Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bagle Virus Infection


  • Please log in to reply

#16
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
RatHat,

I have downloaded IceSword and navigated to the appropriate folder but GOOGLETOOLBARNOTIFIER.EXE is not there. What should I do now??
  • 0

Advertisements


#17
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Lets delete the whole GOOGLETOOLBARNOTIFIER folder. You can re-install Google toolbar later when we have got rid of Bagle.

Use Icesword to do the deletion following the instructions above, and let me know if you have any problem deleting it OK.
  • 0

#18
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It has been deleted. When I first tried it said delete failed, then I tried force delete and again it said delete failed. I closed IceSword and reopened it and the folder is gone so I guess it worked..
  • 0

#19
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK,good, but lets zap the whole Google folder just to make sure!

Use Icesword to remove C:\PROGRAM FILES\GOOGLE as you have done before. If the dropper has been deleted, then the folder should delete easily.

After that run Combo-Fix again, then download a fresh version of DrWebCureIt and run it as outlined in post 9, then as soon as you have gone back into normal windows, run another F-Secure scan.

Post me the logs from Combo-Fix, DrWeb and F-Secure in your next reply, and lets see if we have managed to kill the dropper!

Fingers crossed!

RatHat
  • 0

#20
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Do you still require assistance with this log?

Regards,
RatHat
  • 0

#21
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Yes, I'm sorry I am taking so long... I have been working all week. All I still need to do is finish the F-secure scan. I will then forward the logs again. Again thank you for being patient with me.. :)
  • 0

#22
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, no problem.
  • 0

#23
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
RatHat,

Below are the logs that you have requested. Please let me know what you think.

ComboFix 08-04-20.2 - SMTurner 2008-04-22 20:06:00.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.264 [GMT -4:00]
Running from: C:\Documents and Settings\smturner\Desktop\Combo-Fix.exe
.

((((((((((((((((((((((((( Files Created from 2008-03-23 to 2008-04-23 )))))))))))))))))))))))))))))))
.

2008-04-20 22:28 . 2008-04-20 22:28 <DIR> d-------- C:\fsaua.data
2008-04-20 16:36 . 2008-04-20 16:54 <DIR> d-------- C:\Documents and Settings\smturner.STLBUD
2008-04-20 15:58 . 2008-04-20 16:00 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-04-20 14:29 . 2008-04-20 14:29 <DIR> d-------- C:\Deckard
2008-04-19 11:04 . 2008-04-19 11:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 11:03 . 2008-04-22 20:02 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 11:03 . 2008-04-19 11:03 <DIR> d-------- C:\Documents and Settings\smturner\Application Data\SUPERAntiSpyware.com
2008-04-19 10:53 . 2008-04-19 10:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 00:47 . 2008-04-19 00:47 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-19 00:47 . 2008-04-19 00:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-18 10:25 . 2008-04-18 10:29 66 --a------ C:\WINDOWS\PVB.INI
2008-04-17 21:58 . 2008-04-17 21:58 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-04-17 21:36 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-17 19:41 . 2008-04-19 00:30 <DIR> d-------- C:\201b79a5c3067caab4
2008-04-17 19:34 . 2008-04-19 00:30 <DIR> d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-17 19:34 . 2008-04-17 19:34 <DIR> d-------- C:\Program Files\Zone Labs
2008-04-17 19:34 . 2008-04-02 20:07 1,086,952 --a------ C:\WINDOWS\system32\zpeng24.dll
2008-04-17 19:34 . 2008-04-17 19:34 352,624 --a------ C:\WINDOWS\system32\vsconfig.xml
2008-04-17 19:32 . 2008-04-17 19:35 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-06 20:18 . 2008-04-22 19:40 123,726 --a------ C:\WINDOWS\system32\oodbs.lor
2008-04-06 20:16 . 2008-04-06 20:16 0 --a------ C:\WINDOWS\oodcnt.INI
2008-04-06 20:10 . 2008-04-06 20:21 <DIR> d-------- C:\WINDOWS\system32\oodag
2008-04-06 20:06 . 2008-04-06 20:06 <DIR> d-------- C:\Program Files\OO Software
2008-04-06 19:40 . 2008-04-06 19:40 <DIR> d-------- C:\WINDOWS\system32\AppData
2008-04-03 16:29 . 2008-04-03 16:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-03-30 12:39 . 2008-03-30 12:40 4 --a------ C:\WINDOWSRegDefrag.dat
2008-03-30 12:30 . 2008-03-30 12:30 57,344 --a------ C:\WINDOWS\system32\ROCD7.tmp
2008-03-30 11:44 . 2008-03-30 11:44 <DIR> d-------- C:\Documents and Settings\smturner\Application Data\Systweak
2008-03-30 11:43 . 2008-04-06 19:50 <DIR> d-------- C:\Program Files\Advanced System Optimizer
2008-03-30 11:41 . 2006-03-14 14:00 544,833 --a------ C:\WINDOWS\system32\wbocx.ocx
2008-03-30 11:41 . 2004-12-07 10:11 258,352 --a------ C:\WINDOWS\system32\unicows.dll
2008-03-30 11:41 . 2002-03-01 17:58 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2008-03-30 11:41 . 1999-11-22 15:50 4,608 --a------ C:\WINDOWS\system32\W95INF32.DLL
2008-03-30 11:41 . 1999-11-22 15:50 2,272 --a------ C:\WINDOWS\system32\W95INF16.DLL
2008-03-30 11:41 . 1999-12-02 12:42 439 --a------ C:\WINDOWS\system32\shfolder.inf
2008-03-25 09:21 . 2008-03-25 09:21 <DIR> d-------- C:\Temp\AOPDiagnostics
2008-03-25 09:13 . 2008-03-25 09:13 <DIR> d-------- C:\CGCM
2008-03-25 09:13 . 2002-01-09 16:40 362,200 --a------ C:\WINDOWS\system32\Vsprint7.ocx
2008-03-25 09:13 . 1995-07-25 23:00 200,704 --a------ C:\WINDOWS\system32\THREED32.OCX
2008-03-25 09:13 . 1998-11-19 09:46 111,104 --a------ C:\WINDOWS\system32\cscomb32.ocx

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 01:13 --------- d-----w C:\Program Files\TightVNC
2008-03-25 13:14 --------- d-----w C:\Program Files\Rockwell Software
2008-03-25 13:12 --------- d-----w C:\Program Files\Rockwell Automation
2008-03-25 13:10 --------- d-----w C:\Program Files\Common Files\Rockwell
2008-03-25 04:14 --------- d-----w C:\Documents and Settings\smturner\Application Data\gspec
2008-03-23 23:45 63,024 ----a-w C:\Documents and Settings\smturner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 23:03 --------- d-----w C:\Program Files\gspec
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\win32k.sys
2008-03-18 23:49 --------- d-----w C:\Program Files\ControlFLASH
2008-03-18 23:21 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-18 16:14 --------- d-----w C:\Program Files\Common Files\Siemens
2008-03-18 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Siemens
2008-03-18 16:12 --------- d-----w C:\Program Files\SIEMENS
2008-03-16 15:54 --------- d-----w C:\Program Files\FKI Logistex
2008-03-01 13:06 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
.

