Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random Noises and Redirect


  • This topic is locked This topic is locked
19 replies to this topic

#1 geegollygirl

geegollygirl

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 15 June 2012 - 09:44 AM

I am hoping I caught this problem before it had a chance to get too bad. I had a problem about 6 months ago with a redirect issue that this AWESOME website was able to help me with, hopefully I'll get as lucky again. I only noticed redirecting once last night but then noticed with all Windows closed and no programs running I was hearing random noises (advertisements maybe) coming from my PC.

I then noticed that Microsoft Security Essentials was in my toolbar but not running. I could open it and get to the restart button but it couldn't restart. I uninstalled and re-installed it, then disconnected my PC from the internet. I ran a full scan and it came up with 20 or so issues. So it quarenteened them and said it needed to reboot to finish, so I let it. Then it told me the same thing again and again (about needing to reboot to fix the issue). I thought the 3rd reboot was suspicious so I'm running a full scan again, but don't think that's going to take care of it. I read a previous article on here with similar issues and it was something related to password stealing (I know that doesn't necessarily mean my issue is that, but better safe than sorry), so I'm going to try my best to get the issue resolved without letting the PC in trouble back on the internet, I do all my online banking on that PC...

Hope this gives someone a little something to go on, I'm not sure what happened but I'd really like for it to go away!

BC AdBot (Login to Remove)

 


#2 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 15 June 2012 - 10:41 AM

I ran another Full Scan with Security Essentials and the only thing it found was "Trojan:Win32/Sirefef.AB" if that means anything to anyone. And as before, it tells me that it needs to reboot to clean the issue. I rebooted once and it's still showing the same thing, I'm guessing this means it's regenerating??

Also, just to be sure I will take care of getting any scans ran or files on the PC... after re-reading my post I wanted to make sure I wasn't sounding too difficult :-)

I am working on getting log files now... running the last scan.

Edited by geegollygirl, 15 June 2012 - 01:40 PM.


#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 16 June 2012 - 12:06 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 16 June 2012 - 10:15 AM

Gringo,

Thanks for the reply. Below is the dds log, and I'll attach the attach file. I didn't run the Security Check first (didn't see that in previous instructions somewhere else on the website, I can rerun after running that if you'd like... just let me know. Also, I finally got the GMER scan to complete last night, below is the log for it also.

DDS Log

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by jhagedorn at 11:02:53 on 2012-06-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2539 [GMT -5:00]
.
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {5A75CED0-AE34-4122-9E5D-599896F8379F}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Trend Micro Personal Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Com Port Redirector\red32_g.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Documents and Settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\PST\Binaries\RACurrTray.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\dllhost.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Akamai NetSession Interface] "c:\documents and settings\jhagedorn\local settings\application data\akamai\netsession_win.exe"
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [WavXMgr] c:\program files\wave systems corp\services manager\docmgr\bin\WavXDocMgr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usbcip driver package\usbciphelper\UsbCipHelper.exe
mRun: [ComPortRedirector] c:\program files\com port redirector\red32_g.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFYWVAtQTdQRk4tOURGUUktUVpBR0otNllYVVItSg"&"inst=NzYtOTIzNTA3ODY5LVNUMTJGQVBQKzEtRERUKzAtRVVMQSsxLVNUMTJGT0krMS1TVDEyT0krMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1808"&"mid=2c0a2faccec747d194f8d16836673757-8bf21e7c621116f937026d59630d1ecd27913fff
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\jhaged~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office14\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\racurr~1.lnk - c:\program files\pst\binaries\RACurrTray.exe
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: applications.skanskausa.com
Trusted Zone: industrialcontractors.com\icidc01
Trusted Zone: skanskausa.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {00134F72-5284-44F7-95A8-52A619F70751} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/setup.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxEnc.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://zone.msn.com/bingame/chnz/default/mjolauncher.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxPie.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} - hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} - hxxp://raiseinstall.rockwellautomation.com/pstoolbox-lite-9-23-11/setup.ocx
DPF: {D96D3F0A-F1EF-4E16-9EAA-596AF71804DA} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxConsole.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://zone.msn.com/bingame/popcaploader_v10.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://rockwellautomation.webex.com/client/T27L10NSP11EP5/support/ieatgpc.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - c:\program files\citrix\ica client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: gemsafe - c:\program files\gemplus\gemsafe libraries\bin\WLEventNotify.dll
Notify: LBTWlgn - c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-3-20 171064]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [2011-8-8 98928]
R1 Comredir;Com Redirector;c:\windows\system32\drivers\comredir.sys [2011-12-15 62016]
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\VirtualBackplane.sys [2011-12-18 63512]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-25 14336]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\rockwell software\factorytalk activation\lmgrd.exe [2010-5-17 1122568]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\rockwell software\factorytalk activation\tools\FTActivationBoost.exe [2011-11-14 144744]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\common files\rockwell\FTAEArchiver.exe [2011-6-1 71016]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\common files\rockwell\FTAE_HistServ.exe [2011-6-1 152936]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-9-11 47640]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files\microsoft sql server\mssql10_50.ftviewx64tagdb\mssql\binn\sqlservr.exe [2010-4-3 42884448]
R2 NmspHost;Rockwell Namespace Services;c:\program files\common files\rockwell\NmspHost.exe [2011-11-11 224104]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\common files\rockwell\RdcyHost.exe [2011-11-11 224104]
R2 RnaAeServer;Rockwell Alarm Server;c:\program files\common files\rockwell\RnaAeServer.exe [2011-6-1 202088]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\common files\rockwell\RnaAlarmMux.exe [2011-6-1 927080]
R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\rockwell software\rsview enterprise\ServerFramework.exe [2011-7-26 861032]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2011-8-29 665200]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [2008-4-25 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-2 97536]
R3 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2011-11-11 250216]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [2009-8-12 12712]
S1 qooegdlw;qooegdlw;c:\windows\system32\drivers\qooegdlw.sys [2012-6-15 42960]
S1 wgrrvgpc;wgrrvgpc;c:\windows\system32\drivers\wgrrvgpc.sys [2012-6-15 42960]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98afd2213ada6;Google Update Service (gupdate1c98afd2213ada6);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files\rockwell software\rslogix emulate 5000\PcidsService.exe [2011-12-18 109568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 257224]
S3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files\rockwell software\rslogix emulate 5000\v20\EmuLogix5868.exe [2012-1-16 2888704]
S3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files\rockwell software\rslogix emulate 5000\v15\EmuLogix5868.exe [2005-7-8 1425408]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-2-9 133104]
S3 LogReceiver;LogReceiver;c:\program files\rockwell software\rslinx enterprise\LogReceiver.exe [2011-6-24 80232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 pcidnt;pcidnt; [x]
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;c:\windows\system32\drivers\PcmkWdm.sys [2002-4-22 58140]
S3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\rockwell software\rsview enterprise\RsAlarmLogServ.exe [2011-7-26 130408]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [2002-11-13 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2010-9-24 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\RsiKtNG.sys [2002-4-23 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [2010-9-24 155440]
S3 SimModuleService;1789-SIM Simulator Module;c:\program files\rockwell software\rslogix emulate 5000\SimModuleService.exe [2011-12-18 95232]
S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-22 280344]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2010-4-3 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [2010-4-3 240608]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files\microsoft sql server\mssql10_50.ftviewx64tagdb\mssql\binn\SQLAGENT.EXE [2010-4-3 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]
UnknownUnknown fmecpirh;fmecpirh; [x]
UnknownUnknown mizzzwfg;mizzzwfg; [x]
.
=============== Created Last 30 ================
.
2012-06-15 15:56:02 42960 ----a-w- c:\windows\system32\drivers\wgrrvgpc.sys
2012-06-15 15:31:31 42960 ----a-w- c:\windows\system32\drivers\qooegdlw.sys
2012-06-15 15:27:51 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6d110b36-a95d-4e5f-835d-aec7d0e3c7a6}\offreg.dll
2012-06-15 03:05:57 6737808 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{6d110b36-a95d-4e5f-835d-aec7d0e3c7a6}\mpengine.dll
2012-06-15 03:02:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-14 04:15:43 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 14:58:06 477160 ------w- c:\windows\system32\Hhupd.exe
2012-06-12 14:54:43 245760 ------w- c:\windows\system32\ABECADDll.dll
2012-05-25 18:23:51 -------- d-----w- c:\documents and settings\jhagedorn\local settings\application data\Rockwell_Automation
2012-05-23 20:48:13 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-05-17 14:27:01 47456 ----a-w- c:\windows\system32\perf-MSSQL10_50.FTVIEWX64TAGDB-sqlagtctr.dll
2012-05-17 14:26:44 73568 ----a-w- c:\windows\system32\perf-MSSQL$FTVIEWX64TAGDB-sqlctr10.50.1600.1.dll
2012-05-16 19:19:36 -------- d-----w- c:\documents and settings\jhagedorn\local settings\application data\Microsoft_Corporation
2012-05-16 19:18:28 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scriptcomponent\9.0\1033\ResourceCache.dll
2012-05-16 19:17:55 348256 ----a-w- c:\documents and settings\all users\application data\microsoft\vstahost\ssis_scripttask\9.0\1033\ResourceCache.dll
2012-05-16 19:09:49 416 ----a-w- c:\documents and settings\all users\application data\microsoft\msdn\9.0\1033\ResourceCache.dll
.
==================== Find3M ====================
.
2012-06-14 04:13:32 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 04:13:31 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 14:20:21 249856 ------w- c:\windows\Setup1.exe
2012-05-18 14:20:20 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-05-17 14:20:28 1476 -c--a-w- c:\windows\system32\RdcyReg.reg
2012-05-17 14:20:28 1366 -c--a-w- c:\windows\system32\Rsvchost.reg
2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20:33 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42:33 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42:33 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38:02 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16:13 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32:19 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 15:45:40 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-09 13:42:37 65536 ----a-w- c:\windows\uninstal.exe
2012-04-04 20:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44:12 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
============= FINISH: 11:04:28.25 ===============






GMER LOG

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-16 10:09:57
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e WDC_WD5000BPKT-00PK4T0 rev.01.01A01
Running: gmer.exe; Driver: C:\DOCUME~1\JHAGED~1\LOCALS~1\Temp\pwtdapod.sys


---- System - GMER 1.0.15 ----

SSDT spbi.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spbi.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT spbi.sys ZwQueryKey [0xB9EC7108]
SSDT spbi.sys ZwQueryValueKey [0xB9EC6F88]
SSDT spbi.sys ZwSetValueKey [0xB9EC719A]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwCreateKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FEC] ZwCreateKey [0x804D7FEC]
SSDT \WINDOWS\system32\ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation) ZwOpenKey [0x804D7FF1]
SSDT \WINDOWS\system32\ntkrnlpa.exe[unknown section] [804D7FF1] ZwOpenKey [0x804D7FF1]

INT 0x03 \WINDOWS\system32\ntkrnlpa.exe[unknown section] 804D7FFB
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) BA31B16D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) BA31AFC2
INT 0x62 ? 8B284BF8
INT 0x84 ? 8B038F00
INT 0x94 ? 8B038F00
INT 0x94 ? 8B038F00
INT 0x94 ? 8B038F00
INT 0xA4 ? 8B038F00
INT 0xA4 ? 8B038F00
INT 0xA4 ? 8B038F00
INT 0xA4 ? 8B038F00
INT 0xB4 ? 8B284BF8

---- Kernel code sections - GMER 1.0.15 ----

? spbi.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8D40380, 0x2F2807, 0xE8000020]
.text USBPORT.SYS!DllUnload B8D208AC 4 Bytes JMP 8B0384E0
.text C:\WINDOWS\system32\DRIVERS\aksfridge.sys section is writeable [0xB45D8000, 0x48011, 0xE0000020]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys entry point in ".init" section [0xB462D224]
.init C:\WINDOWS\system32\DRIVERS\aksfridge.sys unknown last code section [0xB462D000, 0x4000, 0xE20000E0]
.text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0xB4377400, 0x6E1B2, 0xE8000020]
.protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4401220] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protect˙˙˙˙hardlockentry point in ".protect˙˙˙˙hardlockentry point in ".p" section [0xB4401220]
.protect˙˙˙˙hardlockunknown last code section [0xB4401000, 0x50EA, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0xB4401000, 0x50EA, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[1844] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8B2831F8
Device \FileSystem\Fastfat \FatCdrom 8A7321F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{D9CC3580-050D-4E29-B9B8-00C455962B94} 8B14D1F8

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 VMkbd.sys (VMware keyboard filter driver (32-bit)/VMware, Inc.)

