-A961-DE85F6408A28}" = Sentinel Protection Installer 7.3.2
"{F02DBC5D-33E3-45E9-B0F8-B7745229ED1C}" = NICI (Shared) U.S./Worldwide (128 bit) (2.7.0-2)
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F29628BB-F9A4-4CAC-B697-148C2AF37C17}" = FactoryTalk Services Platform 2.10 (CPR 9 SR 2)
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F5B20EF6-80AE-4D77-BEBF-AF63CEFA5DD0}" = ControlFLASH
"{F7CB56B9-1059-4729-8F2C-5D49E515CBF5}" = Brother MFL-Pro Suite
"{F891528B-E144-4143-A7F5-A2F368753B5E}" = C-more Programming Software Version 1.21 Build 06.18A
"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client
"{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}" = Rockwell Automation 1738 Specialty Module Profiles
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications ® Core
"{FCE99081-B2BC-474B-8399-3C1CBDC1BDC5}" = ABB Configurator
"1ECD657E4445D4F72EB15751A07E4215BA450674" = Windows Driver Package - Livescribe (PulseUsb) DigitalPen (07/22/2009 2.1.6.0)
"ABB Absolute Marking System 2.0" = ABB Absolute Marking System 2.0
"ActiveTouchMeetingClient" = WebEx
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AOPA's Real-Time Flight Planner" = AOPA's Real-Time Flight Planner 1.2.3
"ATI Display Driver" = ATI Display Driver
"AutoCAD LT 2008 - English" = AutoCAD LT 2008 - English
"Belarc Advisor" = Belarc Advisor 7.2
"cwRsync" = cwRsync (remove only)
"EasyGPS_is1" = EasyGPS
"hp color LaserJet 9500 Uninstaller" = hp color LaserJet 9500 Uninstaller
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{02EB132C-4AEE-4FCA-BF73-DB98671FF106}" = Database Merge Tool 1.0.1
"Installshield_{09590EF8-C176-4EED-8A16-33B20E19BB5D}" = promis-e Add-on 5.06 SP 29
"InstallShield_{1971326E-F56C-4FB1-ACC9-C5E3036D2640}" = promis-e 2007 (A)
"InstallShield_{4CE88F4D-B74E-4F92-9DA4-ECEB60ED362A}" = TBS WMP Plug-in
"InstallShield_{4DCD7A41-ED36-45CA-BD29-7030EDCB9FC2}" = promis-e V8i (M)
"InstallShield_{75753F03-0AE0-4E7F-8FBE-155B213F6A43}" = Hoffman Panel Builder
"InstallShield_{82EF602F-913D-4EF5-B7E3-765FD34134E9}" = promis-e Add-on 5.06
"LT-Extender 2000 Plus for AutoCAD LT© 2000-2006" = LT-Extender 2000 Plus for AutoCAD LT© 2000-2006
"LT-Extender 2000 Plus for AutoCAD LT© 2000-2008" = LT-Extender 2000 Plus for AutoCAD LT© 2000-2008
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Report Viewer Redistributable 2005" = Microsoft Report Viewer Redistributable 2005
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Net2Phone_10_0" = Net2Phone/Net2Fax
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenVPN" = OpenVPN 2.0.9-gui-1.0.3
"PanelBuilder32" = PanelBuilder32
"Profiles Manager for AutoCAD LT© 2000-2006" = Profiles Manager for AutoCAD LT© 2000-2006
"Profiles Manager for AutoCAD LT© 2000-2007" = Profiles Manager for AutoCAD LT© 2000-2007
"QVP" = Quick View Plus
"Recover Data for Novell Netware (Trial Version)_is1" = Recover Data for Novell Netware (Trial Version)
"RSHWare" = Rockwell Software Hardware Maintenance Tool
"Senomix_0" = Senomix Timesheets Entry
"Senomix_1" = Senomix Timesheets Admin
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMALLBUSINESSR" = Microsoft Office Small Business 2007
"SmartSketch" = Intergraph SmartSketch
"SmartSketch AEC Solutions" = Intergraph SmartSketch AEC Solutions
"SmartSketch Electrical Diagramming" = Intergraph SmartSketch Electrical Diagramming
"SmartSketch GD&T and Weld Symbols" = Intergraph SmartSketch GD&T and Weld Symbols
"SmartSketch Image Integrator" = Intergraph SmartSketch Image Integrator
"SmartSketch Process Solutions" = Intergraph SmartSketch Process Solutions
"SmartSketch Programming Tools" = Intergraph SmartSketch Programming Tools
"SmartSketch Symbol Authoring" = Intergraph SmartSketch Symbol Authoring
"SmartSketchCADTranslators" = Intergraph SmartSketch CAD Translators
"SmartSketchWebPub" = Intergraph SmartSketch Web Publishing
"SonicWALL SSL-VPN NetExtender" = SonicWALL SSL-VPN NetExtender
"SyncBack_is1" = SyncBack
"Ultravnc2_is1" = UltraVNC 1.0.5.6
"Visual Studio .NET Professional 2003 - English" = Microsoft Visual Studio .NET Professional 2003 - English
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WeatherBug" = WeatherBug
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"winusb0100" = Microsoft WinUsb 1.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMS" = Windows NT Messaging
"WordPerfect Office 2002" = WordPerfect Office 2002
"Wudf01005" = Microsoft User-Mode Driver Framework Feature Pack 1.5
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1194882813-1188430357-3457618224-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AA82CB9-2A37-434F-9017-70742B1D0A5F}" = TwidoSuite
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/29/2010 17:58:01 | Computer Name = PC017 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/29/2010 18:59:01 | Computer Name = PC017 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/29/2010 18:59:01 | Computer Name = PC017 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/29/2010 20:00:41 | Computer Name = PC017 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/29/2010 20:00:41 | Computer Name = PC017 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/30/2010 18:08:56 | Computer Name = PC017 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/30/2010 18:08:56 | Computer Name = PC017 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/2/2010 10:52:43 | Computer Name = PC017 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007041D from line 44 of d:\comxp_sp3\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 12/2/2010 10:52:43 | Computer Name = PC017 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = RSLinx Enterprise | ID = 6619243
Description = The RSLinx Enterprise runtime service cannot initialize FactoryTalk
(error 0x80070422: ). Contact Rockwell Software Technical Support for more information.