((((((((((((((((((((((((((((( snapshot_2008-04-20_16.28.04.69 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-20 20:14:49 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-22 23:40:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-02-27 19:59:28 290,816 ----a-w C:\WINDOWS\Downloaded Program Files\auc_lib.dll
+ 2008-02-27 19:59:28 495,616 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll
+ 2008-02-27 20:00:12 262,144 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll
+ 2008-02-27 19:59:16 588,392 ----a-w C:\WINDOWS\Downloaded Program Files\gatelauncher.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll" [2004-04-15 16:05 856135 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-15 16:05 4866048]
"nwiz"="nwiz.exe" [2004-04-15 16:05 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 88363 C:\WINDOWS\agrsmmsg.exe]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-04-20 15:23 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-04-20 15:23 94208]
"UsbCipHelper"="C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 19:25 434176]
"S7UB Start"="C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2006-03-13 23:59 102453]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 24576 C:\WINDOWS\system32\000StTHK.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27 385024]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08 2512392]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2004-11-01 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.g723"= g723.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
--a------ 2004-06-03 02:50 204800 C:\Program Files\Microsoft IntelliPoint\point32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 16:27 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
--a------ 2004-08-06 09:27 860160 C:\Program Files\Analog Devices\SoundMAX\smax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 22:05 204288 C:\Program Files\Windows Media Player\WMPNSCFG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"=
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"=
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Common Files\\ArchestrA\\aaLogger.exe"=
"C:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe"=
"C:\\Program Files\\Wonderware\\InTouch\\wm.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\WINDOWS\\system32\\OpcEnum.exe"=
"C:\\WINDOWS\\system32\\dllhost.exe"=
"C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"445:TCP"= 445:TCP:@xpsp2res.dll,-22005
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"102:TCP"= 102:TCP:DAS SI 102
"135:TCP"= 135:TCP:DCOM 135
"502:TCP"= 502:TCP:Modicon 502
"1434:UDP"= 1434:UDP:SQL Server Browser 1434
"1433:TCP"= 1433:TCP:SQL TCP 1433
"2221:TCP"= 2221:TCP:DAS ABTCP 2221
"2222:TCP"= 2222:TCP:DAS ABTCP 2222
"2223:TCP"= 2223:TCP:DAS ABTCP 2223
"5413:TCP"= 5413:TCP:Port 5413
"80:TCP"= 80:TCP:SuiteVoyager 80
"443:TCP"= 443:TCP:SuiteVoyager 443
"9001:TCP"= 9001:TCP:vista 9001
"9002:TCP"= 9002:TCP:EnvMngr 9002
"9003:TCP"= 9003:TCP:MsgMngr 9003
"9004:TCP"= 9004:TCP:SecMngr 9004
"9006:TCP"= 9006:TCP:RedMngr 9006
"9007:TCP"= 9007:TCP:UnilinkMngr 9007
"9008:TCP"= 9008:TCP:BatchMngr 9008
"9011:TCP"= 9011:TCP:LogMngr 9011
"9012:TCP"= 9012:TCP:InfoMngr 9012
"9013:UDP"= 9013:UDP:RedMngrX 9013
"9014:UDP"= 9014:UDP:RedMngrX2 9014
"9015:TCP"= 9015:TCP:HistQMngrvista 9015
"9016:TCP"= 9016:TCP:HistQReader 9016
"44818:TCP"= 44818:TCP:Logix 44818

R1 RtIf;Radisys INTime;C:\WINDOWS\system32\drivers\RtIf.sys [2004-07-21 10:43]
R2 almservice;Automation License Manager Service;"C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe" [2006-07-27 15:15]
R2 Dpmtrcdd;Dpmtrcdd;C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys [2006-07-11 15:16]
R2 INtimeClockSync;INtime Clock Synchronization;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTClkSrv.exe [2003-05-12 06:10]
R2 INtimeEventLog;INtime Event Log;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTELSrv.exe [2003-05-12 06:10]
R2 INtimeIO;INtime I/O;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTIOSrv.exe [2003-05-12 06:10]
R2 INtimeKernel;INtime Kernel;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\LoadRTK.exe [2003-05-12 06:10]
R2 INtimeRegistry;INtime Registry;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTRegSrv.exe [2003-05-12 06:10]
R2 s7asysvx;S7 Global Services;"C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe" [2006-03-13 19:00]
R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;C:\WINDOWS\system32\Drivers\S7odpx2x.sys [2007-10-05 11:40]
R2 s7oiehsx;SIMATIC IEPG Help Service;C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [2007-10-05 11:51]
R2 s7osmcax;s7osmcax;C:\WINDOWS\system32\Drivers\s7osmcax.sys [2007-10-05 11:44]
R2 s7otranx;s7otranx;C:\WINDOWS\system32\Drivers\s7otranx.sys [2007-10-05 11:47]
R2 s7snsrtx;PROFINET IO RT-Protocol;C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys [2007-07-30 12:06]
R2 S7TraceServiceX;S7TraceServiceX;C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [2007-08-31 11:32]
R2 scpdrv;scpdrv;C:\PROGRAM FILES\COMMON FILES\SIEMENS\SWS\PLUGINS\SCP\scpdrv.sys [2003-11-10 18:22]
R2 slssvc;Wonderware SuiteLink;"C:\Program Files\Common Files\ArchestrA\slssvc.exe" [2004-07-07 13:07]
R2 SNTIE;SIMATIC Industrial Ethernet (ISO);C:\WINDOWS\system32\DRIVERS\sntie.sys [2007-08-10 09:34]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 17:38]
R3 EventServer;Rockwell Event Server;"C:\Program Files\Common Files\Rockwell\EventServer.exe" [2005-06-23 19:29]
R3 INtimeNodeDetection;INtime Node Detection;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTNDSrv.exe [2003-05-12 06:10]
R3 NtxRemote;INtime Remote Connection Manager;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\NTXREM~1.EXE [2003-05-12 06:10]
R3 S7oppilx;S7oppilx;C:\WINDOWS\system32\Drivers\S7oppilx.sys [2007-10-05 11:42]
S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys []
S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2000-05-31 21:13]
S3 CW10;Intel® PRO/Wireless LAN Module Driver;C:\WINDOWS\system32\DRIVERS\CW51Usb.sys [2002-07-16 17:22]
S3 EntivityVLCRTPublish;Entivity VLC RTPublish;C:\PROGRA~1\VLC\VLC_6_0\Bin\RTPUBL~1.EXE [2003-05-12 06:10]
S3 EntivityVLCTEEngine;Entivity VLC TEEngine;C:\PROGRA~1\VLC\VLC_6_0\Bin\TEEngine.exe [2003-05-12 06:10]
S3 INtimeDriver3C5xx;INtime 3Com 3C5xx Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeDriverEepro100;INtime Eepro100 Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeDriverLoopback;INtime Loopback Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeDriverNe;INtime NE Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeDriverRtl8139;INtime Rtl8139 Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeDriverTulip;INtime Tulip Driver;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeIP;INtime IP;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeNetworkService;INtime Network Service;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\stacksrv.exe [2003-05-12 06:10]
S3 INtimeRawIP;INtime Raw IP;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeTCP;INtime TCP;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 INtimeUDP;INtime UDP ;C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe [2003-05-12 06:10]
S3 IRIMAGER;Raytek Ti30, IR-Imager USB Driver (irimager.sys);C:\WINDOWS\system32\Drivers\irimager.sys [2004-11-23 11:24]
S3 pcidnt;A-B 1784-PCIDS;C:\WINDOWS\system32\Drivers\pcidnt.sys []
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys [2000-06-21 13:50]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [1999-11-10 10:27]
S3 RSI-PKTX-A;RSI-PKTX-A;C:\WINDOWS\system32\drivers\RSI-PKTX-A.SYS [2002-11-13 16:38]
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2006-01-18 12:33]
S3 RSLINXNGKtControl;RSLINXNGKtControl;C:\WINDOWS\system32\drivers\RSIKTNG.SYS [2002-04-23 21:02]
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [1999-05-11 15:48]
S3 s7oefs_x;SIMATIC MPI/EFS Driver;C:\WINDOWS\system32\drivers\s7oefs_x.sys [2002-10-18 03:34]
S3 s7oppitx;s7oppitx;C:\WINDOWS\system32\Drivers\S7oppitx.sys [2007-10-05 11:43]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{478b7611-0c7b-11dd-99d5-000e7b8951ef}]
\Shell\AutoRun\command - E:\nideiect.com
\Shell\explore\Command - E:\nideiect.com
\Shell\open\Command - E:\nideiect.com