Device \Driver\usbuhci \Device\USBPDO-0 8B037500
Device \Driver\usbuhci \Device\USBPDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-1 8B037500
Device \Driver\usbuhci \Device\USBPDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\dmio \Device\DmControl\DmIoDaemon 8B2121F8
Device \Driver\dmio \Device\DmControl\DmConfig 8B2121F8
Device \Driver\dmio \Device\DmControl\DmPnP 8B2121F8
Device \Driver\dmio \Device\DmControl\DmInfo 8B2121F8
Device \Driver\usbehci \Device\USBPDO-2 8B01E500
Device \Driver\usbehci \Device\USBPDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-3 8B037500
Device \Driver\usbuhci \Device\USBPDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-4 8B037500
Device \Driver\usbuhci \Device\USBPDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBPDO-5 8B037500
Device \Driver\usbuhci \Device\USBPDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBPDO-6 8B01E500
Device \Driver\usbehci \Device\USBPDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\USBPDO-7 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\HarddiskVolume1 8B2851F8
Device \Driver\Ftdisk \Device\HarddiskVolume2 8B2851F8
Device \Driver\Cdrom \Device\CdRom0 8AF991F8
Device \Driver\usbhub \Device\USBPDO-8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [B9DC7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [B9DC7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [B9DC7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [B9DC7B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBT_Tcpip_{72FF731B-C25D-4ED7-940F-78D3783015D5} 8B14D1F8
Device \Driver\usbhub \Device\000000c0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetBt_Wins_Export 8B14D1F8
Device \Driver\usbhub \Device\000000c2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetbiosSmb 8B14D1F8
Device \Driver\usbhub \Device\000000c4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000b8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000c8 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Disk \Device\Harddisk0\DR0 aksfridge.sys (Ancillary Function Driver/Aladdin Knowledge Systems Ltd.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{67700033-B9CF-4BFC-A1CE-37DA5595BD2D} 8B14D1F8
Device \Driver\usbuhci \Device\USBFDO-0 8B037500
Device \Driver\usbuhci \Device\USBFDO-0 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-1 8B037500
Device \Driver\usbuhci \Device\USBFDO-1 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\NetBT \Device\NetBT_Tcpip_{2EDF3F28-0FCC-4F97-978D-34B4A5677393} 8B14D1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 8A80B1F8
Device \Driver\usbehci \Device\USBFDO-2 8B01E500
Device \Driver\usbehci \Device\USBFDO-2 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device 8A80B1F8
Device \Driver\usbuhci \Device\USBFDO-3 8B037500
Device \Driver\usbuhci \Device\USBFDO-3 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbuhci \Device\USBFDO-4 8B037500
Device \Driver\usbuhci \Device\USBFDO-4 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\Ftdisk \Device\FtControl 8B2851F8
Device \Driver\usbuhci \Device\USBFDO-5 8B037500
Device \Driver\usbuhci \Device\USBFDO-5 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbehci \Device\USBFDO-6 8B01E500
Device \Driver\usbehci \Device\USBFDO-6 hcmon.sys (VMware USB monitor/VMware, Inc.)
Device \Driver\usbhub \Device\000000be hcmon.sys (VMware USB monitor/VMware, Inc.)
Device 8A7321F8
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs 8A76D1F8
Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)
---- Processes - GMER 1.0.15 ----

Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\System32\svchost.exe [720] 0x02D50000
Library c:\windows\system32\n (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [5228] 0x02060000

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0xAC 0x5D 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x41 0xAC 0x5D 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogName C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy78.gthr
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LogNumber 79
Reg HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@SecondaryLogName C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy79.gthr

---- EOF - GMER 1.0.15 ----

Attached Files



#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 16 June 2012 - 11:46 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 16 June 2012 - 12:51 PM

I have the Combofix log generated, before it ran a few messages popped up about Microsoft SC running yet, but I had turned off it's real-time protection and also TrendMicro, but it hasn't been installed for several months so I just his "OK" on the messages. Also, I keep forgetting to mention it but another odd thing is that I can't look at my Firewall settings, I get a message that an unidentified error has occured... wanted to make sure I mentioned that too.

Unfortunately, when I tried to paste it in, I was told it was too big. So then I tried to attach it and it says it is too big for that also... I think its around 362k and I guess the limit is 149. What would you like me to do to get it to you?

THANKS as always!

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 16 June 2012 - 01:21 PM

greetings


upload it here and send me the link - http://www.2shared.com/



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 16 June 2012 - 05:20 PM

Here ya go, thanks for the solution for this issue too!

http://www.2shared.com/document/gmn4eS_a/ComboFix.html

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 16 June 2012 - 08:42 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 17 June 2012 - 09:55 AM