[ Cisco AnyConnect VPN Client Events ]
Error - 5/24/2010 16:09:30 | Computer Name = PC017 | Source = vpnui | ID = 50724865
Description = Function: ConnectMgr :: processIfcData Return code: 0 File: .\ConnectMgr.cpp
Line:
586 Description: Unrecognized content type (Unknown) received.

Error - 5/24/2010 16:09:30 | Computer Name = PC017 | Source = vpnui | ID = 50724865
Description = Function: ConnectMgr :: processIfcData Return code: 0 File: .\ConnectMgr.cpp
Line:
607 Description: Unable to process response from connect.creslinepipe.com.

Error - 5/25/2010 13:55:09 | Computer Name = PC017 | Source = vpnui | ID = 50724865
Description = Function: ::LoadLibrary Return code: 126 File: .\Utility\Win\HModuleMgr.cpp
Line:
114 Description: The specified module could not be found.

Error - 5/25/2010 13:55:21 | Computer Name = PC017 | Source = vpndownloader | ID = 50659329
Description = Function: stat Return code: 2 File: .\ManifestInfo.cpp Line: 1306 Description:
The system cannot find the file specified.

Error - 5/25/2010 13:55:21 | Computer Name = PC017 | Source = vpndownloader | ID = 50659329
Description = Function: FileCbSize Return code: 0xFE000002 File: .\ManifestInfo.cpp
Line:
173 Description: unknown

Error - 5/25/2010 13:55:22 | Computer Name = PC017 | Source = vpndownloader | ID = 50659329
Description = Function: CIPAddr::setIPAddress Return code: 0xFE24000A File: ..\Common\Utility\ipaddr.cpp
Line:
100 Description: unknown

Error - 5/25/2010 13:55:22 | Computer Name = PC017 | Source = vpnagent | ID = 50331649
Description = Function: CIPAddr::setIPAddress Return code: 0xFE24000A File: .\Utility\ipaddr.cpp
Line:
100 Description: IPADDR_ERROR_INVALID_IP_ADDRESS

Error - 5/25/2010 13:55:22 | Computer Name = PC017 | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1796 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



Error - 5/25/2010 13:55:22 | Computer Name = PC017 | Source = vpnagent | ID = 50331649
Description = Function: CCapiCertificate::Verify Return code: 0xFE220012 File: .\Certificates\CapiCertStore.cpp
Line:
515 Description: CERTIFICATE_ERROR_VERIFY_CHAIN_POLICY_FAILED_ASKUSER

Error - 5/25/2010 13:55:22 | Computer Name = PC017 | Source = vpnagent | ID = 50331649
Description = Function: CertVerifyCertificateChainPolicy Return code: 0x800B0109 File:
.\Certificates\CapiCertificate.cpp Line: 1796 Description: A certificate chain processed,
but terminated in a root certificate which is not trusted by the trust provider.