.
Contents of the 'Scheduled Tasks' folder
"2008-04-21 14:12:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2007-11-07 19:21:49 C:\WINDOWS\Tasks\Critical Battery Alarm Program.job"
"2008-04-22 15:00:49 C:\WINDOWS\Tasks\User_Feed_Synchronization-{CDA94BA5-6E98-4722-85FA-F16B6CE2517E}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 20:10:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-22 20:12:23
ComboFix-quarantined-files.txt 2008-04-23 00:12:01
ComboFix2.txt 2008-04-21 23:30:38
ComboFix3.txt 2008-04-20 20:28:37
ComboFix4.txt 2008-04-20 19:45:47

Pre-Run: 37,818,957,824 bytes free
Post-Run: 37,822,898,176 bytes free

242 --- E O F --- 2008-04-20 20:00:24


DrWeb

A0380131.dll;C:\System Volume Information\_restore{EB3E5D44-F574-4345-B64A-E3057FF3E2C5}\RP597;Adware.Hotbar;;
A0380132.dll;C:\System Volume Information\_restore{EB3E5D44-F574-4345-B64A-E3057FF3E2C5}\RP597;Program.RemoteAdmin;;
A0380133.exe;C:\System Volume Information\_restore{EB3E5D44-F574-4345-B64A-E3057FF3E2C5}\RP597;Program.RemoteAdmin;;


Scanning Report
Thursday, April 24, 2008 20:11:29 - 08:42:33
Computer name: STLBUD
Scanning type: Scan system for malware, rootkits
Target: C:\


--------------------------------------------------------------------------------

Result: 1 malware found
Tracking Cookie (spyware)
System

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 69189
System: 5187
Not scanned: 88
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 1
Submitted: 0
Files not scanned:
x]��]

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 2.30.0
F-Secure Hydra: 2.8.8110, 2008-04-24
F-Secure AVP: 7.0.171, 2008-04-25
F-Secure Pegasus: 1.20.0, 2008-02-28
F-Secure Blacklight: 1.0.64
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JPG LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.
  • 0

#24
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
RatHat,

I think we might be making progress. I was able to get Deckards to run were as I was unable before. Below are the logs for your review. Thanks again!

Deckard's System Scanner v20071014.68
Run by SMTurner on 2008-04-25 12:05:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
52: 2008-04-25 16:06:01 UTC - RP603 - Deckard's System Scanner Restore Point
51: 2008-04-25 14:34:30 UTC - RP602 - Restore Operation
50: 2008-04-24 13:30:47 UTC - RP601 - System Checkpoint
49: 2008-04-23 12:47:50 UTC - RP600 - System Checkpoint
48: 2008-04-22 01:20:08 UTC - RP599 - System Checkpoint


-- First Restore Point --
1: 2008-03-06 17:52:30 UTC - RP552 - Software Distribution Service 3.0


Backed up registry hives.
Performed disk cleanup.



-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-25 12:15:23
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\LoadRtk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\netdde.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\NtxRemote2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\SIEMENS\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtndsrv.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtclksrv.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtelsrv.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtiosrv.exe
C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtregsrv.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\agrsmmsg.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\SQLANY\dbsrv7.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\smturner\Desktop\dss.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digg.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stlvpn.alvey.com:80
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\Program Files\gspec\gspec.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\Program Files\gspec\gspec.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com...ex/qtplugin.cab
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.me...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194309813188
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193932360120
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} () - http://2.2.2.217/activex/AMC.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Plug-in 1.5.0_02) - http://java.sun.com/...indows-i586.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} () - https://home.fkilogi...plate/setup.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\Software\..\Telephony: DomainName = na.FKILogistex.Local
O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = stlmo.fkilogistex.com
O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - (no file)
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Entivity VLC RTPublish (EntivityVLCRTPublish) - Unknown owner - C:\Program Files\VLC\VLC_6_0\Bin\rtpublish.exe
O23 - Service: Entivity VLC TEEngine (EntivityVLCTEEngine) - Entivity - C:\Program Files\VLC\VLC_6_0\Bin\TEEngine.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCOMMON\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: INtime Clock Synchronization (INtimeClockSync) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtclksrv.exe
O23 - Service: INtime 3Com 3C5xx Driver (INtimeDriver3C5xx) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Eepro100 Driver (INtimeDriverEepro100) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Loopback Driver (INtimeDriverLoopback) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime NE Driver (INtimeDriverNe) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Rtl8139 Driver (INtimeDriverRtl8139) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Tulip Driver (INtimeDriverTulip) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Event Log (INtimeEventLog) - RadiSys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtelsrv.exe
O23 - Service: INtime I/O (INtimeIO) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtiosrv.exe
O23 - Service: INtime IP (INtimeIP) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Kernel (INtimeKernel) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\LoadRtk.exe
O23 - Service: INtime Network Service (INtimeNetworkService) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\StackSrv.Exe
O23 - Service: INtime Node Detection (INtimeNodeDetection) - RadiSys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtndsrv.exe
O23 - Service: INtime Raw IP (INtimeRawIP) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Registry (INtimeRegistry) - RadiSys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Rtregsrv.exe
O23 - Service: INtime TCP (INtimeTCP) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: INtime UDP (INtimeUDP) - TenAsys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\Itwrpsrv.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: INtime Remote Connection Manager (NtxRemote) - RadiSys Corporation - C:\Program Files\Common Files\Radisys\INtime\Release2.10.00\Bin\NtxRemote2.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\SIEMENS\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe


--
End of file - 17499 bytes

-- File Associations -----------------------------------------------------------

.scr - DWGTrueViewScriptFile - shell\open\command - "C:\WINDOWS\system32\notepad.exe" "%1"