TDS Killer

00:44:00.0375 2672 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
00:44:00.0734 2672 ============================================================
00:44:00.0734 2672 Current date / time: 2012/06/17 00:44:00.0734
00:44:00.0734 2672 SystemInfo:
00:44:00.0734 2672
00:44:00.0734 2672 OS Version: 5.1.2600 ServicePack: 3.0
00:44:00.0734 2672 Product type: Workstation
00:44:00.0734 2672 ComputerName: D8R7PH1
00:44:00.0734 2672 UserName: jhagedorn
00:44:00.0734 2672 Windows directory: C:\WINDOWS
00:44:00.0734 2672 System windows directory: C:\WINDOWS
00:44:00.0734 2672 Processor architecture: Intel x86
00:44:00.0734 2672 Number of processors: 2
00:44:00.0734 2672 Page size: 0x1000
00:44:00.0734 2672 Boot type: Normal boot
00:44:00.0734 2672 ============================================================
00:44:24.0109 2672 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
00:44:25.0281 2672 ============================================================
00:44:25.0281 2672 \Device\Harddisk0\DR0:
00:44:27.0218 2672 MBR partitions:
00:44:27.0218 2672 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2B24B, BlocksNum 0x3A3599F6
00:44:27.0218 2672 ============================================================
00:44:35.0468 2672 C: <-> \Device\Harddisk0\DR0\Partition0
00:44:35.0718 2672 ============================================================
00:44:35.0718 2672 Initialize success
00:44:35.0718 2672 ============================================================
00:44:39.0375 4388 ============================================================
00:44:39.0375 4388 Scan started
00:44:39.0375 4388 Mode: Manual;
00:44:39.0375 4388 ============================================================
00:44:45.0421 4388 1784-PCIDS DeviceNet (1db18808c0d797e6449724eeb3becb72) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
00:44:45.0609 4388 1784-PCIDS DeviceNet - ok
00:44:47.0781 4388 Abiosdsk - ok
00:44:47.0890 4388 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
00:44:47.0890 4388 abp480n5 - ok
00:44:49.0281 4388 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
00:44:49.0281 4388 ACPI - ok
00:44:49.0343 4388 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
00:44:49.0343 4388 ACPIEC - ok
00:44:50.0234 4388 AdobeFlashPlayerUpdateSvc (f3cd7b20b27d1772c946df993ff3635c) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:44:50.0359 4388 AdobeFlashPlayerUpdateSvc - ok
00:44:51.0578 4388 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
00:44:51.0593 4388 adpu160m - ok
00:44:52.0703 4388 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
00:44:52.0812 4388 aec - ok
00:44:53.0609 4388 AEClientHostService (db0c0a8ac358603ebee0dca052696f74) C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
00:44:53.0609 4388 AEClientHostService - ok
00:44:53.0921 4388 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
00:44:53.0921 4388 AFD - ok
00:44:55.0203 4388 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
00:44:55.0203 4388 agp440 - ok
00:44:55.0562 4388 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
00:44:55.0562 4388 agpCPQ - ok
00:44:55.0781 4388 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
00:44:55.0781 4388 Aha154x - ok
00:44:56.0062 4388 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
00:44:56.0062 4388 aic78u2 - ok
00:44:56.0359 4388 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
00:44:56.0359 4388 aic78xx - ok
00:45:06.0359 4388 Akamai (c775d704feb2b600a5bf7b0b088546af) c:\program files\common files\akamai/netsession_win_80c2ffa.dll
00:45:06.0359 4388 Suspicious file (Hidden): c:\program files\common files\akamai/netsession_win_80c2ffa.dll. md5: c775d704feb2b600a5bf7b0b088546af
00:45:06.0359 4388 Akamai ( HiddenFile.Multi.Generic ) - warning
00:45:06.0359 4388 Akamai - detected HiddenFile.Multi.Generic (1)
00:45:06.0625 4388 aksfridge (cb5a5079744a0535416d3a5e462c5efe) C:\WINDOWS\system32\DRIVERS\aksfridge.sys
00:45:06.0625 4388 aksfridge - ok
00:45:06.0671 4388 akshasp (1a27f5555448cc2d29d281b11f39177e) C:\WINDOWS\system32\DRIVERS\akshasp.sys
00:45:06.0703 4388 akshasp - ok
00:45:06.0718 4388 akshhl (147b61b81be1ffc38939ea47e5cfb51f) C:\WINDOWS\system32\DRIVERS\akshhl.sys
00:45:06.0718 4388 akshhl - ok
00:45:06.0765 4388 aksusb (b4ad9f5d78f27e0c6994e0cb05c60e21) C:\WINDOWS\system32\DRIVERS\aksusb.sys
00:45:06.0765 4388 aksusb - ok
00:45:06.0812 4388 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
00:45:06.0843 4388 Alerter - ok
00:45:06.0890 4388 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
00:45:06.0906 4388 ALG - ok
00:45:06.0953 4388 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
00:45:06.0953 4388 AliIde - ok
00:45:06.0984 4388 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
00:45:06.0984 4388 alim1541 - ok
00:45:07.0000 4388 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
00:45:07.0000 4388 amdagp - ok
00:45:07.0015 4388 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
00:45:07.0015 4388 amsint - ok
00:45:07.0031 4388 ApfiltrService (b8d65da679a4a8d048783ede2691b5d4) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys
00:45:07.0031 4388 ApfiltrService - ok
00:45:07.0062 4388 APPDRV (ec94e05b76d033b74394e7b2175103cf) C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
00:45:07.0062 4388 APPDRV - ok
00:45:07.0093 4388 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
00:45:07.0109 4388 AppMgmt - ok
00:45:07.0109 4388 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
00:45:07.0109 4388 Arp1394 - ok
00:45:07.0125 4388 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
00:45:07.0125 4388 asc - ok
00:45:07.0140 4388 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
00:45:07.0140 4388 asc3350p - ok
00:45:07.0156 4388 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
00:45:07.0156 4388 asc3550 - ok
00:45:07.0234 4388 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
00:45:07.0234 4388 aspnet_state - ok
00:45:07.0265 4388 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
00:45:07.0265 4388 AsyncMac - ok
00:45:07.0296 4388 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
00:45:07.0296 4388 atapi - ok
00:45:07.0312 4388 Atdisk - ok
00:45:07.0328 4388 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
00:45:07.0328 4388 Atmarpc - ok
00:45:07.0359 4388 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
00:45:07.0359 4388 AudioSrv - ok
00:45:07.0359 4388 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
00:45:07.0359 4388 audstub - ok
00:45:07.0484 4388 Autodesk Licensing Service (df687ee356b7f80a6442ae4d2c3ee3b4) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
00:45:10.0828 4388 Autodesk Licensing Service - ok
00:45:14.0328 4388 Autodesk Network Licensing Service (01c2c507fe03745aa2487e35fb6b1fdb) C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
00:45:14.0843 4388 Autodesk Network Licensing Service - ok
00:45:18.0656 4388 AX88772 (9aedcad0fb2f7cbc0ed35ffc61680a1c) C:\WINDOWS\system32\DRIVERS\ax88772.sys
00:45:18.0656 4388 AX88772 - ok
00:45:19.0390 4388 b57w2k (f96038aa1ec4013a93d2420fc689d1e9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
00:45:19.0390 4388 b57w2k - ok
00:45:19.0703 4388 BASFND - ok
00:45:28.0984 4388 BCM43XX (345d38f298368dd6b0df5c4f37457a22) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
00:45:29.0562 4388 BCM43XX - ok
00:45:31.0703 4388 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
00:45:31.0703 4388 Beep - ok
00:45:38.0671 4388 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
00:45:39.0015 4388 BITS - ok
00:45:39.0265 4388 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
00:45:39.0312 4388 Browser - ok
00:45:39.0437 4388 catchme - ok
00:45:39.0515 4388 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
00:45:39.0515 4388 cbidf - ok
00:45:39.0515 4388 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
00:45:39.0515 4388 cbidf2k - ok
00:45:39.0562 4388 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
00:45:39.0562 4388 cd20xrnt - ok
00:45:39.0625 4388 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
00:45:39.0625 4388 Cdaudio - ok
00:45:39.0812 4388 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
00:45:39.0812 4388 Cdfs - ok
00:45:39.0968 4388 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
00:45:39.0968 4388 Cdrom - ok
00:45:39.0968 4388 Changer - ok
00:45:40.0015 4388 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
00:45:40.0125 4388 CiSvc - ok
00:45:40.0218 4388 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
00:45:40.0234 4388 ClipSrv - ok
00:45:40.0781 4388 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:41.0328 4388 clr_optimization_v2.0.50727_32 - ok
00:45:41.0890 4388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:42.0234 4388 clr_optimization_v4.0.30319_32 - ok
00:45:42.0312 4388 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
00:45:42.0312 4388 CmBatt - ok
00:45:42.0406 4388 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
00:45:42.0406 4388 CmdIde - ok
00:45:42.0453 4388 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
00:45:42.0453 4388 Compbatt - ok
00:45:42.0671 4388 Comredir (84de0b0bff89fca2a057d341c67359cb) C:\WINDOWS\System32\drivers\comredir.sys
00:45:42.0671 4388 Comredir - ok
00:45:42.0671 4388 COMSysApp - ok
00:45:42.0734 4388 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
00:45:42.0734 4388 Cpqarray - ok
00:45:42.0953 4388 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
00:45:42.0953 4388 CryptSvc - ok
00:45:43.0031 4388 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
00:45:43.0031 4388 CVirtA - ok
00:45:46.0828 4388 CVPND (dad192d12dd0b4c92f6843203852829f) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
00:45:47.0359 4388 CVPND - ok
00:45:55.0093 4388 CVPNDRVA (26deef07394624247d1f549bd94f0b15) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
00:45:55.0093 4388 CVPNDRVA - ok
00:45:55.0562 4388 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
00:45:55.0562 4388 dac2w2k - ok
00:45:55.0656 4388 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
00:45:55.0656 4388 dac960nt - ok
00:45:56.0953 4388 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
00:45:57.0062 4388 DcomLaunch - ok
00:45:57.0531 4388 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
00:45:57.0609 4388 Dhcp - ok
00:45:57.0750 4388 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
00:45:57.0750 4388 Disk - ok
00:45:57.0890 4388 DLABMFSM (a0500678a33802d8954153839301d539) C:\WINDOWS\system32\Drivers\DLABMFSM.SYS
00:45:57.0890 4388 DLABMFSM - ok
00:45:57.0984 4388 DLABOIOM (b8d2f68cac54d46281399f9092644794) C:\WINDOWS\system32\Drivers\DLABOIOM.SYS
00:45:57.0984 4388 DLABOIOM - ok
00:45:58.0093 4388 DLACDBHM (0ee93ab799d1cb4ec90b36f3612fe907) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
00:45:58.0093 4388 DLACDBHM - ok
00:45:58.0093 4388 DLADResM (87413b94ae1fabc117c4e8ae6725134e) C:\WINDOWS\system32\Drivers\DLADResM.SYS
00:45:58.0093 4388 DLADResM - ok
00:45:58.0375 4388 DLAIFS_M (766a148235be1c0039c974446e4c0edc) C:\WINDOWS\system32\Drivers\DLAIFS_M.SYS
00:45:58.0375 4388 DLAIFS_M - ok
00:45:58.0500 4388 DLAOPIOM (38267cca177354f1c64450a43a4f7627) C:\WINDOWS\system32\Drivers\DLAOPIOM.SYS
00:45:58.0500 4388 DLAOPIOM - ok
00:45:58.0578 4388 DLAPoolM (fd363369fd313b46b5aeab1a688b52e9) C:\WINDOWS\system32\Drivers\DLAPoolM.SYS
00:45:58.0578 4388 DLAPoolM - ok
00:45:58.0671 4388 DLARTL_M (336ae18f0912ef4fbe5518849e004d74) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
00:45:58.0671 4388 DLARTL_M - ok
00:45:58.0781 4388 DLAUDFAM (fd85f682c1cc2a7ca878c7a448e6d87e) C:\WINDOWS\system32\Drivers\DLAUDFAM.SYS
00:45:58.0781 4388 DLAUDFAM - ok
00:45:59.0000 4388 DLAUDF_M (af389ce587b6bf5bbdcd6f6abe5eabc0) C:\WINDOWS\system32\Drivers\DLAUDF_M.SYS
00:45:59.0000 4388 DLAUDF_M - ok
00:45:59.0000 4388 dmadmin - ok
00:46:02.0375 4388 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
00:46:02.0500 4388 dmboot - ok
00:46:02.0921 4388 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
00:46:02.0921 4388 dmio - ok
00:46:03.0000 4388 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
00:46:03.0000 4388 dmload - ok
00:46:03.0156 4388 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
00:46:03.0250 4388 dmserver - ok
00:46:03.0375 4388 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
00:46:03.0375 4388 DMusic - ok
00:46:03.0671 4388 DNE (7b4fdfbe97c047175e613aa96f3de987) C:\WINDOWS\system32\DRIVERS\dne2000.sys
00:46:03.0671 4388 DNE - ok
00:46:03.0875 4388 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
00:46:03.0875 4388 Dnscache - ok
00:46:04.0375 4388 dnWhoDisp (7327593cacdec1d7c1d52ff2aad36eb5) C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
00:46:04.0781 4388 dnWhoDisp - ok
00:46:05.0015 4388 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
00:46:05.0062 4388 Dot3svc - ok
00:46:05.0171 4388 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
00:46:05.0171 4388 dpti2o - ok
00:46:05.0234 4388 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
00:46:05.0234 4388 drmkaud - ok
00:46:05.0234 4388 DRVMCDB (5d3b71bb2bb0009d65d290e2ef374bd3) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
00:46:05.0234 4388 DRVMCDB - ok
00:46:05.0250 4388 DRVNDDM (c591ba9f96f40a1fd6494dafdcd17185) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
00:46:05.0250 4388 DRVNDDM - ok
00:46:05.0281 4388 DXEC01 (549734664886d91222969845e4311d1b) C:\WINDOWS\system32\drivers\dxec01.sys
00:46:05.0281 4388 DXEC01 - ok
00:46:05.0296 4388 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
00:46:05.0296 4388 EapHost - ok