[ FTDiag Events ]
Error - 5/24/2010 17:47:47 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = Logged Date: 21:47:47 Monday, May 24, 2010 Location: PC017 Provider:
FactoryTalk View ME Station Username: DEFAULT Verbosity: 0 Login of user 'hsi'
failed. Insufficient access right

Error - 5/24/2010 17:49:55 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = Logged Date: 21:49:55 Monday, May 24, 2010 Location: PC017 Provider:
FactoryTalk View ME Station Username: DEFAULT Verbosity: 0 Login of user 'setup'
failed. Insufficient access right

Error - 5/24/2010 17:54:57 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = Logged Date: 21:54:57 Monday, May 24, 2010 Location: PC017 Provider:
FactoryTalk View ME Station Username: DEFAULT Verbosity: 0 Login of user 'hsi'
failed. Insufficient access right

Error - 5/24/2010 17:56:05 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = Logged Date: 21:56:05 Monday, May 24, 2010 Location: PC017 Provider:
FactoryTalk View ME Station Username: DEFAULT Verbosity: 0 Login of user 'setup'
failed. Insufficient access right

Error - 6/23/2010 11:23:41 | Computer Name = PC017 | Source = RSLinx Enterprise OPCServer | ID = 33489897
Description = Logged Date: 15:23:41 Wednesday, June 23, 2010 Location: PC017 Provider:
RSLinx Enterprise OPCServer Username: NT AUTHORITY\SYSTEM Verbosity: 1 Shortcut
'Ethernet.1763-L16AWA B/7 00' is not usable: the device 'Ethernet.1763-L16AWA B/7
00' is not available, error=$8004E2

Error - 6/28/2010 12:30:21 | Computer Name = PC017 | Source = RSLinx Enterprise OPCServer | ID = 33489897
Description = Logged Date: 16:30:21 Monday, June 28, 2010 Location: PC017 Provider:
RSLinx Enterprise OPCServer Username: NT AUTHORITY\SYSTEM Verbosity: 1 Shortcut
'Ethernet.1763-L16AWA B/7 00' is not usable: the device 'Ethernet.1763-L16AWA B/7
00' is not available, error=$8004E2

Error - 7/7/2010 10:32:03 | Computer Name = PC017 | Source = RSLinx Enterprise OPCServer | ID = 33489897
Description = Logged Date: 14:32:03 Wednesday, July 07, 2010 Location: PC017 Provider:
RSLinx Enterprise OPCServer Username: NT AUTHORITY\SYSTEM Verbosity: 1 Shortcut
'Ethernet.1747-L552/C C/11 - DC 3 46' is not usable: the device 'Ethernet.1747-L552/C
C/11 - DC 3 46' is not available, error=$8004E2

Error - 7/13/2010 14:44:57 | Computer Name = PC017 | Source = RSLinx Enterprise OPCServer | ID = 33489897
Description = Logged Date: 18:44:57 Tuesday, July 13, 2010 Location: PC017 Provider:
RSLinx Enterprise OPCServer Username: NT AUTHORITY\SYSTEM Verbosity: 1 Shortcut
'CompactLogix System.WRS_2715' is not usable: the device 'CompactLogix System.WRS_2715'
is not available, error=$8004E2

Error - 11/19/2010 11:15:05 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = (FTSessionState,RTE_ERROR_CRITICAL,process:RsvcHost.exe) FactoryTalk
Session State Service failed to initialize monitoring of Terminal Services after
120 attempts

Error - 11/19/2010 11:28:19 | Computer Name = PC017 | Source = FactoryTalkDiagnostics | ID = 33489897
Description = (FTSessionState,RTE_ERROR_CRITICAL,process:RsvcHost.exe) FactoryTalk
Session State Service failed to initialize monitoring of Terminal Services after
120 attempts

[ OSession Events ]
Error - 1/12/2009 12:38:47 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 9437
seconds with 180 seconds of active time. This session ended with a crash.

