ComboFix 12-08-04.02 - Donnie Boone 08/04/2012 16:37:36.1.8 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3317.1819 [GMT -4:00] Running from: c:\users\Donnie Boone\Desktop\ComboFix.exe AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\program files\pst c:\program files\pst\Crossworks\ABXWORKS.MDB c:\program files\pst\Discount\USA.dis c:\program files\pst\ProposalWorks\Drawing Models Data.xls c:\program files\pst\ProposalWorks\Microsoft.Office.Interop.Excel.dll c:\program files\pst\ProposalWorks\PMA Template.dot c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Czech\TechConnect Proposal Template_Czech.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Denmark\TechConnect Proposal Template_Denmark.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English UK\TechConnect Proposal Template_English_UK.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English\EMEA TechConnect Proposal Template.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English\Extended Parts and Labor Warranty Proposal Template.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English\Extended Parts Warranty Proposal Template.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English\PMA Proposal Template.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\English\TechConnect Proposal Template.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\France\TechConnect Proposal Template_France.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Germany\TechConnect Proposal Template_Germany.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Italy\TechConnect Proposal Template_Italy.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Netherlands\TechConnect Proposal Template_Netherlands.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Poland\TechConnect Proposal Template_Poland.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Sweden\TechConnect Proposal Template_Sweden.ptp c:\program files\pst\ProposalWorks\PROPOSAL\Bundled Services\Turkey\TechConnect Proposal Template_Turkey.ptp c:\program files\pst\ProposalWorks\Prosafe builder.ppsx c:\program files\pst\ProposalWorks\Prosafe.rgd c:\program files\pst\ProposalWorks\ProsafeBuilder.exe c:\program files\pst\ProposalWorks\ProsafeBuilder.exe.config c:\program files\pst\ProposalWorks\ProsafeBuilder.vshost.exe c:\program files\pst\ProposalWorks\ProsafeBuilder.vshost.exe.config c:\program files\pst\ProposalWorks\ProSafeDeviceList.xml c:\program files\pst\ProposalWorks\PST.PriceEngine.dll c:\program files\pst\ProposalWorks\Symx.ProSafeBuilder.Business.dll c:\program files\pst\ProposalWorks\Symx.ProSafeBuilder.Model.dll c:\program files\pst\ProposalWorks\Symx.TechConnect.Business.dll c:\program files\pst\ProposalWorks\Symx.TechConnect.Driver.dll c:\program files\pst\ProposalWorks\Symx.TechConnect.View.dll c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_IEC Delta Circuit Breaker_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_IEC Delta Disconnect_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_IEC Line Circuit Breaker_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_IEC Line Disconnect_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_NEMA Delta Circuit Breaker_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_NEMA Delta Disconnect_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_NEMA Line Circuit Breaker_SMC50.bmp c:\program files\pst\ProposalWorks\Tools\SMCHTMLTools\Applications\SCPDWizard\Images\fix pics\SCPD_NEMA Line Disconnect_SMC50.bmp c:\program files\pst\ProposalWorks\User Guide Prosafe Builder.pdf c:\program files\pst\RA_IAB\Input-Files\Appendix-Armor_Point_WiringDiagram.doc c:\program files\pst\RA_IAB\Input-Files\Appendix-PointIO_WiringDiagram.doc c:\program files\pst\RA_IAB\Labs\Distributed IO\DIO Migration Wizard - Lab.pdf c:\program files\pst\RA_IAB\Labs\Motion\CIP Motion - Lab.pdf c:\program files\pst\RA_IAB\Labs\Motion\SERCOS Motion - Lab.pdf c:\program files\pst\RA_IAB\Labs\SLC to CompactLogix\SLC to CompactLogix Migration Wizard - Lab.pdf c:\program files\pst\RA_IAB\OOReporting.dll c:\program files\pst\RA_IAB\OOReportingDriver.dll c:\program files\pst\RA_IAB\QuickStarts\Add Kinetix 6200 & 6500 Drives - QuickStart.pdf c:\program files\pst\RA_IAB\QuickStarts\Add Multiple Devices - QuickStart.pdf c:\program files\pst\RA_IAB\QuickStarts\Add Software to BOM - QuickStart.pdf c:\program files\pst\RA_IAB\QuickStarts\Copy Modules in Chassis Views - QuickStart.pdf c:\program files\pst\RA_IAB\QuickStarts\New Project Dialog - QuickStart.pdf c:\program files\pst\RA_IAB\Samples\1768_on_ENet.iab c:\program files\pst\RA_IAB\Samples\CMX 