00:46:05.0656 4388 EmuLogix 5868 Slot0 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0828 4388 EmuLogix 5868 Slot0 - ok
00:46:05.0843 4388 EmuLogix 5868 Slot1 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0843 4388 EmuLogix 5868 Slot1 - ok
00:46:05.0859 4388 EmuLogix 5868 Slot10 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0859 4388 EmuLogix 5868 Slot10 - ok
00:46:05.0875 4388 EmuLogix 5868 Slot11 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0875 4388 EmuLogix 5868 Slot11 - ok
00:46:05.0906 4388 EmuLogix 5868 Slot12 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0906 4388 EmuLogix 5868 Slot12 - ok
00:46:05.0953 4388 EmuLogix 5868 Slot13 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:05.0968 4388 EmuLogix 5868 Slot13 - ok
00:46:05.0984 4388 EmuLogix 5868 Slot14 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:06.0000 4388 EmuLogix 5868 Slot14 - ok
00:46:06.0031 4388 EmuLogix 5868 Slot15 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:06.0031 4388 EmuLogix 5868 Slot15 - ok
00:46:06.0156 4388 EmuLogix 5868 Slot16 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:06.0171 4388 EmuLogix 5868 Slot16 - ok
00:46:06.0171 4388 EmuLogix 5868 Slot2 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:06.0171 4388 EmuLogix 5868 Slot2 - ok
00:46:06.0187 4388 EmuLogix 5868 Slot3 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:06.0187 4388 EmuLogix 5868 Slot3 - ok
00:46:06.0406 4388 EmuLogix 5868 Slot4 (a73dc24c322e6c30c70af9516c339925) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe
00:46:06.0890 4388 EmuLogix 5868 Slot4 - ok
00:46:07.0656 4388 EmuLogix 5868 Slot5 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:07.0656 4388 EmuLogix 5868 Slot5 - ok
00:46:07.0671 4388 EmuLogix 5868 Slot6 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:07.0671 4388 EmuLogix 5868 Slot6 - ok
00:46:07.0687 4388 EmuLogix 5868 Slot7 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:07.0687 4388 EmuLogix 5868 Slot7 - ok
00:46:07.0703 4388 EmuLogix 5868 Slot8 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:07.0703 4388 EmuLogix 5868 Slot8 - ok
00:46:07.0718 4388 EmuLogix 5868 Slot9 (e7e6b87b0b6de4fa52817862fc39cd0b) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
00:46:07.0718 4388 EmuLogix 5868 Slot9 - ok
00:46:07.0984 4388 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
00:46:07.0984 4388 ERSvc - ok
00:46:08.0125 4388 EventClientMultiplexer (2dff01d50c3be3e37b978b1a75768351) C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
00:46:08.0250 4388 EventClientMultiplexer - ok
00:46:08.0281 4388 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:46:08.0296 4388 Eventlog - ok
00:46:08.0328 4388 EventServer (b5e700a8bb2f1186e80eca619fdd649d) C:\Program Files\Common Files\Rockwell\EventServer.exe
00:46:08.0328 4388 EventServer - ok
00:46:08.0375 4388 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
00:46:08.0375 4388 EventSystem - ok
00:46:08.0531 4388 FactoryTalk Activation Service (e449211a88bbf6b734de39140baf3389) C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
00:46:08.0546 4388 FactoryTalk Activation Service - ok
00:46:08.0718 4388 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
00:46:08.0718 4388 Fastfat - ok
00:46:08.0781 4388 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:46:08.0781 4388 FastUserSwitchingCompatibility - ok
00:46:08.0828 4388 Fax (e97d6a8684466df94ff3bc24fb787a07) C:\WINDOWS\system32\fxssvc.exe
00:46:08.0843 4388 Fax - ok
00:46:08.0859 4388 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
00:46:08.0859 4388 Fdc - ok
00:46:08.0875 4388 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
00:46:08.0875 4388 Fips - ok
00:46:08.0937 4388 FIX (2a46d5c503316c33646b9a9cdc8bb464) C:\Program Files\GE Fanuc\Proficy iFIX\fixsrv.exe
00:46:09.0171 4388 FIX - ok
00:46:09.0312 4388 FLEXnet Licensing Service (f76d04f7413b07daa029f6520b64b4e8) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:46:09.0515 4388 FLEXnet Licensing Service - ok
00:46:09.0625 4388 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
00:46:09.0625 4388 Flpydisk - ok
00:46:09.0640 4388 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
00:46:09.0656 4388 FltMgr - ok
00:46:10.0031 4388 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
00:46:10.0125 4388 FontCache3.0.0.0 - ok
00:46:10.0171 4388 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
00:46:10.0171 4388 Fs_Rec - ok
00:46:10.0609 4388 FTActivationBoost (e823b8ede706fb56127f91c3571f4e4a) C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
00:46:10.0609 4388 FTActivationBoost - ok
00:46:11.0203 4388 FTAE_Archiver (4ccbdea52ae1ed5547f8ea60d9e58c0a) C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
00:46:11.0203 4388 FTAE_Archiver - ok
00:46:11.0656 4388 FTAE_HistServ (3fe90e191e20ce0210dd4e102c3d4e09) C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
00:46:11.0734 4388 FTAE_HistServ - ok
00:46:12.0125 4388 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
00:46:12.0203 4388 Ftdisk - ok
00:46:12.0375 4388 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
00:46:12.0375 4388 Gpc - ok
00:46:13.0843 4388 guardian2 (7031a936832967a93b0e5d5f1c76745a) C:\WINDOWS\system32\Drivers\oz776.sys
00:46:26.0468 4388 guardian2 - ok
00:46:27.0890 4388 gupdate1c98afd2213ada6 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:46:27.0890 4388 gupdate1c98afd2213ada6 - ok
00:46:27.0906 4388 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
00:46:27.0906 4388 gupdatem - ok
00:46:32.0734 4388 Hardlock (9de9a7a19195c57ef38b4ee25422f2d7) C:\WINDOWS\system32\drivers\hardlock.sys
00:46:32.0968 4388 Hardlock - ok
00:46:39.0968 4388 Harmony (5132d754d9167c1ffc0772a3d18b3be7) C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
00:46:40.0000 4388 Harmony - ok
00:46:40.0000 4388 hasplms - ok
00:46:41.0875 4388 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys
00:46:41.0875 4388 Haspnt - ok
00:46:42.0187 4388 hcmon (88a6f2571405b3a4abc4ed2f52136317) C:\WINDOWS\system32\drivers\hcmon.sys
00:46:42.0187 4388 hcmon - ok
00:46:45.0281 4388 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
00:46:45.0281 4388 HDAudBus - ok
00:46:45.0953 4388 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
00:46:47.0250 4388 helpsvc - ok
00:46:47.0625 4388 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
00:46:47.0656 4388 HidServ - ok
00:46:48.0093 4388 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
00:46:48.0093 4388 hidusb - ok
00:46:48.0515 4388 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
00:46:48.0578 4388 hkmsvc - ok
00:46:49.0484 4388 HP Port Resolver (c5f00d15aa15cb7f55a027ff75e44bb7) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
00:46:49.0656 4388 HP Port Resolver - ok
00:46:50.0046 4388 HP Status Server (c5a288e4ceef5a26d105117baa3763ab) C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
00:46:50.0140 4388 HP Status Server - ok
00:46:50.0359 4388 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
00:46:50.0359 4388 hpn - ok
00:46:51.0984 4388 HSFHWAZL (7290fb97535c317a237d4c73149c7e2c) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
00:46:52.0015 4388 HSFHWAZL - ok
00:46:58.0953 4388 HSF_DPV (f362c0b442337da8ab0608dfaa4ca076) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
00:46:59.0328 4388 HSF_DPV - ok
00:47:02.0765 4388 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
00:47:03.0031 4388 HTTP - ok
00:47:03.0421 4388 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
00:47:03.0640 4388 HTTPFilter - ok
00:47:03.0859 4388 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
00:47:03.0859 4388 i2omgmt - ok
00:47:04.0156 4388 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
00:47:04.0156 4388 i2omp - ok
00:47:05.0546 4388 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
00:47:05.0546 4388 i8042prt - ok
00:47:07.0531 4388 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
00:47:07.0625 4388 IDriverT - ok
00:47:15.0828 4388 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:47:16.0359 4388 idsvc - ok
00:47:17.0156 4388 IISADMIN (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
00:47:17.0156 4388 IISADMIN - ok
00:47:17.0468 4388 ikbf5 (3232eb1bda15ab841ebd08d8e05b23d9) C:\WINDOWS\system32\DRIVERS\ikbf5.sys
00:47:17.0468 4388 ikbf5 - ok
00:47:18.0937 4388 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
00:47:19.0125 4388 Imapi - ok
00:47:27.0390 4388 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
00:47:27.0656 4388 ImapiService - ok
00:47:28.0140 4388 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
00:47:28.0140 4388 ini910u - ok
00:47:28.0218 4388 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
00:47:28.0234 4388 IntelIde - ok
00:47:28.0687 4388 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
00:47:28.0765 4388 intelppm - ok
00:47:29.0046 4388 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
00:47:29.0046 4388 Ip6Fw - ok
00:47:29.0437 4388 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
00:47:29.0437 4388 IpFilterDriver - ok
00:47:29.0640 4388 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
00:47:29.0640 4388 IpInIp - ok
00:47:30.0750 4388 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
00:47:30.0750 4388 IpNat - ok
00:47:31.0046 4388 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
00:47:31.0046 4388 IPSec - ok
00:47:31.0234 4388 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
00:47:31.0234 4388 IRENUM - ok
00:47:31.0578 4388 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
00:47:31.0578 4388 isapnp - ok
00:47:31.0734 4388 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
00:47:31.0734 4388 Kbdclass - ok
00:47:31.0796 4388 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
00:47:31.0796 4388 kbdhid - ok
00:47:32.0250 4388 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
00:47:32.0250 4388 kmixer - ok
00:47:32.0500 4388 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
00:47:32.0500 4388 KSecDD - ok
00:47:33.0484 4388 LanmanServer (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
00:47:33.0703 4388 LanmanServer - ok
00:47:35.0140 4388 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
00:47:35.0140 4388 lanmanworkstation - ok
00:47:35.0140 4388 lbrtfdc - ok
00:47:35.0375 4388 LBTServ (47c12f1a54b5c1b51008d7629c1d4f7b) C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
00:47:35.0375 4388 LBTServ - ok
00:47:35.0453 4388 LHidFilt (8b30311241f97b35167afe68d79e8530) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
00:47:35.0468 4388 LHidFilt - ok
00:47:35.0500 4388 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
00:47:35.0500 4388 LmHosts - ok
00:47:35.0546 4388 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
00:47:35.0546 4388 LMIInfo - ok
00:47:35.0593 4388 LMIMaint (500f1e4461075d602ce77109a9a3d634) C:\Program Files\LogMeIn\x86\RaMaint.exe
00:47:35.0593 4388 LMIMaint - ok
00:47:35.0703 4388 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
00:47:35.0703 4388 lmimirr - ok
00:47:35.0703 4388 LMIRfsClientNP - ok
00:47:35.0718 4388 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
00:47:35.0718 4388 LMIRfsDriver - ok
00:47:35.0734 4388 LMouFilt (48d7422a6c4eec886b56ac534cfa3acf) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
00:47:35.0734 4388 LMouFilt - ok
00:47:35.0765 4388 LogMeIn (9015122d04c195bdab88febcbae229db) C:\Program Files\LogMeIn\x86\LogMeIn.exe
00:47:35.0765 4388 LogMeIn - ok
00:47:35.0890 4388 LogReceiver (fc22bcb3db7f36160927fd3c387c903d) C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
00:47:35.0953 4388 LogReceiver - ok
00:47:36.0015 4388 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
00:47:36.0015 4388 mdmxsdk - ok
00:47:36.0093 4388 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
00:47:36.0093 4388 Messenger - ok
00:47:36.0875 4388 Microsoft SharePoint Workspace Audit Service - ok
00:47:37.0093 4388 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
00:47:37.0093 4388 mnmdd - ok
00:47:37.0468 4388 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
00:47:37.0468 4388 mnmsrvc - ok
00:47:37.0593 4388 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
00:47:37.0593 4388 Modem - ok
00:47:37.0953 4388 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
00:47:37.0953 4388 Mouclass - ok
00:47:38.0015 4388 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
00:47:38.0015 4388 mouhid - ok
00:47:38.0125 4388 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
00:47:38.0125 4388 MountMgr - ok
00:47:38.0171 4388 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
00:47:38.0203 4388 MpFilter - ok
00:47:38.0328 4388 MpKsl5e807c21 (a69630d039c38018689190234f866d77) c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7ADD667-FFD0-4CE3-A159-24C1A910D853}\MpKsl5e807c21.sys
00:47:38.0343 4388 MpKsl5e807c21 - ok
00:47:38.0359 4388 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
00:47:38.0359 4388 mraid35x - ok
00:47:38.0375 4388 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
00:47:38.0375 4388 MRxDAV - ok
00:47:38.0484 4388 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
00:47:38.0500 4388 MRxSmb - ok
00:47:38.0531 4388 MSDTC (a137f1470499a205abbb9aafb3b6f2b1) C:\WINDOWS\system32\msdtc.exe
00:47:38.0531 4388 MSDTC - ok
00:47:38.0531 4388 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
00:47:38.0531 4388 Msfs - ok
00:47:38.0546 4388 MSIServer - ok
00:47:38.0578 4388 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
00:47:38.0578 4388 MSKSSRV - ok
00:47:38.0656 4388 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:47:38.0656 4388 MsMpSvc - ok
00:47:38.0671 4388 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