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 Gernuwa - c:\windows\system32\drivers\gernuwa.sys <Not Verified; Symantec Corporation; pcAnywhere>
R0 TVALZ (TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver) - c:\windows\system32\drivers\tvalz.sys <Not Verified; TOSHIBA Corporation; TOSHIBA Common Modules>
R1 AW_HOST - c:\windows\system32\drivers\aw_host5.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 awecho - c:\windows\system32\drivers\awechomd.sys <Not Verified; Symantec Corporation; pcAnywhere>
R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R1 RtIf (Radisys INTime) - c:\windows\system32\drivers\rtif.sys <Not Verified; TenAsys Corporation; INtime>
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 Dpmtrcdd - c:\windows\system32\drivers\dpmtrcdd.sys <Not Verified; SIEMENS AG; SIMATIC NET Software>
R2 s7odpx2x (SIMATIC MPI/PROFIBUS DPX2 Driver) - c:\windows\system32\drivers\s7odpx2x.sys <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>
R2 s7osmcax - c:\windows\system32\drivers\s7osmcax.sys <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>
R2 s7otranx - c:\windows\system32\drivers\s7otranx.sys <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>
R2 s7snsrtx (PROFINET IO RT-Protocol) - c:\windows\system32\drivers\s7snsrtx.sys <Not Verified; SIEMENS AG; Siemens PROFINET IO RT-Protocol>
R2 scpdrv - c:\program files\common files\siemens\sws\plugins\scp\scpdrv.sys
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
R2 SNTIE (SIMATIC Industrial Ethernet (ISO)) - c:\windows\system32\drivers\sntie.sys <Not Verified; SIEMENS AG; SIMATIC NET Software>
R3 pfc (Padus ASPI Shell) - c:\windows\system32\drivers\pfc.sys <Not Verified; Padus, Inc.; Padus® ASPI Shell>
R3 S7oppilx - c:\windows\system32\drivers\s7oppilx.sys <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>

S1 VirtualBackplane (A-B Virtual Backplane) - c:\windows\system32\drivers\virtualbackplane.sys (file missing)
S3 ABKTCX (Rockwell Automation 1784-KTC(X) Driver) - c:\windows\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 catchme - c:\combo-fix\catchme.sys (file missing)
S3 CW10 (Intel® PRO/Wireless LAN Module Driver) - c:\windows\system32\drivers\cw51usb.sys <Not Verified; Intel Corporation; Intel® PRO/Wireless 2011B LAN USB Device>
S3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
S3 IRIMAGER (Raytek Ti30, IR-Imager USB Driver (irimager.sys)) - c:\windows\system32\drivers\irimager.sys <Not Verified; Cypress; IR-Imager>
S3 Jukebox3 - c:\windows\system32\drivers\ctpdusb.sys (file missing)
S3 LVUSBSta (Logitech USB Monitor Filter) - c:\windows\system32\drivers\lvusbsta.sys (file missing)
S3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan (Enterprise, ASaP & Retail.)>
S3 PalmUSBD - c:\windows\system32\drivers\palmusbd.sys (file missing)
S3 pcidnt (A-B 1784-PCIDS) - c:\windows\system32\drivers\pcidnt.sys (file missing)
S3 PcmkWdm (%PcmkWdm.DeviceDesc%) - c:\windows\system32\drivers\pcmkwdm.sys <Not Verified; Rockwell Software, Inc.; PcmkWdm Driver>
S3 QCMerced (Logitech QuickCam Communicate) - c:\windows\system32\drivers\lvcm.sys (file missing)
S3 RS_SS_NT (RSLinx Classic S-S SD/SD2 Device Driver) - c:\windows\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\windows\system32\rsikt.sys <Not Verified; Rockwell Software Inc.; RSLinx>
S3 RSI-PKTX-A - c:\windows\system32\drivers\rsi-pktx-a.sys <Not Verified; Rockwell Automation; PKTX RIO Adapter Driver>
S3 RSLINXNGKtControl - c:\windows\system32\drivers\rsiktng.sys <Not Verified; Rockwell Software Inc.; RSLinx>
S3 RSSERIAL (RSLinx Classic Serial Driver) - c:\windows\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>
S3 s7oefs_x (SIMATIC MPI/EFS Driver) - c:\windows\system32\drivers\s7oefs_x.sys <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7™ Programmable Controller>
S3 s7oppitx - c:\windows\system32\drivers\s7oppitx.sys <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>
S3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 aaLogger (ArchestrA Logger) - "c:\program files\common files\archestra\aalogger.exe" <Not Verified; Invensys Systems, Inc.; ArchestrA common>
R2 almservice (Automation License Manager Service) - "c:\program files\common files\siemens\sws\almsrv\almsrvx.exe" <Not Verified; SIEMENS AG; Automation License Manager®>
R2 FS Service Control - "c:\program files\common files\archestra\ntservapp.exe" <Not Verified; Wonderware Corporation; Wonderware License Service Application>
R2 INtimeClockSync (INtime Clock Synchronization) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\rtclksrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows NT>
R2 INtimeEventLog (INtime Event Log) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\rtelsrv.exe <Not Verified; RadiSys Corporation; INtime -- Real Time for Windows NT>
R2 INtimeIO (INtime I/O) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\rtiosrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
R2 INtimeKernel (INtime Kernel) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\loadrtk.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
R2 INtimeRegistry (INtime Registry) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\rtregsrv.exe <Not Verified; RadiSys Corporation; INtime -- Real Time for Windows NT>
R2 Reflection TimeSync - "c:\program files\reflection\rtsserv.exe" <Not Verified; WRQ, Inc.; Reflection TimeSync>
R2 RNADiagnosticsService (FactoryTalk Diagnostics Local Reader) - "c:\program files\common files\rockwell\rnadiagnosticssrv.exe" <Not Verified; Rockwell Automation; Factory Talk Diagnostics>
R2 RNADirectory (Rockwell Directory Server) - "c:\program files\common files\rockwell\rnadirserver.exe" <Not Verified; Rockwell Software Inc.; FactoryTalk ®>
R2 Rockwell HMI Diagnostics - "c:\program files\rockwell software\rsview enterprise\hmidiagnosticslstadapt.exe" <Not Verified; Rockwell Software, Inc.; ViewStudio>
R2 RSLinxNG (RSLinx Enterprise) - "c:\program files\rockwell software\rslinx enterprise\rslinxng.exe" /service <Not Verified; Rockwell Automation; RSLinx Enterprise>
R2 RsvcHost (Rockwell Application Services) - "c:\program files\common files\rockwell\rsvchost.exe" <Not Verified; Rockwell Software Inc.; FactoryTalk ®>
R2 s7asysvx (S7 Global Services) - "c:\program files\siemens\step7\s7bin\s7asysvx.exe" <Not Verified; SIEMENS AG; SIEMENS® STEP 7/S7™ Programmable Controller>
R2 s7oiehsx (SIMATIC IEPG Help Service) - c:\program files\common files\siemens\s7iepg\s7oiehsx.exe <Not Verified; SIEMENS AG; SIMATIC Device Operating System®>
R2 S7TraceServiceX - c:\program files\common files\siemens\automation\traceengine\bin\s7traceservicex.exe <Not Verified; SIEMENS AG; SIMATIC Trace Engine>
R2 slssvc (Wonderware SuiteLink) - "c:\program files\common files\archestra\slssvc.exe" <Not Verified; Invensys Systems, Inc.; ArchestrA Common>
R2 Viewpoint Manager Service - "c:\program files\viewpoint\common\viewpointservice.exe" <Not Verified; Viewpoint Corporation; Viewpoint Manager>
R3 EventClientMultiplexer (Rockwell Event Multiplexer) - "c:\program files\common files\rockwell\eventclientmultiplexer.exe" <Not Verified; Rockwell Software Inc.; FactoryTalk ®>
R3 EventServer (Rockwell Event Server) - "c:\program files\common files\rockwell\eventserver.exe" <Not Verified; Rockwell Software Inc.; FactoryTalk ®>
R3 INtimeNodeDetection (INtime Node Detection) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\rtndsrv.exe <Not Verified; RadiSys Corporation; INtime -- Real Time for Windows NT>
R3 NtxRemote (INtime Remote Connection Manager) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\ntxrem~1.exe <Not Verified; RadiSys Corporation; INtime -- Real Time for Windows NT>
R3 RNADirMultiplexor (Rockwell Directory Multiplexer) - "c:\program files\common files\rockwell\rnadirmultiplexor.exe" <Not Verified; Rockwell Software Inc.; FactoryTalk ®>