Error - 2/6/2009 12:42:33 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 8762
seconds with 240 seconds of active time. This session ended with a crash.

Error - 3/27/2009 14:25:35 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 11484
seconds with 60 seconds of active time. This session ended with a crash.

Error - 4/8/2009 17:18:45 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 29167
seconds with 1860 seconds of active time. This session ended with a crash.

Error - 4/22/2009 14:28:15 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6341.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 13002
seconds with 300 seconds of active time. This session ended with a crash.

Error - 6/22/2009 11:17:32 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 3371
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 8/13/2009 09:37:36 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6504.5001, Microsoft Office Version: 12.0.6215.1000. This session lasted 744
seconds with 300 seconds of active time. This session ended with a crash.

Error - 9/16/2009 15:25:35 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 17
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/16/2009 15:25:49 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 7
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/28/2009 11:03:44 | Computer Name = PC017 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 14
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 12/7/2010 10:12:28 | Computer Name = PC017 | Source = Service Control Manager | ID = 7001
Description = The RSLinx Classic service depends on the Harmony service which failed
to start because of the following error: %%1058

Error - 12/7/2010 10:12:35 | Computer Name = PC017 | Source = Service Control Manager | ID = 7000
Description = The A-B Virtual Backplane service failed to start due to the following
error: %%2

Error - 12/7/2010 10:12:40 | Computer Name = PC017 | Source = Service Control Manager | ID = 7000
Description = The A-B Virtual Backplane service failed to start due to the following
error: %%2

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service RsvcHost with
arguments "" in order to run the server: {D878DCA8-F659-4C21-B841-913A0043AD07}

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service RNADirMultiplexor
with arguments "-Service" in order to run the server: {930DBDCF-D1AC-4CFA-AF67-A03EAB009BC2}

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = Service Control Manager | ID = 7001
Description = The Rockwell Event Multiplexer service depends on the Rockwell Application
Services service which failed to start because of the following error: %%1058

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = Service Control Manager | ID = 7001
Description = The Rockwell Directory Multiplexer service depends on the Rockwell
Event Multiplexer service which failed to start because of the following error:
%%1068

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = DCOM | ID = 10005
Description = DCOM got error "%1068" attempting to start the service RNADirMultiplexor
with arguments "-Service" in order to run the server: {930DBDCF-D1AC-4CFA-AF67-A03EAB009BC2}

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = Service Control Manager | ID = 7001
Description = The Rockwell Event Multiplexer service depends on the Rockwell Application
Services service which failed to start because of the following error: %%1058

Error - 12/7/2010 10:12:43 | Computer Name = PC017 | Source = Service Control Manager | ID = 7001
Description = The Rockwell Directory Multiplexer service depends on the Rockwell
Event Multiplexer service which failed to start because of the following error:
%%1068


< End of report >

#13 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 December 2010 - 12:14 PM

Computer worked great on Tuesday. Wednesday morning seemed a little slow, then I got a Generic Win32 error. Tried to reboot and it hung on the Windows splash screen. Forced off with switch and tried safe mode, hangs with MUP.SYS displayed as the last line.

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:36 PM

Posted 09 December 2010 - 06:44 PM

Hello, jason70.

Interesting. Nothing we did in the last post was invasive, short of installing the antivirus software.

Unfortunately, MUP.sys is not helpful...it's the one after that. We can fix it. A few things to try.

First, try booting into "Last Known Good Configuration" from the same menu you tried to get into Safe Mode.

If that does NOT work, get to the same menu and select Enable Boot Logging. If you need to, select the operating system to start (e.g. Microsoft Windows XP Professional) and press Enter. This screen does not always pop up.

When it hangs, power off and let me know. We can access the boot log to determine what is booting. To do so, we will need a USB flash drive that is empty.



etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 jason70

jason70
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 10 December 2010 - 10:02 AM

I was in the middle of installing an add on to some software I was using when the Win32 error hit. I am confident the software I was installing was not the cause of the Win32 error, but is very likely now part of the problem. Guilt by association.

I have tried to start for Last Known Good Configuration, but it did not help. I have restarted,Enabled Boot Logging and shutdown, so I am ready for the next step.

Thanks

jason70




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users