00:47:38.0671 4388 MSPCLOCK - ok
00:47:38.0687 4388 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
00:47:38.0687 4388 MSPQM - ok
00:47:38.0718 4388 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
00:47:38.0718 4388 mssmbios - ok
00:47:38.0765 4388 MSSQL$FTVIEWX64TAGDB - ok
00:47:38.0796 4388 MSSQL$SQLEXPRESS - ok
00:47:38.0875 4388 MSSQLServerADHelper100 (8e8e74c953eb0c4f8828d99d6f27fd6f) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
00:47:38.0875 4388 MSSQLServerADHelper100 - ok
00:47:38.0890 4388 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
00:47:38.0890 4388 Mup - ok
00:47:38.0953 4388 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
00:47:39.0031 4388 napagent - ok
00:47:39.0078 4388 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
00:47:39.0093 4388 NDIS - ok
00:47:39.0140 4388 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
00:47:39.0140 4388 NdisTapi - ok
00:47:39.0140 4388 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
00:47:39.0140 4388 Ndisuio - ok
00:47:39.0156 4388 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
00:47:39.0156 4388 NdisWan - ok
00:47:39.0187 4388 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
00:47:39.0187 4388 NDProxy - ok
00:47:39.0203 4388 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
00:47:39.0203 4388 NetBIOS - ok
00:47:39.0234 4388 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
00:47:39.0234 4388 NetBT - ok
00:47:39.0281 4388 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:47:39.0343 4388 NetDDE - ok
00:47:39.0359 4388 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
00:47:39.0359 4388 NetDDEdsdm - ok
00:47:39.0406 4388 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:47:39.0406 4388 Netlogon - ok
00:47:39.0437 4388 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
00:47:39.0453 4388 Netman - ok
00:47:39.0546 4388 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
00:47:39.0562 4388 NetTcpPortSharing - ok
00:47:39.0578 4388 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
00:47:39.0578 4388 NIC1394 - ok
00:47:39.0625 4388 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
00:47:39.0640 4388 Nla - ok
00:47:39.0875 4388 NmspHost (06fdc21a1253de306b38f99dd0be807e) C:\Program Files\Common Files\Rockwell\NmspHost.exe
00:47:39.0921 4388 NmspHost - ok
00:47:39.0968 4388 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
00:47:39.0968 4388 Npfs - ok
00:47:40.0046 4388 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
00:47:40.0062 4388 Ntfs - ok
00:47:40.0109 4388 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:47:40.0109 4388 NtLmSsp - ok
00:47:40.0171 4388 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
00:47:40.0203 4388 NtmsSvc - ok
00:47:40.0218 4388 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
00:47:40.0218 4388 Null - ok
00:47:41.0000 4388 nv (8129d762cc3e3c5ab9cf2eabc377fb73) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
00:47:41.0531 4388 nv - ok
00:47:42.0234 4388 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
00:47:42.0234 4388 NwlnkFlt - ok
00:47:42.0281 4388 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
00:47:42.0281 4388 NwlnkFwd - ok
00:47:42.0640 4388 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:47:42.0703 4388 odserv - ok
00:47:42.0781 4388 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
00:47:42.0796 4388 ohci1394 - ok
00:47:42.0859 4388 OpcEnum (29b143863ad781e18ad8c62e98ab665e) C:\WINDOWS\system32\OpcEnum.exe
00:47:42.0984 4388 OpcEnum - ok
00:47:43.0062 4388 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:47:43.0093 4388 ose - ok
00:47:43.0421 4388 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:47:43.0484 4388 osppsvc - ok
00:47:43.0656 4388 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
00:47:43.0671 4388 Parport - ok
00:47:43.0671 4388 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
00:47:43.0671 4388 PartMgr - ok
00:47:43.0703 4388 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
00:47:43.0703 4388 ParVdm - ok
00:47:43.0734 4388 PBADRV (9ec004140e1b675acdeb07f66ee797a4) C:\WINDOWS\system32\DRIVERS\PBADRV.sys
00:47:43.0734 4388 PBADRV - ok
00:47:43.0734 4388 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
00:47:43.0734 4388 PCI - ok
00:47:43.0750 4388 pcidnt - ok
00:47:43.0750 4388 PCIDump - ok
00:47:43.0750 4388 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
00:47:43.0750 4388 PCIIde - ok
00:47:43.0765 4388 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
00:47:43.0765 4388 Pcmcia - ok
00:47:43.0781 4388 PcmkWdm (752e5566a040af71074e7233796fb13d) C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys
00:47:43.0781 4388 PcmkWdm - ok
00:47:43.0781 4388 PDCOMP - ok
00:47:43.0781 4388 PDFRAME - ok
00:47:43.0781 4388 PDRELI - ok
00:47:43.0796 4388 PDRFRAME - ok
00:47:43.0843 4388 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
00:47:43.0843 4388 perc2 - ok
00:47:43.0859 4388 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
00:47:43.0859 4388 perc2hib - ok
00:47:43.0906 4388 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
00:47:43.0906 4388 PlugPlay - ok
00:47:43.0937 4388 Pml Driver HPZ12 (a38b3ce68e7f126190cde4aa3fdf050f) C:\WINDOWS\system32\HPZipm12.exe
00:47:43.0937 4388 Pml Driver HPZ12 - ok
00:47:43.0984 4388 Point32 (2e3394c8ebf31a9b4f0a531eb5cc7bc7) C:\WINDOWS\system32\DRIVERS\point32.sys
00:47:43.0984 4388 Point32 - ok
00:47:44.0000 4388 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:47:44.0000 4388 PolicyAgent - ok
00:47:44.0031 4388 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
00:47:44.0031 4388 PptpMiniport - ok
00:47:44.0031 4388 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:47:44.0031 4388 ProtectedStorage - ok
00:47:44.0062 4388 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
00:47:44.0062 4388 PSched - ok
00:47:44.0062 4388 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
00:47:44.0062 4388 Ptilink - ok
00:47:44.0109 4388 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
00:47:44.0109 4388 PxHelp20 - ok
00:47:44.0125 4388 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
00:47:44.0125 4388 ql1080 - ok
00:47:44.0156 4388 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
00:47:44.0156 4388 Ql10wnt - ok
00:47:44.0171 4388 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
00:47:44.0171 4388 ql12160 - ok
00:47:44.0171 4388 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
00:47:44.0187 4388 ql1240 - ok
00:47:44.0187 4388 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
00:47:44.0187 4388 ql1280 - ok
00:47:44.0218 4388 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
00:47:44.0218 4388 RasAcd - ok
00:47:44.0234 4388 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
00:47:44.0250 4388 RasAuto - ok
00:47:44.0265 4388 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
00:47:44.0265 4388 Rasl2tp - ok
00:47:44.0296 4388 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
00:47:44.0296 4388 RasMan - ok
00:47:44.0296 4388 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
00:47:44.0296 4388 RasPppoe - ok
00:47:44.0312 4388 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
00:47:44.0312 4388 Raspti - ok
00:47:44.0343 4388 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
00:47:44.0343 4388 Rdbss - ok
00:47:45.0234 4388 RdcyHost (b0c88108bf49f613de33b41f526d576b) C:\Program Files\Common Files\Rockwell\RdcyHost.exe
00:47:45.0234 4388 RdcyHost - ok
00:47:45.0265 4388 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
00:47:45.0265 4388 RDPCDD - ok
00:47:45.0296 4388 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
00:47:45.0312 4388 rdpdr - ok
00:47:45.0343 4388 RDPWD (6589db6e5969f8eee594cf71171c5028) C:\WINDOWS\system32\drivers\RDPWD.sys
00:47:45.0359 4388 RDPWD - ok
00:47:45.0421 4388 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
00:47:45.0437 4388 RDSessMgr - ok
00:47:45.0515 4388 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
00:47:45.0515 4388 redbook - ok
00:47:45.0578 4388 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
00:47:45.0578 4388 RemoteAccess - ok
00:47:45.0640 4388 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
00:47:45.0640 4388 RemoteRegistry - ok
00:47:45.0781 4388 RnaAeServer (311304f1654eebf4f6fe4048b248277f) C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
00:47:45.0781 4388 RnaAeServer - ok
00:47:47.0421 4388 RnaAlarmMux (423cce30b97cff5578b65306ed2a286a) C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
00:47:48.0515 4388 RnaAlarmMux - ok
00:47:48.0656 4388 RNADiagnosticsService (359a40c85aa5bdaa8bdb1e36c563ab43) C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
00:47:48.0656 4388 RNADiagnosticsService - ok
00:47:49.0453 4388 RNADiagReceiver (99430979723f72d6d28cf80870459334) C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
00:47:49.0578 4388 RNADiagReceiver - ok
00:47:50.0828 4388 RNADirectory (47a97abbab3cffba8cb243d2fd06f246) C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
00:47:50.0984 4388 RNADirectory - ok
00:47:53.0046 4388 RNADirMultiplexor (9e37485753388a7dbdc9c8bd48e718ad) C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
00:47:53.0218 4388 RNADirMultiplexor - ok
00:47:53.0671 4388 Rockwell HMI Activity Logger (a665529ca22f7e319d82cb27456c3f3e) C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
00:47:54.0031 4388 Rockwell HMI Activity Logger - ok
00:47:54.0062 4388 Rockwell HMI Alarm Logger (eb21acd97aeed43615f84d9e6bf492db) C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
00:47:54.0109 4388 Rockwell HMI Alarm Logger - ok
00:47:54.0218 4388 Rockwell HMI Diagnostics (a8ace9bc48a001111d270942dd168c0b) C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
00:47:54.0218 4388 Rockwell HMI Diagnostics - ok
00:47:54.0484 4388 Rockwell HMI Framework (4e009809410d8b85415b893639c56006) C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
00:47:54.0531 4388 Rockwell HMI Framework - ok
00:47:54.0640 4388 Rockwell Tag Server (0735a764a1c890bbf1423e619d858b64) C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
00:47:54.0640 4388 Rockwell Tag Server - ok
00:47:55.0265 4388 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
00:47:55.0281 4388 RpcLocator - ok
00:47:55.0343 4388 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
00:47:55.0343 4388 RpcSs - ok
00:47:55.0515 4388 RsFx0103 (fd692c6ffade58f7c4c3c3c9a0ec35bd) C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
00:47:55.0546 4388 RsFx0103 - ok
00:47:55.0609 4388 RsFx0150 (a95840a95a9ff74b0009e5d848cddb39) C:\WINDOWS\system32\DRIVERS\RsFx0150.sys
00:47:55.0625 4388 RsFx0150 - ok
00:47:55.0750 4388 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS
00:47:55.0750 4388 RSI-PKTX-A - ok
00:47:55.0843 4388 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS
00:47:55.0859 4388 RsiKtControl - ok
00:47:56.0031 4388 RSLinx - ok
00:47:56.0218 4388 RSLinxNG (80ac8774977e99593c53d3de55162e90) C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
00:47:56.0234 4388 RSLinxNG - ok
00:47:56.0296 4388 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS
00:47:56.0296 4388 RSLINXNGKtControl - ok
00:47:56.0437 4388 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS
00:47:56.0593 4388 RSSERIAL - ok
00:47:57.0078 4388 RsvcHost (914ce503b9386250cc4a825461f04df3) C:\Program Files\Common Files\Rockwell\RsvcHost.exe
00:47:57.0109 4388 RsvcHost - ok
00:47:57.0171 4388 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
00:47:57.0203 4388 RSVP - ok
00:47:57.0234 4388 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
00:47:57.0234 4388 SamSs - ok
00:47:57.0343 4388 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
00:47:57.0375 4388 SCardSvr - ok
00:47:57.0562 4388 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
00:47:57.0578 4388 Schedule - ok
00:47:57.0609 4388 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
00:47:57.0609 4388 Secdrv - ok
00:47:57.0671 4388 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
00:47:57.0671 4388 seclogon - ok
00:47:57.0859 4388 SecureStorageService (472946edebf85c1f0b44b6eba01ac9b6) C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
00:47:58.0015 4388 SecureStorageService - ok
00:47:58.0031 4388 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
00:47:58.0031 4388 SENS - ok
00:47:58.0062 4388 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
00:47:58.0078 4388 Serenum - ok
00:47:58.0093 4388 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
00:47:58.0093 4388 Serial - ok
00:47:58.0234 4388 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
00:47:58.0234 4388 Sfloppy - ok
00:47:58.0531 4388 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
00:47:58.0546 4388 SharedAccess - ok
00:47:58.0687 4388 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:47:58.0703 4388 ShellHWDetection - ok
00:47:58.0703 4388 Simbad - ok
00:47:58.0968 4388 SimModuleService (7627e4bd2880124087305cc4842b2ec2) C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
00:47:59.0093 4388 SimModuleService - ok
00:47:59.0125 4388 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
00:47:59.0125 4388 sisagp - ok
00:47:59.0296 4388 SMTPSVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
00:47:59.0296 4388 SMTPSVC - ok
00:47:59.0343 4388 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
00:47:59.0359 4388 Sparrow - ok
00:47:59.0453 4388 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
00:47:59.0453 4388 splitter - ok
00:47:59.0546 4388 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
00:47:59.0562 4388 Spooler - ok