S3 dnWhoDisp - c:\program files\rockwell software\rslinx\dnwhodisp.exe <Not Verified; Rockwell Automation, Inc.; dnWhoDisp Module>
S3 EntivityVLCRTPublish (Entivity VLC RTPublish) - c:\progra~1\vlc\vlc_6_0\bin\rtpubl~1.exe <Not Verified; ; rtpublish Module>
S3 EntivityVLCTEEngine (Entivity VLC TEEngine) - c:\progra~1\vlc\vlc_6_0\bin\teengine.exe <Not Verified; Entivity; Visual Logic Controller>
S3 gusvc (Google Updater Service) - "c:\program files\google\common\google updater\googleupdaterservice.exe" (file missing)
S3 Harmony - "c:\program files\rockwell software\rscommon\rsobserv.exe" <Not Verified; Rockwell Automation, Inc.; Rockwell Software Harmony services>
S3 INtimeDriver3C5xx (INtime 3Com 3C5xx Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeDriverEepro100 (INtime Eepro100 Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeDriverLoopback (INtime Loopback Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeDriverNe (INtime NE Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeDriverRtl8139 (INtime Rtl8139 Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeDriverTulip (INtime Tulip Driver) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeIP (INtime IP) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeNetworkService (INtime Network Service) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\stacksrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeRawIP (INtime Raw IP) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeTCP (INtime TCP) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 INtimeUDP (INtime UDP ) - c:\progra~1\common~1\radisys\intime\releas~1.00\bin\itwrpsrv.exe <Not Verified; TenAsys Corporation; INtime -- Real Time for Windows>
S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 RNADiagReceiver (FactoryTalk Diagnostics CE Receiver) - "c:\program files\common files\rockwell\rnadiagreceiver.exe" <Not Verified; ; Rockwell Software FactoryTalk Diagnostics>
S3 Rockwell HMI Activity Logger - "c:\program files\rockwell software\rsview enterprise\rsactivitylogserv.exe" <Not Verified; Rockwell Software, Inc.; RSView Enterprise>
S3 Rockwell Tag Server - "c:\program files\rockwell software\rsview enterprise\tagsrv.exe" <Not Verified; Rockwell Software, Inc.; HMICore>
S3 RSLinx (RSLinx Classic) - c:\progra~1\rockwe~2\rslinx\rslinx.exe /service <Not Verified; Rockwell Automation, Inc.; RSLinx Classic>
S3 WWNetDDE (Wonderware NetDDE Helper) - "c:\program files\common files\archestra\wwnetdde.exe" <Not Verified; Invensys Systems, Inc.; ArchestrA common>
S4 awhost32 (pcAnywhere Host Service) - c:\program files\symantec\pcanywhere\awhost32.exe <Not Verified; Symantec Corporation; pcAnywhere>
S4 McAfeeFramework (McAfee Framework Service) - c:\program files\network associates\common framework\frameworkservice.exe /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
S4 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel® PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&16793A72&0&28F0
Manufacturer: Intel Corporation
Name: Intel® PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27418086&REV_05\4&16793A72&0&28F0
Service: w29n51


-- Scheduled Tasks -------------------------------------------------------------

2008-04-25 11:47:28 428 --ah----- C:\WINDOWS\Tasks\User_Feed_Synchronization-{CDA94BA5-6E98-4722-85FA-F16B6CE2517E}.job
2008-04-21 10:12:01 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2007-11-07 15:21:49 112 --a------ C:\WINDOWS\Tasks\Critical Battery Alarm Program.job


-- Files created between 2008-03-25 and 2008-04-25 -----------------------------

2008-04-25 10:32:39 0 dr-h----- C:\Documents and Settings\smturner\Recent
2008-04-25 10:32:36 0 d-------- C:\fsaua.data
2008-04-20 22:22:03 0 drahs---- C:\autorun.inf
2008-04-20 16:54:59 0 d-------- C:\Documents and Settings\smturner.STLBUD\DoctorWeb
2008-04-20 16:36:42 0 dr-h----- C:\Documents and Settings\smturner.STLBUD\SendTo
2008-04-20 16:36:42 0 d--h----- C:\Documents and Settings\smturner.STLBUD\Recent
2008-04-20 16:36:42 0 d--h----- C:\Documents and Settings\smturner.STLBUD\PrintHood
2008-04-20 16:36:42 0 d--h----- C:\Documents and Settings\smturner.STLBUD\NetHood
2008-04-20 16:36:42 0 d-------- C:\Documents and Settings\smturner.STLBUD\My Documents
2008-04-20 16:36:42 0 d--h----- C:\Documents and Settings\smturner.STLBUD\Local Settings
2008-04-20 16:36:42 0 d-------- C:\Documents and Settings\smturner.STLBUD\Favorites
2008-04-20 16:36:42 0 d-------- C:\Documents and Settings\smturner.STLBUD\Desktop
2008-04-20 16:36:42 0 d--hs---- C:\Documents and Settings\smturner.STLBUD\Cookies
2008-04-20 16:36:42 0 dr-h----- C:\Documents and Settings\smturner.STLBUD\Application Data
2008-04-20 16:36:42 0 d---s---- C:\Documents and Settings\smturner.STLBUD\Application Data\Microsoft
2008-04-20 16:36:41 0 d--h----- C:\Documents and Settings\smturner.STLBUD\Templates
2008-04-20 16:36:41 0 dr------- C:\Documents and Settings\smturner.STLBUD\Start Menu
2008-04-20 16:36:41 786432 --ah----- C:\Documents and Settings\smturner.STLBUD\NTUSER.DAT
2008-04-20 16:08:22 0 d-------- C:\Documents and Settings\LocalService\Desktop
2008-04-20 15:16:48 0 d-------- C:\cmdcons
2008-04-20 15:13:46 68096 --a------ C:\WINDOWS\zip.exe
2008-04-20 15:13:46 49152 --a------ C:\WINDOWS\VFind.exe
2008-04-20 15:13:46 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-04-20 15:13:46 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-04-20 15:13:46 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-04-20 15:13:46 98816 --a------ C:\WINDOWS\sed.exe
2008-04-20 15:13:46 80412 --a------ C:\WINDOWS\grep.exe
2008-04-20 15:13:46 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-04-19 11:04:28 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 11:03:54 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 11:03:54 0 d-------- C:\Documents and Settings\smturner\Application Data\SUPERAntiSpyware.com
2008-04-19 10:53:40 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-19 00:47:54 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-19 00:47:51 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-17 21:58:04 0 d-------- C:\WINDOWS\system32\NtmsData
2008-04-17 19:41:49 0 d-------- C:\201b79a5c3067caab4
2008-04-17 19:34:42 0 d-------- C:\WINDOWS\system32\ZoneLabs
2008-04-17 19:32:56 0 d-------- C:\WINDOWS\Internet Logs
2008-04-06 20:10:12 0 d-------- C:\WINDOWS\system32\oodag
2008-04-06 20:06:04 0 d-------- C:\Program Files\OO Software
2008-04-06 19:40:48 0 d-------- C:\WINDOWS\system32\AppData
2008-04-03 16:29:44 0 d-------- C:\Documents and Settings\All Users\Application Data\Protexis
2008-03-30 12:39:50 4 --a------ C:\WINDOWSRegDefrag.dat
2008-03-30 11:44:36 0 d-------- C:\Documents and Settings\smturner\Application Data\Systweak
2008-03-30 11:43:31 0 d-------- C:\Program Files\Advanced System Optimizer
2008-03-30 11:41:06 4608 --a------ C:\WINDOWS\system32\W95INF32.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-30 11:41:06 2272 --a------ C:\WINDOWS\system32\W95INF16.DLL <Not Verified; Microsoft Corporation; Microsoft® Plus! for Windows® 95>
2008-03-30 11:41:05 50688 --a------ C:\WINDOWS\system32\wbhelp2.dll <Not Verified; Stardock.Net, Inc; WindowBlinds for Win32 x86 machines>
2008-03-30 11:25:40 0 d-------- C:\WINDOWS\pss
2008-03-25 09:13:09 0 d-------- C:\CGCM