5370 on DNet.iab c:\program files\pst\RA_IAB\Samples\CMX 5370 on ENetIP.iab c:\program files\pst\RA_IAB\Samples\CMX CIP Motion K350.iab c:\program files\pst\RA_IAB\Samples\CMX CNet.iab c:\program files\pst\RA_IAB\Samples\CompactLogix Safety.iab c:\program files\pst\RA_IAB\Samples\ControlLogix_EtherNetIP_p22.iab c:\program files\pst\RA_IAB\Samples\ControlLogix_Redundant_ControlNet_p23.iab c:\program files\pst\Servers\REMSUP\REMSUP.rgd c:\program files\pst\TRCS\Formsave.ini c:\program files\pst\TRCS\TRCS\Comp\Rockwell.dbf c:\program files\pst\TRCS\TRCS\Comp\RockwellTree.dbf c:\program files\pst\User Defined Devices\Data\udd.mdb c:\programdata\3002.abs c:\users\Donnie Boone\Desktop\Internet Explorer.lnk c:\users\Donnie Boone\g2mdlhlpx.exe c:\users\Donnie Boone\SetupNI.dll c:\windows\assembly\GAC\Desktop.ini c:\windows\system32\UNWISE.EXE c:\windows\system32\URTTemp c:\windows\system32\URTTemp\regtlib.exe G:\install.exe . Infected copy of c:\windows\system32\Services.exe was found and disinfected Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 ))))))))))))))))))))))))))))))) . . 2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\unministrator\AppData\Local\temp 2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\dboone\AppData\Local\temp 2012-08-04 21:03 . 2012-08-04 21:03 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-08-04 20:16 . 2012-08-04 20:16 -------- d-----w- C:\_OTL 2012-08-04 13:40 . 2012-08-04 13:40 -------- d-----w- c:\windows\Downloaded Program Files 2012-08-03 20:32 . 2012-08-03 20:32 -------- d-----w- c:\windows\2C7D909F99544F67AC816F6D9D054A08.TMP 2012-08-03 15:25 . 2012-08-03 18:36 -------- d-----w- c:\program files\Enigma Software Group 2012-08-03 15:24 . 2012-08-04 15:23 -------- d-----w- c:\windows\CC1F6DA021D2425AB1B65B164A598450.TMP 2012-08-03 15:24 . 2012-08-03 18:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2012-08-03 15:17 . 2012-08-03 15:17 -------- d-----w- c:\windows\system32\wbem\Logs 2012-08-03 14:54 . 2012-08-03 14:54 -------- d-----w- c:\users\Donnie Boone\AppData\Roaming\DriverCure 2012-08-03 14:54 . 2012-08-03 14:54 -------- d-----w- c:\users\Donnie Boone\AppData\Roaming\SpeedyPC Software 2012-08-03 14:54 . 2012-08-04 15:22 -------- d-----w- c:\programdata\SpeedyPC Software 2012-08-03 00:04 . 2012-08-03 00:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-02 16:53 . 2012-08-04 13:43 80 ----a-w- C:\fix.bat 2012-08-02 16:38 . 2012-08-02 16:44 -------- d-----w- c:\users\Donnie Boone\AppData\Roaming\GetRightToGo 2012-07-31 10:53 . 2012-06-29 08:44 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CBD68D6-3EF3-4DFF-BFB6-2B927FA35AD9}\mpengine.dll 2012-07-11 20:42 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys 2012-07-09 22:12 . 2012-07-09 22:12 -------- d-----w- c:\program files\RAISE 2012-07-09 20:52 . 2012-07-10 18:41 -------- d-----w- c:\programdata\TRCS 2012-07-09 20:34 . 2002-08-29 06:00 24576 ------w- c:\windows\system32\MSXML3A.DLL 2012-07-09 20:34 . 2000-08-03 10:40 446464 ------w- c:\windows\system32\HHACTIVEX.DLL 2012-07-09 20:34 . 1999-07-29 05:10 477160 ------w- c:\windows\system32\Hhupd.exe 2012-07-09 20:25 . 2012-07-09 20:25 -------- d-----w- c:\program files\Common Files\SWF Studio . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-04 21:04 . 2011-09-04 20:54 17920 ----a-w- c:\windows\system32\rpcnetp.exe 2012-08-04 21:04 . 2011-07-16 15:14 58288 ----a-w- c:\windows\system32\rpcnet.dll 2012-08-04 12:20 . 2011-09-04 20:54 17920 ----a-w- c:\windows\system32\rpcnetp.dll 2012-08-03 15:25 . 2012-03-30 09:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-03 15:25 . 2011-10-29 23:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-17 11:13 . 2012-03-01 14:00 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll 2012-07-17 11:12 . 2012-03-01 14:00 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2012-07-17 11:06 . 2012-03-01 13:59 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2012-07-03 13:13 . 2012-03-20 11:17 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll 2012-07-03 13:12 . 2012-03-20 11:17 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll 2012-07-03 13:12 . 2012-03-20 11:17 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll 2012-06-04 17:42 . 2008-08-18 19:13 49592 ----a-w- c:\windows\system32\pkgslv.exe 2012-06-04 17:42 . 2008-08-18 19:13 46008 ----a-w- c:\windows\system32\pkgmgr.dll 2012-06-02 22:19 . 2012-06-21 15:25 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 15:25 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 15:25 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 15:25 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:19 . 