00:48:01.0609 4388 sptd (71e276f6d189413266ea22171806597b) C:\WINDOWS\system32\Drivers\sptd.sys
00:48:01.0609 4388 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 71e276f6d189413266ea22171806597b
00:48:01.0609 4388 sptd ( LockedFile.Multi.Generic ) - warning
00:48:01.0609 4388 sptd - detected LockedFile.Multi.Generic (1)
00:48:02.0687 4388 SQLAgent$FTVIEWX64TAGDB (37761f6be2ebaed72cc0d43bd4c8c2a6) C:\Program Files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE
00:48:02.0750 4388 SQLAgent$FTVIEWX64TAGDB - ok
00:48:05.0515 4388 SQLAgent$SQLEXPRESS (a687b5b326afcfcf182c4931d1ff9771) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
00:48:05.0625 4388 SQLAgent$SQLEXPRESS - ok
00:48:07.0875 4388 SQLBrowser (7d67c07c63796775cc5492bcfeaff125) c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
00:48:07.0984 4388 SQLBrowser - ok
00:48:10.0734 4388 SQLWriter (8e6e5cfa06769a417b03fd6faa29e010) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
00:48:10.0750 4388 SQLWriter - ok
00:48:17.0000 4388 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
00:48:17.0000 4388 sr - ok
00:48:17.0671 4388 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
00:48:17.0734 4388 srservice - ok
00:48:19.0812 4388 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
00:48:20.0062 4388 Srv - ok
00:48:20.0468 4388 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
00:48:20.0468 4388 SSDPSRV - ok
00:48:21.0734 4388 STacSV (6f855b5625a47f3ac731a262fdc379a6) C:\WINDOWS\system32\StacSV.exe
00:48:21.0781 4388 STacSV - ok
00:48:27.0906 4388 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
00:48:27.0921 4388 STHDA - ok
00:48:28.0640 4388 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
00:48:28.0687 4388 stisvc - ok
00:48:28.0875 4388 stllssvr (de3e7a2345ebaa3ce8e6957dfb55fb15) C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
00:48:28.0937 4388 stllssvr - ok
00:48:29.0140 4388 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
00:48:29.0140 4388 swenum - ok
00:48:29.0171 4388 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
00:48:29.0171 4388 swmidi - ok
00:48:29.0187 4388 SwPrv - ok
00:48:29.0218 4388 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
00:48:29.0218 4388 symc810 - ok
00:48:29.0234 4388 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
00:48:29.0234 4388 symc8xx - ok
00:48:29.0250 4388 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
00:48:29.0250 4388 sym_hi - ok
00:48:29.0265 4388 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
00:48:29.0265 4388 sym_u3 - ok
00:48:29.0343 4388 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
00:48:29.0343 4388 sysaudio - ok
00:48:29.0375 4388 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
00:48:29.0375 4388 SysmonLog - ok
00:48:29.0578 4388 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
00:48:29.0625 4388 TapiSrv - ok
00:48:29.0703 4388 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
00:48:29.0703 4388 Tcpip - ok
00:48:29.0828 4388 tcsd_win32.exe (23b506262493f1a521683ee88c5fbf60) C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
00:48:29.0859 4388 tcsd_win32.exe - ok
00:48:30.0000 4388 TdmService (a27d803b21f24a5cfb775944ea4cb130) C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
00:48:30.0015 4388 TdmService - ok
00:48:30.0546 4388 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
00:48:30.0546 4388 TDPIPE - ok
00:48:30.0562 4388 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
00:48:30.0562 4388 TDTCP - ok
00:48:30.0609 4388 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
00:48:30.0609 4388 TermDD - ok
00:48:30.0734 4388 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
00:48:30.0750 4388 TermService - ok
00:48:30.0812 4388 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
00:48:30.0812 4388 Themes - ok
00:48:30.0843 4388 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
00:48:30.0859 4388 TlntSvr - ok
00:48:30.0953 4388 TOSHIBA Bluetooth Service (2e7315b147e524e055026e6634b14ea6) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
00:48:30.0953 4388 TOSHIBA Bluetooth Service - ok
00:48:30.0953 4388 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
00:48:30.0953 4388 TosIde - ok
00:48:30.0968 4388 tosporte (8d624d3bd1f2d78bd1c01a2d4e954b4e) C:\WINDOWS\system32\DRIVERS\tosporte.sys
00:48:30.0968 4388 tosporte - ok
00:48:31.0015 4388 tosrfbd (399c5e4db7bdd5a83a7d26c96389b85a) C:\WINDOWS\system32\DRIVERS\tosrfbd.sys
00:48:31.0015 4388 tosrfbd - ok
00:48:31.0031 4388 tosrfbnp (181e217a7a326817d97946d045b3cb46) C:\WINDOWS\system32\Drivers\tosrfbnp.sys
00:48:31.0031 4388 tosrfbnp - ok
00:48:31.0062 4388 Tosrfcom (e90ace3b4fa7a85f992bc21eb779c407) C:\WINDOWS\system32\Drivers\tosrfcom.sys
00:48:31.0062 4388 Tosrfcom - ok
00:48:31.0093 4388 Tosrfhid (efc95c0dc6f96b228f58319776006548) C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys
00:48:31.0093 4388 Tosrfhid - ok
00:48:31.0109 4388 tosrfnds (c52fd27b9adf3a1f22cb90e6bcf9b0cb) C:\WINDOWS\system32\DRIVERS\tosrfnds.sys
00:48:31.0109 4388 tosrfnds - ok
00:48:31.0125 4388 Tosrfusb (98c04a6432ce9c2ad328f57b9384d348) C:\WINDOWS\system32\DRIVERS\tosrfusb.sys
00:48:31.0125 4388 Tosrfusb - ok
00:48:31.0156 4388 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
00:48:31.0156 4388 TrkWks - ok
00:48:31.0187 4388 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
00:48:31.0187 4388 Udfs - ok
00:48:31.0234 4388 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
00:48:31.0234 4388 ultra - ok
00:48:31.0250 4388 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
00:48:31.0265 4388 Update - ok
00:48:31.0296 4388 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
00:48:31.0312 4388 upnphost - ok
00:48:31.0328 4388 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
00:48:31.0328 4388 UPS - ok
00:48:31.0375 4388 usbbus (5353218b3265e3b8190335059f697a11) C:\WINDOWS\system32\DRIVERS\lgusbbus.sys
00:48:31.0375 4388 usbbus - ok
00:48:31.0390 4388 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
00:48:31.0390 4388 usbccgp - ok
00:48:31.0437 4388 UsbDiag (7dd3eefc62a1ef44e5f940fa651ed9ed) C:\WINDOWS\system32\DRIVERS\lgusbdiag.sys
00:48:31.0437 4388 UsbDiag - ok
00:48:31.0468 4388 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
00:48:31.0468 4388 usbehci - ok
00:48:31.0484 4388 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
00:48:31.0484 4388 usbhub - ok
00:48:31.0500 4388 USBModem (083031a78822eccbd7510bccd3e20d4c) C:\WINDOWS\system32\DRIVERS\lgusbmodem.sys
00:48:31.0500 4388 USBModem - ok
00:48:31.0531 4388 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
00:48:31.0531 4388 usbohci - ok
00:48:31.0546 4388 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
00:48:31.0546 4388 usbscan - ok
00:48:31.0578 4388 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
00:48:31.0578 4388 USBSTOR - ok
00:48:31.0593 4388 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
00:48:31.0593 4388 usbuhci - ok
00:48:31.0593 4388 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
00:48:31.0593 4388 VgaSave - ok
00:48:31.0625 4388 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
00:48:31.0625 4388 viaagp - ok
00:48:31.0640 4388 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
00:48:31.0640 4388 ViaIde - ok
00:48:31.0656 4388 VirtualBackplane (dc4d0bc5b12d2868a552e2142c2e8b36) C:\WINDOWS\system32\drivers\VirtualBackplane.sys
00:48:31.0656 4388 VirtualBackplane - ok
00:48:31.0734 4388 VMAuthdService (16073f2bc424558ebd277a15188d329e) C:\Program Files\VMware\VMware Player\vmware-authd.exe
00:48:31.0734 4388 VMAuthdService - ok
00:48:31.0765 4388 vmci (15759158f7531853616b2b43af962fcb) C:\WINDOWS\system32\DRIVERS\vmci.sys
00:48:31.0765 4388 vmci - ok
00:48:31.0796 4388 vmkbd (050b387296f34735d21dfa87cec37352) C:\WINDOWS\system32\drivers\VMkbd.sys
00:48:31.0796 4388 vmkbd - ok
00:48:31.0859 4388 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
00:48:31.0859 4388 vmm - ok
00:48:31.0890 4388 VMnetAdapter (1afa4af55cbea579a4bbe4f90967f720) C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys
00:48:31.0890 4388 VMnetAdapter - ok
00:48:31.0906 4388 VMnetBridge (003ae2aad4ac5f01fc036b0e62a69f38) C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys
00:48:31.0906 4388 VMnetBridge - ok
00:48:31.0937 4388 VMnetDHCP (767b32d0466ef960e2657f028ed936fc) C:\WINDOWS\system32\vmnetdhcp.exe
00:48:31.0984 4388 VMnetDHCP - ok
00:48:32.0031 4388 VMnetuserif (effcb341824be12e3134d4fb970a11e4) C:\WINDOWS\system32\drivers\vmnetuserif.sys
00:48:32.0031 4388 VMnetuserif - ok
00:48:32.0062 4388 VMparport (ed1ce6bd51e2a1204c74720060744e90) C:\WINDOWS\system32\Drivers\VMparport.sys
00:48:32.0062 4388 VMparport - ok
00:48:32.0078 4388 vmusb (afb10ad9aa91d2f70c9f0e6bda0d119b) C:\WINDOWS\system32\Drivers\vmusb.sys
00:48:32.0078 4388 vmusb - ok
00:48:32.0140 4388 VMUSBArbService (af76c6d3f5053459e18e4c519fb496c8) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
00:48:32.0203 4388 VMUSBArbService - ok
00:48:32.0281 4388 VMware NAT Service (0b55659b537065303fde1b4aaf646f16) C:\WINDOWS\system32\vmnat.exe
00:48:32.0281 4388 VMware NAT Service - ok
00:48:32.0328 4388 vmx86 (20b24d3b2dac84664eefeebf55b53008) C:\WINDOWS\system32\Drivers\vmx86.sys
00:48:32.0328 4388 vmx86 - ok
00:48:32.0328 4388 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
00:48:32.0328 4388 VolSnap - ok
00:48:32.0343 4388 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
00:48:32.0343 4388 VPCNetS2 - ok
00:48:32.0390 4388 vsdatant (27b3dd12a19eec50220df15b64913dda) C:\WINDOWS\system32\vsdatant.sys
00:48:32.0453 4388 vsdatant - ok
00:48:32.0625 4388 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
00:48:32.0625 4388 VSS - ok
00:48:32.0640 4388 w32time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
00:48:32.0656 4388 w32time - ok
00:48:32.0750 4388 W3SVC (db3c22745c0da4666f3be31f1af36b2f) C:\WINDOWS\system32\inetsrv\inetinfo.exe
00:48:32.0750 4388 W3SVC - ok
00:48:32.0765 4388 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
00:48:32.0765 4388 Wanarp - ok
00:48:32.0765 4388 Wave UCSPlus - ok
00:48:32.0875 4388 WaveEnrollmentService (796fda916625be7e5f6cfece15a81c3a) C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
00:48:32.0921 4388 WaveEnrollmentService - ok
00:48:32.0968 4388 WaveFDE (db626c46997c2430d4958da5c7ffb969) C:\WINDOWS\system32\DRIVERS\WaveFDE.sys
00:48:32.0968 4388 WaveFDE - ok
00:48:33.0015 4388 WavxDMgr (51e756f2bfb5e3adcb15f966ad293231) C:\WINDOWS\system32\DRIVERS\WavxDMgr.sys
00:48:33.0015 4388 WavxDMgr - ok
00:48:33.0765 4388 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
00:48:33.0812 4388 Wdf01000 - ok
00:48:33.0812 4388 WDICA - ok
00:48:33.0890 4388 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
00:48:33.0890 4388 wdmaud - ok
00:48:33.0921 4388 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
00:48:33.0921 4388 WebClient - ok
00:48:33.0968 4388 winachsf (92ce6497076eac3083185c44157b3a46) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
00:48:33.0968 4388 winachsf - ok
00:48:34.0062 4388 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
00:48:34.0062 4388 winmgmt - ok
00:48:34.0078 4388 wltrysvc - ok
00:48:34.0125 4388 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
00:48:34.0125 4388 WmdmPmSN - ok
00:48:34.0187 4388 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
00:48:34.0203 4388 Wmi - ok
00:48:34.0312 4388 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
00:48:34.0312 4388 WmiAcpi - ok
00:48:34.0359 4388 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
00:48:34.0359 4388 WmiApSrv - ok
00:48:34.0453 4388 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
00:48:34.0468 4388 WMPNetworkSvc - ok
00:48:34.0515 4388 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
00:48:34.0515 4388 WpdUsb - ok
00:48:35.0234 4388 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:48:35.0250 4388 WPFFontCache_v0400 - ok
00:48:35.0312 4388 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
00:48:35.0312 4388 WS2IFSL - ok
00:48:35.0343 4388 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
00:48:35.0343 4388 wscsvc - ok
00:48:35.0343 4388 WSearch - ok
00:48:35.0359 4388 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
00:48:35.0359 4388 wuauserv - ok
00:48:35.0421 4388 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
00:48:35.0421 4388 WudfPf - ok
00:48:35.0453 4388 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
00:48:35.0453 4388 WudfRd - ok
00:48:35.0484 4388 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
00:48:35.0484 4388 WudfSvc - ok
00:48:35.0718 4388 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
00:48:35.0734 4388 WZCSVC - ok
00:48:35.0781 4388 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
00:48:35.0796 4388 xmlprov - ok
00:48:35.0812 4388 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:48:36.0140 4388 \Device\Harddisk0\DR0 - ok
00:48:36.0140 4388 Boot (0x1200) (3a120b44b9fd116c14b5c492f6d2c09f) \Device\Harddisk0\DR0\Partition0
00:48:36.0140 4388 \Device\Harddisk0\DR0\Partition0 - ok
00:48:36.0140 4388 ============================================================
00:48:36.0140 4388 Scan finished
00:48:36.0140 4388 ============================================================
00:48:36.0140 4380 Detected object count: 2
00:48:36.0140 4380 Actual detected object count: 2
00:48:38.0640 4380 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:48:38.0640 4380 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:48:38.0640 4380 sptd ( LockedFile.Multi.Generic ) - skipped by user
00:48:38.0640 4380 sptd ( LockedFile.Multi.Generic ) - User select action: Skip