-- Find3M Report ---------------------------------------------------------------

2008-04-20 21:13:20 0 d-------- C:\Program Files\TightVNC
2008-04-19 10:53:40 0 d-------- C:\Program Files\Common Files
2008-04-04 20:49:46 0 d-------- C:\Documents and Settings\smturner\Application Data\Adobe
2008-03-25 09:14:15 0 d-------- C:\Program Files\Rockwell Software
2008-03-25 09:12:26 0 d-------- C:\Program Files\Rockwell Automation
2008-03-25 09:10:19 0 d-------- C:\Program Files\Common Files\Rockwell
2008-03-25 00:14:04 0 d-------- C:\Documents and Settings\smturner\Application Data\gspec
2008-03-23 19:45:32 63024 --a------ C:\Documents and Settings\smturner\Application Data\GDIPFONTCACHEV1.DAT
2008-03-19 19:03:49 0 d-------- C:\Program Files\gspec
2008-03-18 19:49:54 0 d-------- C:\Program Files\ControlFLASH
2008-03-18 19:21:58 0 d-------- C:\Program Files\Common Files\Adobe
2008-03-18 12:14:17 0 d-------- C:\Program Files\Common Files\Siemens
2008-03-18 12:12:52 0 d-------- C:\Program Files\SIEMENS
2008-03-16 11:54:14 0 d-------- C:\Program Files\FKI Logistex


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-04-15 16:05]
"nwiz"="nwiz.exe" [2004-04-15 16:05 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-20 16:00 C:\WINDOWS\agrsmmsg.exe]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2008-04-20 15:23]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2008-04-20 15:23]
"UsbCipHelper"="C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 19:25]
"S7UB Start"="C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2006-03-13 23:59]
"000StTHK"="000StTHK.exe" [2001-06-23 21:28 C:\WINDOWS\system32\000StTHK.exe]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-10 16:27]
"OODefragTray"="C:\WINDOWS\system32\oodtray.exe" [2007-05-11 02:08]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVIEW"="nview.dll,nViewLoadHook" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:56]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PCANotify]
PCANotify.dll 2004-11-01 12:50 8704 C:\WINDOWS\system32\PCANotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HOTSYNCSHORTCUTNAME.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HOTSYNCSHORTCUTNAME.lnk
backup=C:\WINDOWS\pss\HOTSYNCSHORTCUTNAME.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
"C:\Program Files\Microsoft IntelliPoint\point32.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMax]
"C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
C:\Program Files\Windows Media Player\WMPNSCFG.exe


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{478b7611-0c7b-11dd-99d5-000e7b8951ef}]
AutoRun\command- E:\nideiect.com
explore\Command- E:\nideiect.com
open\Command- E:\nideiect.com




-- End of Deckard's System Scanner: finished at 2008-04-25 12:16:52 ------------

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel® Pentium® M processor 1500MHz
Percentage of Memory in Use: 69%
Physical Memory (total/avail): 511.3 MiB / 154.87 MiB
Pagefile Memory (total/avail): 1246.97 MiB / 860.22 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1917.96 MiB

C: is Fixed (NTFS) - 55.88 GiB total, 35 GiB free.
D: is CDROM (No Media)
Z: is Network (NTFS)

\\.\PHYSICALDRIVE0 - IC25N060ATMR04-0 - 55.89 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 55.88 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled:pcAnywhere Main Program"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\WINDOWS\\system32\\OpcEnum.exe"="C:\\WINDOWS\\system32\\OpcEnum.exe:*:Enabled:OPCEnum.exe"
"C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"="C:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE:*:Enabled:RSLinx.exe"
"C:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"="C:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe:*:Enabled:OPCTestClient.exe"
"C:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe"="C:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv7.exe:*:Enabled:Adaptive Server Anywhere Network Server"
"C:\\Program Files\\SIEMENS\\Step7\\S7BIN\\S7tgtopx.exe"="C:\\Program Files\\SIEMENS\\Step7\\S7BIN\\S7tgtopx.exe:*:Enabled:SIEMENS STEP7 SIMATIC Manager"
"C:\\Program Files\\SIEMENS\\Step7\\S7INF\\S7usiapx.exe"="C:\\Program Files\\SIEMENS\\Step7\\S7INF\\S7usiapx.exe:*:Enabled:SIEMENS STEP7 S7InfoBox"
"C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"="C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe:*:Enabled:RSLogix 5000 v16.00.00 "
"C:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"="C:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"="C:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe:*:Enabled:RsvcHost.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"="C:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe:*:Enabled:RnaDirServer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"="C:\\Program Files\\Common Files\\Rockwell\\EventServer.exe:*:Enabled:EventServer.exe"
"C:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"="C:\\Program Files\\Common Files\\Rockwell\\DaClient.exe:*:Enabled:DaClient.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"="C:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe"
"C:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"="C:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe"
"C:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"="C:\\Program Files\\Common Files\\Rockwell\\VStudio.exe:*:Enabled:VStudio.exe"
"C:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe"="C:\\Program Files\\Rockwell Software\\RSView Enterprise\\MERuntime.exe:*:Enabled:MERuntime.exe"
"C:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe"="C:\\Program Files\\Rockwell Software\\RSView Enterprise\\TagSrv.exe:*:Enabled:TagSrv.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe:*:Enabled:RSLinxNG.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe"
"C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\CounterMonitor.exe"="C:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\CounterMonitor.exe:*:Enabled:CounterMonitor.exe"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\ArchestrA\\aaLogger.exe"="C:\\Program Files\\Common Files\\ArchestrA\\aaLogger.exe:*:Enabled:aaLogger.exe"
"C:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe"="C:\\Program Files\\Common Files\\ArchestrA\\slssvc.exe:*:Enabled:Slssvc.exe"
"C:\\Program Files\\Wonderware\\InTouch\\wm.exe"="C:\\Program Files\\Wonderware\\InTouch\\wm.exe:*:Enabled:wm.exe"
"C:\\WINDOWS\\system32\\mmc.exe"="C:\\WINDOWS\\system32\\mmc.exe:*:Enabled:mmc.exe"
"C:\\Program Files\\Common Files\\ArchestrA\\DASAgent.exe"="C:\\Program Files\\Common Files\\ArchestrA\\DASAgent.exe:*:Enabled:DASAgent.exe"
"C:\\WINDOWS\\system32\\dllhost.exe"="C:\\WINDOWS\\system32\\dllhost.exe:*:Enabled:dllhost.exe"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\helpctr.exe:*:Enabled:Remote Assistance - Windows Messenger and Voice"
"C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\WINAW32.EXE:*:Enabled:pcAnywhere Main Program"
"C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE"="C:\\Program Files\\Symantec\\pcAnywhere\\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service"
"C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe"="C:\\Program Files\\Symantec\\pcAnywhere\\awrem32.exe:*:Enabled:pcAnywhere Remote Service"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Common Files\\ArchestrA\\aaLogger.exe"="C:\\Program Files\\Common Files\\ArchestrA�
  • 0

#25
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
You know, I think we may have got it! Download Hijackthis and post a log:
  • Click here to download HijackThis.exe
  • Save HijackThis.exe to your desktop.
  • Doubleclick on the HijackThis.exe icon on your desktop.
  • By default it will install to C:\Program Files\HijackThis.
  • Continue to follow the rest of the prompts from there
  • Scan your computer and save a logfile
  • Post the log in your next reply.