2012-06-21 15:25 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:12 . 2012-06-21 15:25 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12 . 2012-06-21 15:25 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-21 15:25 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:12 . 2012-06-21 15:25 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 16:25 . 2011-08-03 23:52 237072 ------w- c:\windows\system32\MpSigStub.exe 2010-10-12 21:33 . 2010-10-12 21:33 124344 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll 2010-10-12 23:15 . 2010-10-12 23:15 13240 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll 2010-10-12 21:37 . 2010-10-12 21:37 70592 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll 2010-10-12 21:35 . 2010-10-12 21:35 91576 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll 2010-10-12 21:34 . 2010-10-12 21:34 22464 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll 2010-10-12 21:32 . 2010-10-12 21:32 255416 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll 2010-10-12 21:35 . 2010-10-12 21:35 31672 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll 2010-10-12 21:34 . 2010-10-12 21:34 40384 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll 2010-07-14 17:42 . 2010-07-14 17:42 898480 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll 2010-10-12 21:37 . 2010-10-12 21:37 24000 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll 2012-07-19 12:00 . 2011-11-15 16:34 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Akamai NetSession Interface"="c:\users\Donnie Boone\AppData\Local\Akamai\netsession_win.exe" [2012-05-26 4327744] "GoToMeeting"="c:\program files\Citrix\GoToMeeting\880\g2mstart.exe" [2012-01-03 39816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-01-25 536668] "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "WinVNC"="c:\program files\iTivity\bin\rfbd.exe" [2010-07-28 473600] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USBCIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2011-05-12 434176] "BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2009-05-26 1159168] "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2010-10-12 304568] "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248] "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704] . c:\users\Donnie Boone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled Yammer.lnk - c:\program files\Yammer\Yammer.exe [2011-11-26 142336] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\H:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6] 2011-10-07 09:40 1387288 ----a-w- c:\program files\Logitech\SetPointP\SetPoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint] 2011-04-13 19:02 1808784 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 09:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 DASABCIP;DASABCIP;c:\progra~1\WONDER~1\DAServer\DASABCIP\Bin\DASABCIP.exe [x] R3 DASABTCP;DASABTCP;c:\program files\Wonderware\DAServer\DASABTCP\Bin\DASABTCP.exe [x] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6032.sys [x] R3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [x] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 iTivityODConnector;iTivity Attended iAgent Connector Direct;c:\program files\iTivity\bin\connector_od.exe -runService -silent 0 [x] R3 iTivityODConnectToIASConnector;iTivity Attended iAgent Connector To IAS;c:\program files\iTivity\bin\connector_od.exe -runService -connectInetAccess -silent 0 [x] R3 iTivityODController;iTivity Attended iAgent Controller;c:\program files\iTivity\bin\processor_od.exe -runService -silent 0 [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil.sys [x] R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [x] R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [x] R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [x] R3 NWVNDIS;Novatel Wireless Virtual Network Adapter;c:\windows\system32\DRIVERS\NWVNdis.sys [x] R3 O2MDFRDR;O2MDFRDR;c:\windows\system32\DRIVERS\O2MDFw7.sys [x] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x] R3 pcidnt;A-B 1784-PCIDS;c:\windows\System32\Drivers\pcidnt.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [x] R3 SimModuleService;1789-SIM Simulator Module;c:\program files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 tcm;tcm;c:\windows\system32\DRIVERS\tcm.sys [x] R3 TridiaFTPServer;TridiaFTP Server;c:\program files\iTivity\bin\ftpd.exe [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x] R3 WwRpcSvr;WwRpcSvr;c:\windows\system32\wwinstsvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [x] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\VirtualBackplane.