aswMBR report...

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-17 00:49:17
-----------------------------
00:49:17.687 OS Version: Windows 5.1.2600 Service Pack 3
00:49:17.687 Number of processors: 2 586 0x1706
00:49:17.687 ComputerName: D8R7PH1 UserName:
00:49:20.578 Initialize success
00:49:30.203 AVAST engine defs: 12061601
00:49:32.031 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
00:49:32.031 Disk 0 Vendor: WDC_WD5000BPKT-00PK4T0 01.01A01 Size: 476940MB BusType: 3
00:49:32.046 Disk 0 MBR read successfully
00:49:32.046 Disk 0 MBR scan
00:49:32.109 Disk 0 Windows VISTA default MBR code
00:49:32.109 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 86 MB offset 63
00:49:32.125 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 476851 MB offset 176715
00:49:32.125 Disk 0 scanning sectors +976768065
00:49:32.187 Disk 0 scanning C:\WINDOWS\system32\drivers
00:49:48.703 Service scanning
00:50:14.281 Service MpKsla6218fc5 c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B7ADD667-FFD0-4CE3-A159-24C1A910D853}\MpKsla6218fc5.sys **LOCKED** 32
00:50:31.656 Service sptd C:\WINDOWS\System32\Drivers\sptd.sys **LOCKED** 32
00:50:42.250 Modules scanning
00:50:48.359 Disk 0 trace - called modules:
00:50:48.375 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys spxa.sys hal.dll >>UNKNOWN [0x8b232938]<<
00:50:48.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1e6ab8]
00:50:48.375 3 CLASSPNP.SYS[ba0e8fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8b2893f8]
00:50:50.000 AVAST engine scan C:\WINDOWS
00:51:04.593 AVAST engine scan C:\WINDOWS\system32
00:57:48.062 AVAST engine scan C:\WINDOWS\system32\drivers
00:58:28.968 AVAST engine scan C:\Documents and Settings\jhagedorn
01:15:51.125 AVAST engine scan C:\Documents and Settings\All Users
01:27:25.625 Scan finished successfully
09:49:22.234 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\jhagedorn\Desktop\MBR.dat"
09:49:22.234 The log file has been saved successfully to "C:\Documents and Settings\jhagedorn\Desktop\aswMBR.txt"

THANKS!!

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 17 June 2012 - 11:36 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 17 June 2012 - 12:44 PM

Below is the report. I can search normal and don't hear random noises at the moment at least. I also can once again see my firewall settings, so that is a plus. I can run a full Microsoft Security Essentials scan again, but didn't know if it would find anything that all the various scans you've had my run hadn't already found. It seems like it's back to normal.

Thanks so much for your help!!