I would also like you to create an Uninstall list for me:
  • Reopen HijackThis and click on the "Open the Misc Tools section" button.
  • Click on the "Open Uninstall Manager" button. Click the "Save List" button.
  • After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it, then the list should open in notepad.
  • Copy and paste that list here along with the HijackThis log.

Regards,
RatHat
  • 0

Advertisements


#26
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:14, on 2008-04-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\LoadRTK.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\NTXREM~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTNDSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTClkSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTELSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTIOSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTRegSrv.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\oodtray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\smturner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stlvpn.alvey.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\PROGRA~1\gspec\gspec.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\PROGRA~1\gspec\gspec.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - http://components.me...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194309813188
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193932360120
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://2.2.2.217/activex/AMC.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - https://home.fkilogi...plate/setup.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O17 - HKLM\Software\..\Telephony: DomainName = na.FKILogistex.Local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stlmo.fkilogistex.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Entivity VLC RTPublish (EntivityVLCRTPublish) - Unknown owner - C:\PROGRA~1\VLC\VLC_6_0\Bin\RTPUBL~1.EXE
O23 - Service: Entivity VLC TEEngine (EntivityVLCTEEngine) - Entivity - C:\PROGRA~1\VLC\VLC_6_0\Bin\TEEngine.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: INtime Clock Synchronization (INtimeClockSync) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTClkSrv.exe
O23 - Service: INtime 3Com 3C5xx Driver (INtimeDriver3C5xx) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Eepro100 Driver (INtimeDriverEepro100) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Loopback Driver (INtimeDriverLoopback) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime NE Driver (INtimeDriverNe) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Rtl8139 Driver (INtimeDriverRtl8139) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Tulip Driver (INtimeDriverTulip) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Event Log (INtimeEventLog) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTELSrv.exe
O23 - Service: INtime I/O (INtimeIO) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTIOSrv.exe
O23 - Service: INtime IP (INtimeIP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Kernel (INtimeKernel) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\LoadRTK.exe
O23 - Service: INtime Network Service (INtimeNetworkService) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\stacksrv.exe
O23 - Service: INtime Node Detection (INtimeNodeDetection) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTNDSrv.exe
O23 - Service: INtime Raw IP (INtimeRawIP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Registry (INtimeRegistry) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTRegSrv.exe
O23 - Service: INtime TCP (INtimeTCP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime UDP (INtimeUDP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Remote Connection Manager (NtxRemote) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\NTXREM~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~2\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe

--
End of file - 15519 bytes


Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 8.1.2
Apple Software Update
AutoCAD Express Tools Volumes 1-9
AutoCAD Mechanical 2004
Autodesk Express Viewer
Autodesk Inventor Plug-In 7.0
Autodesk Volo View 3.0
Automation License Manager V3.0 + HF1
BootP-DHCP Server
CCleaner (remove only)
CCLink Driver Version 6.6 B1
ClearKeeper
ControlFLASH
DeviceNet Node Commissioning Tool
DH Driver Cleaner Professional Edition
DWG TrueView
Entivity Visual Logic Controller 6.1
FactoryTalk Automation Platform 2.00 (CPR 7)
Firmware Upgrade Wizard for PanelView Plus 700-1500
FKI CAD 2004
FKI Logistex E-mail Template Manager
FKI Time Sheet Program 6.0
FKI Time Sheet Program 6.1
getPlus®_ocx
GlobalSpec Engineering Toolbar
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
InsideIR
Intel A/V Codecs V2.0
Intel® PRO Network Connections 12.3.31.0
InterVideo WinDVD Platinum
J2SE Runtime Environment 5.0 Update 2
Kaspersky Online Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.5 (Symantec Corporation)
Logix CPU Security Tool
Logix5000 Clock Update Tool
Logix5000 Task Monitor
Macromedia Shockwave Player
MELSEC ABF Driver Version 6.2.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Data Access Components KB870669
Microsoft English TTS Engine
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Visio Standard 2003
Microsoft Office XP Professional
Microsoft Outlook 2000
Microsoft Streets & Trips 2007
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual J# .NET Redistributable Package 1.1
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Network Express
NVIDIA Windows 2000/XP Display Drivers
O&O Defrag Professional Edition
PanelBuilder 1400e
PanelBuilder32
Parker Isysnet Analog Module Profiles
Parker Isysnet ASCII Module Profile
Parker Isysnet Discrete Module Profiles
PID Calculation Program
Print Request Form 7.0
ProWORX NxT
Quick Designer Advanced v3.40 TCP
Quick Designer Advanced v3.70 TCP
QuickTime
Reflection for HP with NS/VT 9.0
Rockwell Automation 1734 Analog Module Profiles
Rockwell Automation 1734 ASCII Module Profiles
Rockwell Automation 1734 Discrete Module Profiles
Rockwell Automation 1734 Specialty Module Profiles
Rockwell Automation 1738 Analog Module Profiles
Rockwell Automation 1738 ASCII Module Profiles
Rockwell Automation 1738 Discrete Module Profiles
Rockwell Automation 1738 Specialty Module Profiles
Rockwell Automation 1756 CNet Comms Module Profiles
Rockwell Automation 1756 ENet Comms Module Profiles
Rockwell Automation 1756 HART Module Profiles
Rockwell Automation 1769 Analog Module Profiles
Rockwell Automation 1769 Analog Module Profiles
Rockwell Automation 1769 ASCII Module Profiles
Rockwell Automation 1769 Boolean Module Profiles
Rockwell Automation 1769 Discrete Module Profiles
Rockwell Automation 1769 Specialty Module Profiles
Rockwell Automation 1791DS Discrete Module Profiles
Rockwell Automation Drives PowerFlex 4 Module Profiles
Rockwell Automation Drives PowerFlex 7 Module Profiles
Rockwell Automation Drives SCANport Module Profiles
Rockwell Automation Generic Safety Module Profiles
Rockwell Automation USB CIP Driver Package
Rockwell Software Hardware Maintenance Tool
Rockwell Windows Firewall Configuration Utility 1.00.01
RSLinx Classic 2.51.00 (CPR 7)
RSLinx Enterprise (CPR 7)
RSLogix 5 English 7.10.00 (CPR 7)
RSLogix 500 English 7.10.00 (CPR 7)
RSLogix 5000 Compare v2
RSLogix 5000 DeviceNet Tag Generator
RSLogix 5000 Faceplates
RSLogix 5000 IEC61131-3 Translation Tool
RSLogix 5000 Module Profile Core
RSLogix 5000 Module Profile Setup Utility
RSLogix 5000 Online Books v16.03.00
RSLogix 5000 Start Page Media v16.00.05
RSLogix 5000 System Updates
RSLogix 5000 v13.03
RSLogix 5000 v15.01
RSLogix 5000 v16.03.00 (CPR 9)
RSNetWorx for ControlNet 7.00.00 (CPR 7)
RSNetWorx for DeviceNet 7.00.00 (CPR 7)
RSView Machine Edition 4.00.00 (CPR 7)
S7-200 Explorer V1.0.5.8
SD Secure Module
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Sentinel System Driver 5.41.1 (32-bit)
SIMATIC STEP 7 V5.4 + SP1
SIMATIC PC Adapter USB V2.0
SIMATIC STEP 7-Micro/WIN 32 V3.2.0.105
SIMATIC STEP 7-Micro/WIN V4.0.5.08
SoundMAX
Steeplechase VLC - CP5613-14 Driver v6.0
SUPERAntiSpyware Free Edition
Symantec pcAnywhere
Tag Data Monitor Tool
Tag Upload Download Tool
TD Keypad Designer V1.0.5.08
Terminal Services Client
TightVNC 1.2.9
TOSHIBA Software Modem
TTS Wrapper
Ultraware
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar
Windows Driver Package - Intel (NETw4x32) net (04/30/2007 11.1.1.11)
Windows Driver Package - Intel (w29n51) net (04/04/2007 9.0.4.36)
Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
Windows Driver Package - Intel net (04/30/2007 11.1.1.11)
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows SD Host Controller Driver
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip
Wonderware InTouch
  • 0