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x] S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [x] S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [x] S2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [x] S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [x] S2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [x] S2 rpcld;Remote Procedure Call (RPC) LD;c:\programdata\Rpcnet\Bin\rpcld.exe [x] S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME\TomTomHOMEService.exe [x] S2 tridiavnc;Tridia Screen Server;c:\program files\iTivity\bin\rfbd.exe [x] S2 VZWConfigService;VZW Config Service;c:\program files\Novatel Wireless\LTE Support\VZWMSConfig.exe [x] S2 WWLOGSVC;Wonderware Logger;c:\program files\Common Files\ArchestrA\wwlogsvc.exe [x] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [x] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x] S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [x] S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c6232.sys [x] S3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [x] S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\Drivers\LEqdUsb.Sys [x] S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\Drivers\LHidEqd.Sys [x] S3 MEI;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECI.sys [x] S3 NETwNs32;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NWRmNet_001;Novatel Wireless Verizon RmNet Network Adapter;c:\windows\system32\DRIVERS\NWRmNet_001.sys [x] S3 NWUSBModem_001;Novatel Wireless Verizon USB Modem Driver;c:\windows\system32\DRIVERS\nwusbmdm_001.sys [x] S3 NWUSBPort_001;Novatel Wireless Verizon USB Status Port Driver;c:\windows\system32\DRIVERS\nwusbser_001.sys [x] S3 NWUSBPort2_001;Novatel Wireless Verizon USB Status2 Port Driver;c:\windows\system32\DRIVERS\nwusbser2_001.sys [x] S3 O2MDRRDR;O2MDRRDR;c:\windows\system32\DRIVERS\O2MDRw7.sys [x] S3 O2SDJRDR;O2SDJRDR;c:\windows\system32\DRIVERS\o2sdjw7.sys [x] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc . Contents of the 'Scheduled Tasks' folder . 2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 15:25] . 2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:17] . 2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-12-04 20:17] . . ------- Supplementary Scan ------- . uStart Page = hxxp://foxnews.com/ uInternet Settings,ProxyOverride = IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll Trusted Zone: foxnews.com\www Trusted Zone: unimin.com\webmail TCP: DhcpNameServer = 66.174.95.44 69.78.96.14 FF - ProfilePath - c:\users\Donnie Boone\AppData\Roaming\Mozilla\Firefox\Profiles\647c36j5.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.unimin.com/ FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p= . . ------- File Associations ------- . .scr=AutoCADLTScriptFile . - - - - ORPHANS REMOVED - - - - . HKCU-Run-ElevatedDiagnostics - (no file) HKU-Default-Run-ElevatedDiagnostics - (no file) SafeBoot-03487784.sys MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe AddRemove-HASP Device Drivers - c:\windows\system32\UNWISE.EXE . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\atieclxx.exe c:\windows\system32\WUDFHost.exe c:\program files\Common Files\ArchestrA\aaLogger.exe c:\program files\Avira\AntiVir Desktop\avguard.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Avira\AntiVir Desktop\avshadow.exe c:\windows\system32\conhost.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\conhost.exe c:\program files\Common Files\ArchestrA\NTServApp.exe c:\program files\Rockwell Software\FactoryTalk Activation\flexsvr.exe c:\lotus\notes\ntmulti.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe c:\windows\System32\rpcnet.exe c:\program files\Common Files\Rockwell\RsvcHost.exe c:\program files\Common Files\ArchestrA\slssvc.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe c:\program files\Common Files\Rockwell\RnaDirServer.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe c:\program files\Brother\Brmfcmon\BrMfimon.exe c:\program files\Citrix\ICA Client\wfcrun32.exe c:\program files\Citrix\GoToMeeting\880\g2mcomm.exe c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe c:\program files\Citrix\GoToMeeting\880\g2mlauncher.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Completion time: 2012-08-04 17:11:32 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-04 21:11 . Pre-Run: 225,729,032,192 bytes free Post-Run: 225,605,140,480 bytes free . - - End Of File - - 28552C47FD859E9E8C6C2A0ABDCC2897