ComboFix 12-06-15.06 - jhagedorn 06/17/2012 12:26:48.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2348 [GMT -5:00]
Running from: c:\documents and settings\jhagedorn\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\jhagedorn\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro OfficeScan Antivirus *Enabled/Updated* {5A75CED0-AE34-4122-9E5D-599896F8379F}
FW: Trend Micro Personal Firewall *Enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-17 to 2012-06-17 )))))))))))))))))))))))))))))))
.
.
2012-06-17 17:14 . 2012-06-17 17:14 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49E561EF-10F3-4414-8B7E-9C138CE6C8C5}\MpKsla20858a5.sys
2012-06-17 16:37 . 2012-05-08 14:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49E561EF-10F3-4414-8B7E-9C138CE6C8C5}\mpengine.dll
2012-06-16 17:35 . 2012-05-08 14:40 6737808 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-15 03:02 . 2012-06-15 03:02 -------- d-----w- c:\program files\Microsoft Security Client
2012-06-14 04:15 . 2012-05-11 14:42 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-06-12 14:58 . 1999-07-29 06:10 477160 ------w- c:\windows\system32\Hhupd.exe
2012-05-25 18:23 . 2012-05-25 18:23 -------- d-----w- c:\documents and settings\jhagedorn\Local Settings\Application Data\Rockwell_Automation
2012-05-23 20:48 . 2008-03-21 18:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2012-05-19 01:02 . 2012-05-30 13:34 -------- d-----w- c:\documents and settings\Acronis Agent User 2\Application Data\VMware
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-17 05:43 . 2008-11-12 18:34 0 ----a-w- c:\documents and settings\jhagedorn\Local Settings\Application Data\WavXMapDrive.bat
2012-06-14 04:13 . 2012-04-07 14:29 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-14 04:13 . 2011-05-19 03:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-31 13:22 . 2008-04-25 16:16 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-18 14:20 . 2011-11-16 16:10 249856 ------w- c:\windows\Setup1.exe
2012-05-18 14:20 . 2011-11-16 16:10 73216 ----a-w- c:\windows\ST6UNST.EXE
2012-05-17 14:42 . 2012-05-16 19:09 416 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2012-05-17 14:20 . 2008-11-12 23:45 1476 -c--a-w- c:\windows\system32\RdcyReg.reg
2012-05-17 14:20 . 2008-11-12 23:45 1366 -c--a-w- c:\windows\system32\Rsvchost.reg
2012-05-16 19:18 . 2012-05-16 19:18 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptComponent\9.0\1033\ResourceCache.dll
2012-05-16 19:17 . 2012-05-16 19:17 348256 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\VSTAHost\SSIS_ScriptTask\9.0\1033\ResourceCache.dll
2012-05-16 15:08 . 2008-04-25 16:16 916992 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 13:20 . 2008-04-25 16:16 1863168 ----a-w- c:\windows\system32\win32k.sys
2012-05-11 14:42 . 2008-04-25 16:16 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 14:42 . 2008-04-25 16:16 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-05-11 11:38 . 2008-04-25 16:16 385024 ----a-w- c:\windows\system32\html.iec
2012-05-04 13:16 . 2008-04-25 16:16 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-04 12:32 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-02 13:46 . 2008-04-25 21:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-13 15:45 . 2011-10-14 19:01 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-04-09 13:42 . 2012-04-09 13:46 65536 ----a-w- c:\windows\uninstal.exe
2012-04-04 20:56 . 2012-02-06 14:43 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-21 01:44 . 2012-03-21 01:44 171064 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-16_17.30.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-06-17 05:42 . 2012-06-17 05:42 16384 c:\windows\Temp\Perflib_Perfdata_724.dat
+ 2012-06-17 05:44 . 2012-06-17 05:44 16384 c:\windows\Temp\Perflib_Perfdata_10bc.dat
+ 2011-09-01 17:03 . 2012-06-17 17:36 226925 c:\windows\system32\inetsrv\MetaBase.bin
- 2011-09-01 17:03 . 2012-06-16 17:20 226925 c:\windows\system32\inetsrv\MetaBase.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\documents and settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe" [2012-05-08 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-04-16 159744]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2007-09-10 92160]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2009-10-07 2498560]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2011-10-20 434176]
"ComPortRedirector"="c:\program files\Com Port Redirector\red32_g.exe" [2005-01-31 115200]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFYWVAtQTdQRk4tOURGUUktUVpBR0otNllYVVItSg&inst=NzYtOTIzNTA3ODY5LVNUMTJGQVBQKzEtRERUKzAtRVVMQSsxLVNUMTJGT0krMS1TVDEyT0krMS1TVDEyQVBQKzE&prod=92&ver=2012.0.1808&mid=2c0a2faccec747d194f8d16836673757-8bf21e7c621116f937026d59630d1ecd27913fff" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-12-21 519584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\jhagedorn\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-30 809488]
RACurrTray.lnk - c:\qoobox\Quarantine\C\Program Files\PST\Binaries\RACurrTray.exe.vir [2011-12-19 651264]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
2006-11-16 21:20 73728 ----a-w- c:\program files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
backup=c:\windows\pss\Bluetooth Manager.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2012-03-26 14:00 640440 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2012-03-27 10:40 40376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ITSecMng]
2007-09-28 22:03 75136 -c--a-w- c:\program files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2008-08-11 17:41 63048 -c--a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\jhagedorn\\Local Settings\\Application Data\\Akamai\\netsession_win.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1234:TCP"= 1234:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [4/7/2009 10:05 AM 717296]
R0 vmci;VMware VMCI Bus Driver;c:\windows\system32\drivers\vmci.sys [8/8/2011 3:58 PM 98928]
R1 Comredir;Com Redirector;c:\windows\system32\drivers\comredir.sys [12/15/2011 8:55 AM 62016]
R1 MpKsla20858a5;MpKsla20858a5;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{49E561EF-10F3-4414-8B7E-9C138CE6C8C5}\MpKsla20858a5.sys [6/17/2012 12:14 PM 29904]
R1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\VirtualBackplane.sys [12/18/2011 8:44 PM 63512]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/25/2008 11:16 AM 14336]
R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [5/17/2010 9:07 PM 1122568]
R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [11/14/2011 11:00 AM 144744]
R2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [6/1/2011 2:31 PM 71016]
R2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [6/1/2011 2:31 PM 152936]
R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 MSSQL$FTVIEWX64TAGDB;SQL Server (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe [4/3/2010 1:56 PM 42884448]
R2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [11/11/2011 5:27 PM 224104]
R2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [11/11/2011 5:27 PM 224104]
R2 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [6/1/2011 2:31 PM 202088]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [6/1/2011 2:31 PM 927080]
R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [7/26/2011 2:41 PM 861032]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [8/29/2011 11:11 PM 665200]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [4/25/2008 11:16 AM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [11/11/2011 5:27 PM 250216]
R3 ikbf5;GE Fanuc Keyboard Class Upper Filter Driver;c:\windows\system32\drivers\ikbf5.sys [8/12/2009 9:05 AM 12712]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 9:37 PM 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384]
S2 gupdate1c98afd2213ada6;Google Update Service (gupdate1c98afd2213ada6);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 4:26 PM 133104]
S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [12/18/2011 9:43 PM 109568]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 9:29 AM 257224]
S3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files\Rockwell Software\RSLogix Emulate 5000\V20\EmuLogix5868.exe [1/16/2012 6:50 PM 2888704]
S3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [7/8/2005 6:21 AM 1425408]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/9/2009 4:26 PM 133104]
S3 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [6/24/2011 9:36 PM 80232]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [6/12/2011 11:15 AM 31125880]
S3 pcidnt;pcidnt; [x]
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;c:\windows\system32\drivers\PcmkWdm.sys [4/22/2002 4:12 PM 58140]
S3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [7/26/2011 2:41 PM 130408]
S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 12:38 PM 16447]
S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [9/24/2010 3:38 PM 39067]
S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\RsiKtNG.sys [4/23/2002 5:02 PM 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [9/24/2010 3:38 PM 155440]
S3 SimModuleService;1789-SIM Simulator Module;c:\program files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [12/18/2011 9:34 PM 95232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [4/3/2010 1:56 PM 44896]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/30/2009 4:09 AM 239336]
S4 RsFx0150;RsFx0150 Driver;c:\windows\system32\drivers\RsFx0150.sys [4/3/2010 11:02 AM 240608]
S4 SQLAgent$FTVIEWX64TAGDB;SQL Server Agent (FTVIEWX64TAGDB);c:\program files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\SQLAGENT.EXE [4/3/2010 1:56 PM 367456]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [3/30/2009 4:23 AM 366936]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 55603622
*NewlyCreated* - MPKSLA20858A5
*Deregistered* - 55603622
*Deregistered* - aswMBR
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 04:13]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:26]
.
2012-06-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-09 21:26]
.
2012-06-17 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 22:03]
.
2012-06-17 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3709428727-3586996164-4243246027-1372.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
2012-06-14 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3709428727-3586996164-4243246027-1372.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-11-29 22:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
Trusted Zone: applications.skanskausa.com
Trusted Zone: industrialcontractors.com\icidc01
Trusted Zone: skanskausa.com
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxPie.cab
DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} - hxxp://raiseinstall.rockwellautomation.com/pstoolbox-lite-9-23-11/setup.ocx
DPF: {D96D3F0A-F1EF-4E16-9EAA-596AF71804DA} - hxxps://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxConsole.cab
DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} - hxxps://download.rockwellautomation.com/plugins/rockwell.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-17 12:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Akamai]
"ServiceDll"="c:\program files\common files\akamai/netsession_win_80c2ffa.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,18,86,9a,cc,4a,c3,45,91,c7,ab,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,68,18,86,9a,cc,4a,c3,45,91,c7,ab,\
.
[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1872)
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(7508)
c:\windows\system32\WININET.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\progra~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
c:\progra~1\MICROS~2\Office14\1033\GrooveIntlResource.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
.
Completion time: 2012-06-17 12:39:17
ComboFix-quarantined-files.txt 2012-06-17 17:39
ComboFix2.txt 2012-06-16 17:33
.
Pre-Run: 361,458,847,744 bytes free
Post-Run: 361,589,936,128 bytes free
.
- - End Of File - - B04E72C41A78703B56A90D5033F0569C

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 17 June 2012 - 02:34 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Java™ 6 Update 27 [/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 geegollygirl

geegollygirl
  • Topic Starter

  • Members
  • 60 posts
  • OFFLINE
  •  
  • Local time:09:35 AM

Posted 18 June 2012 - 08:09 AM

Here is the requested info. The only thing that came up on MBAM was in the folder I wasn't supposed to delete from so I didn't. Besides that all seemed to run as expected.

As for the CCleaner, what all does it do? I have been trying to run TFC and Auslogics Registry Cleaner weekly, would this be better than and/or take the place of one or both of these programs?

Here is the MBAM log...

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.18.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
jhagedorn :: D8R7PH1 [administrator]

6/17/2012 10:33:18 PM
mbam-log-2012-06-18 (07-08-11).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 589386
Time elapsed: 1 hour(s), 40 minute(s), 40 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\System Volume Information\_restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP319\A0111746.ini (Trojan.0access) -> No action taken.

(end)

And the Hijack this log...

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:03:52 AM, on 6/18/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.FTVIEWX64TAGDB\MSSQL\Binn\sqlservr.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Apoint\HidFind.exe
C:\WINDOWS\system32\vmnat.exe
C:\Program Files\Google\Google Talk\googletalk.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Com Port Redirector\red32_g.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Documents and Settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Citrix\ICA Client\WFCRUN32.EXE
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe
C:\Program Files\Winamp\winamp.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=3081105
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [ComPortRedirector] C:\Program Files\Com Port Redirector\red32_g.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=QUFYWVAtQTdQRk4tOURGUUktUVpBR0otNllYVVItSg"&"inst=NzYtOTIzNTA3ODY5LVNUMTJGQVBQKzEtRERUKzAtRVVMQSsxLVNUMTJGT0krMS1TVDEyT0krMS1TVDEyQVBQKzE"&"prod=92"&"ver=2012.0.1808"&"mid=2c0a2faccec747d194f8d16836673757-8bf21e7c621116f937026d59630d1ecd27913fff
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Documents and Settings\jhagedorn\Local Settings\Application Data\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: RACurrTray.lnk = C:\Qoobox\Quarantine\C\Program Files\PST\Binaries\RACurrTray.exe.vir
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O15 - Trusted Zone: http://*.applications.skanskausa.com
O15 - Trusted Zone: http://*.skanskausa.com
O16 - DPF: Garmin Communicator Plug-In - https://static.garmincdn.com/gcp/ie/2.9.2.0/GarminAxControl.CAB
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/WinNTChk.cab
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} (Device Detection) - http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
O16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/setup.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxEnc.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - https://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab
O16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/ClientInstall/RemoveCtrl.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/default/mjolauncher.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A050E865-64E3-431B-8079-F0DFCEA90A2D} (PieChart Class) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxPie.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {D59124D5-442C-44C5-BD9A-E81BB0582D55} (InstallShield Setup Player V16) - http://raiseinstall.rockwellautomation.com/pstoolbox-lite-9-23-11/setup.ocx
O16 - DPF: {D96D3F0A-F1EF-4E16-9EAA-596AF71804DA} (Trend Micro OfficeScan Management Console) - https://icidc01.industrialcontractors.com:4343/officescan/console/html/root/AtxConsole.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://rockwellautomation.webex.com/client/T27L10NSP11EP5/support/ieatgpc.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFAD8DA9-ED41-494D-AC8E-63D861D0A733} (getPlus+® Plugin) - https://download.rockwellautomation.com/plugins/rockwell.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = pcicorp.pcidesign.com
O17 - HKLM\Software\..\Telephony: DomainName = pcicorp.pcidesign.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = pcicorp.pcidesign.com
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: EmuLogix 5868 Slot0 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V20\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FactoryTalk Activation Service - Acresso Software Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: Proficy HMI/SCADA iFIX server (FIX) - GE Fanuc Intelligent Platforms, Inc. - C:\Program Files\GE Fanuc\Proficy iFIX\fixsrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate1c98afd2213ada6) (gupdate1c98afd2213ada6) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\WINDOWS\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\WINDOWS\system32\vmnat.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: DW WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 27817 bytes


THANKS!

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:35 AM

Posted 18 June 2012 - 08:15 AM

Greetings

They do there job differently but pretty much do the same thing (remove temp files)

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users