#27
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
All is looking very good, just a cleanup and a final scan left and I think you will be in the clear.

Your version of Java is out of date. Please update to the latest version here (Java Runtime Environment (JRE) 6 Update 5). Once downloaded, install it and then Reboot your computer.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please uninstall the following programs:

J2SE Runtime Environment 5.0 Update 2
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar

  • Go to Start then Settings, then Control Panel
  • Choose Add or Remove Programs
  • Remove all of the above
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below, if they still remain.

O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\3.8.0\ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.914.9778\swg.dll (file missing)
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Common Files\Viewpoint\Toolbar Runtime\3.8.0\IEViewBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

So in your next post please include the contents of the MBAM log and a fresh HijackThis log, taken after completing all of the above. Also let me know if you are experiencing any further problems with your computer.

Regards,
RatHat
  • 0

#28
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
RatHat,

Below are the logs that you requested. The problems with my PC that are still evident are as follows:

My wireless connection still will not start even with using services.msc, I can't start the Wireless Zero Configuration.
My antivirus will not load at startup nor start manualy after boot. The services are disabled in services.msc also.
There are also many other services that are either stoped or disabled that should be started such as removable storage.
Is there a way to resolve these problems??

Thank You for all the help! It is greatly appreciated.


Malwarebytes' Anti-Malware 1.11
Database version: 682

Scan type: Quick Scan
Objects scanned: 38861
Time elapsed: 12 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:41, on 2008-04-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArchestrA\aaLogger.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Common Files\ArchestrA\NTServApp.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\LoadRTK.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\netdde.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\NTXREM~1.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Reflection\rtsserv.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
C:\Program Files\Common Files\ArchestrA\slssvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTNDSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTRegSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTClkSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTELSrv.exe
C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTIOSrv.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe
C:\Program Files\Common Files\Siemens\Sqlany\dbsrv7.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\smturner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.digg.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = stlvpn.alvey.com:80
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\PROGRA~1\gspec\gspec.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O3 - Toolbar: GlobalSpec Engineering Toolbar - {4E7BD74F-2B8D-469E-D1FB-EF7FB3D5FA7D} - C:\PROGRA~1\gspec\gspec.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [S7UB Start] "C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" -StartDB
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - http://components.me...MetaStream3.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1194309813188
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193932360120
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://2.2.2.217/activex/AMC.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com...obat/nos/gp.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - https://home.fkilogi...plate/setup.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by107fd.bay10...ex/HMAtchmt.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O17 - HKLM\Software\..\Telephony: DomainName = na.FKILogistex.Local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = stlmo.fkilogistex.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = na.FKILogistex.Local
O23 - Service: ArchestrA Logger (aaLogger) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\aaLogger.exe
O23 - Service: Automation License Manager Service (almservice) - SIEMENS AG - C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Entivity VLC RTPublish (EntivityVLCRTPublish) - Unknown owner - C:\PROGRA~1\VLC\VLC_6_0\Bin\RTPUBL~1.EXE
O23 - Service: Entivity VLC TEEngine (EntivityVLCTEEngine) - Entivity - C:\PROGRA~1\VLC\VLC_6_0\Bin\TEEngine.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FS Service Control - Wonderware Corporation - C:\Program Files\Common Files\ArchestrA\NTServApp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: INtime Clock Synchronization (INtimeClockSync) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTClkSrv.exe
O23 - Service: INtime 3Com 3C5xx Driver (INtimeDriver3C5xx) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Eepro100 Driver (INtimeDriverEepro100) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Loopback Driver (INtimeDriverLoopback) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime NE Driver (INtimeDriverNe) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Rtl8139 Driver (INtimeDriverRtl8139) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Tulip Driver (INtimeDriverTulip) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Event Log (INtimeEventLog) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTELSrv.exe
O23 - Service: INtime I/O (INtimeIO) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTIOSrv.exe
O23 - Service: INtime IP (INtimeIP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Kernel (INtimeKernel) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\LoadRTK.exe
O23 - Service: INtime Network Service (INtimeNetworkService) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\stacksrv.exe
O23 - Service: INtime Node Detection (INtimeNodeDetection) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTNDSrv.exe
O23 - Service: INtime Raw IP (INtimeRawIP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Registry (INtimeRegistry) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\bin\RTRegSrv.exe
O23 - Service: INtime TCP (INtimeTCP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime UDP (INtimeUDP) - TenAsys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\Itwrpsrv.exe
O23 - Service: INtime Remote Connection Manager (NtxRemote) - RadiSys Corporation - C:\PROGRA~1\COMMON~1\Radisys\INtime\RELEAS~1.00\Bin\NTXREM~1.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Reflection TimeSync - WRQ, Inc. - C:\Program Files\Reflection\rtsserv.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~2\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: S7 Global Services (s7asysvx) - SIEMENS AG - C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe
O23 - Service: SIMATIC IEPG Help Service (s7oiehsx) - SIEMENS AG - C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe
O23 - Service: S7TraceServiceX - SIEMENS AG - C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe
O23 - Service: Wonderware SuiteLink (slssvc) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\slssvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Wonderware NetDDE Helper (WWNetDDE) - Invensys Systems, Inc. - C:\Program Files\Common Files\ArchestrA\wwnetdde.exe

--
End of file - 14543 bytes
  • 0

#29
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, lets start by reinstalling your Anti Virus Software, and the Dell Wireless Zero Configuration. Bagle does damage a lot of files, and these may have been some of them.

Also install a firewall (if your AV does not have one built in). Here are a couple of free ones:
Now please delete Icesword and all its associated files, also the DrWebCureIt download files.

Next, lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Posted Image

Let me know how the AV and Dell Wireless Zero Config are now working.

Regards,
RatHat
  • 0

#30
TurnerT2

TurnerT2

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
I do not have a dell, I have a toshiba. I don't have a disk for my antivirus either. Is there any way to do a repair? I also still can't use system restore. It says unable to restore PC when it reboots.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP