psc23351

Members
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

About psc23351

  • Rank
    Member
  1. Hi CeciliaB Here is the new dds.log. . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by 1704420 Ontario Inc at 22:22:35 on 2011-07-29 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.138 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Rockwell\NmspHost.exe C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Rockwell\RdcyHost.exe C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe C:\PROGRA~1\ROCKWE~2\RSLinx\RSLINX.EXE C:\Program Files\Common Files\Rockwell\RsvcHost.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\TOSHIBA\TouchED\TouchED.exe C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe C:\WINDOWS\system320THotkey.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\igfxsrvc.exe C:\WINDOWS\system32\TFNF5.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe svchost.exe C:\Program Files\Common Files\Rockwell\EventServer.exe C:\Program Files\Common Files\Rockwell\RnaDirServer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPSMain] TPSMain.exe mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [TFncKy] TFncKy.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [CognexOpc] c:\program files\cognex\in-sight\in-sight opc server 3.3.0\OpcInSight.exe -I mRun: [TOSDCR] TOSDCR.EXE mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe mRun: [S7UB Start] "c:\program files\common files\siemens\s7ubtoox\s7ubtstx.exe" -StartDB mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe mRun: [00THotkey] c:\windows\system320THotkey.exe mRun: [000StTHK] 000StTHK.exe mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TFNF5] TFNF5.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [WinCC flexible Smart Start] "c:\program files\siemens\simatic wincc flexible\wincc flexible 2008\HmiSmartStart.exe" /startup mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\170442~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe uPolicies-explorer: DisablePersonalDirChange = 1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8E112997-EA3C-4EE4-8704-6BFE07518B62} : DhcpNameServer = 192.168.0.1 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\1704420 ontario inc\application data\mozilla\firefox\profiles\[email protected]\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-3 64288] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-3-22 20992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-7-1 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-10 101720] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2007-11-30 5888] R2 almservice;Automation License Manager Service;c:\program files\common files\siemens\sws\almsrv\almsrvx.exe [2010-3-29 1594368] R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [2007-6-25 266240] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2007-6-25 28363] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 2151640] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-6 10384] R2 LogReceiver;LogReceiver;c:\program files\rockwell software\rslinx enterprise\LogReceiver.exe [2007-7-9 94208] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2006-5-9 203552] R2 MSSQL$WINCC;SQL Server (WINCC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-5-9 28938072] R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\microsoft sql server\mssql$winccflexible\binn\sqlservr.exe [2005-5-4 9150464] R2 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\rockwell software\rsview enterprise\RsAlarmLogServ.exe [2007-9-18 77824] R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\rockwell software\rsview enterprise\ServerFramework.exe [2007-9-18 491520] R2 s7asysvx;S7 Global Services;c:\program files\siemens\step7\s7bin\s7asysvx.exe [2008-7-14 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [2010-3-2 77312] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\siemens\s7iepg\s7oiehsx.exe [2010-3-2 1576072] R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [2010-3-2 209920] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [2010-3-1 31232] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [2010-3-2 173568] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2009-2-24 73088] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\common files\siemens\automation\traceengine\bin\S7TraceServiceX.exe [2010-3-2 240776] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-29 74968] R2 SSCService;SIMATIC Security Control Service;c:\program files\common files\siemens\simaticsecuritycontrol\ssc_service_x.exe [2007-7-17 339968] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856] R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2007-11-30 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016] R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [2007-11-5 115654] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-5-14 26137] R3 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2007-9-17 217088] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [2010-4-8 12112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-22 35968] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-24 15232] R3 NmspHost;Rockwell Namespace Services;c:\program files\common files\rockwell\NmspHost.exe [2007-9-18 212992] R3 RdcyHost;Rockwell Redundancy Services;c:\program files\common files\rockwell\RdcyHost.exe [2007-9-18 212992] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2007-11-30 435072] S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [2001-10-29 113600] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?] S2 CCAgent;CCAgent;c:\program files\common files\siemens\ace\bin\ccagent.exe --> c:\program files\common files\siemens\ace\bin\CCAgent.exe [?] S2 CCEClient;CCEClient;c:\program files\common files\siemens\ace\bin\cceclient.exe --> c:\program files\common files\siemens\ace\bin\CCEClient.exe [?] S2 CCEServer;CCEServer;c:\program files\common files\siemens\ace\bin\cceserver.exe --> c:\program files\common files\siemens\ace\bin\CCEServer.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 RedundancyControl;RedundancyControl;c:\program files\common files\siemens\ace\bin\redundancycontrol.exe --> c:\program files\common files\siemens\ace\bin\RedundancyControl.exe [?] S2 RedundancyState;RedundancyState;c:\program files\common files\siemens\ace\bin\redundancystate.exe --> c:\program files\common files\siemens\ace\bin\RedundancyState.exe [?] S2 SCSMonitor;SCSMonitor;c:\program files\common files\siemens\ace\bin\scsmx.exe --> c:\program files\common files\siemens\ace\bin\SCSMX.exe [?] S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2000-5-31 71448] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?] S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [2000-4-5 8192] S3 cgnxcdc;cgnxcdc;c:\windows\system32\drivers\cgnxcdc.sys [2010-5-5 49152] S3 CogISSvc;Cognex In-Sight Port Service;c:\program files\cognex\in-sight\in-sight explorer 3.3.0\utilities\cogissvc.exe [2006-7-18 172632] S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\cognex\in-sight\in-sight opc server 3.3.0\OpcInSightService.exe [2006-7-18 24576] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [2005-7-4 68280] S3 ExtranetAccess;Contivity VPN Service;c:\program files\textron vpn client\Extranet_serv.exe [2009-5-14 835584] S3 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\common files\rockwell\FTAEArchiver.exe [2007-9-17 61440] S3 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\common files\rockwell\FTAE_HistServ.exe [2007-9-17 143360] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-5-14 155152] S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\drivers\pcidnt.sys --> c:\windows\system32\drivers\pcidnt.sys [?] S3 RnaAeServer;Rockwell Alarm Server;c:\program files\common files\rockwell\RnaAeServer.exe [2007-9-17 270336] S3 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\common files\rockwell\RnaAlarmMux.exe [2007-9-21 753664] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [1999-11-10 142592] S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [2002-11-13 16447] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2006-1-18 39067] S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [2002-4-23 38999] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [1999-5-11 155440] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [2007-12-5 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [2007-12-5 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2002-10-18 30512] S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2010-3-2 124928] S3 S7OUSBPX;S7OUSBPX;c:\windows\system32\drivers\S7OUSBPX.sys [2008-11-26 27212] S3 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [2008-4-28 94208] S3 SQLAgent$WINCC;SQL Server Agent (WINCC);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2006-4-14 319776] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\microsoft sql server\mssql$winccflexible\binn\sqlagent.EXE [2005-5-3 323584] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-4-22 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] . =============== Created Last 30 ================ . 2011-07-27 02:04:30 -------- d-----w- c:\program files\ESET 2011-07-25 15:01:01 -------- d-----w- c:\program files\HD Tune 2011-07-25 04:06:36 -------- d-----w- c:\documents and settings\1704420 ontario inc\application data\ElevatedDiagnostics 2011-07-20 00:03:24 -------- d-sha-r- C:\cmdcons 2011-07-18 17:44:52 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-07-18 17:44:51 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 23:07:52 208896 ----a-w- c:\windows\MBR.exe 2011-07-15 23:07:50 256000 ----a-w- c:\windows\PEV.exe 2011-07-05 21:56:11 -------- d-----w- c:\program files\common files\Merge Modules 2011-07-05 20:41:32 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-07-05 20:41:32 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-01 04:56:06 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-06-30 19:42:34 -------- d-----w- c:\program files\Atlas Copco Tools AB . ==================== Find3M ==================== . 2011-07-18 18:24:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-18 17:42:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-29 13:26:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-29 13:25:40 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-07 18:33:44 10532 --sh--r- C:\EVRSI.SYS 2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll 1998-04-28 00:15:06 570128 ------w- c:\program files\common files\dao350.dll . ============= FINISH: 22:25:28.89 ===============
  2. Hi CeciliaB Looks like this took care of it, no longer in the c:\Windows\System32 folder. Here is the log file from the Combofix run. ComboFix 11-07-29.01 - 1704420 Ontario Inc 07/29/2011 11:20:12.9.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.333 [GMT -4:00] Running from: c:\documents and settings\1704420 Ontario Inc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\1704420 Ontario Inc\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . FILE :: "c:\windows\system32\nwwksp.dll" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\system32\nwwksp.dll . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-29 ))))))))))))))))))))))))))))))) . . 2011-07-27 02:04 . 2011-07-27 02:04 -------- d-----w- c:\program files\ESET 2011-07-25 15:01 . 2011-07-25 15:01 -------- d-----w- c:\program files\HD Tune 2011-07-25 04:06 . 2011-07-25 04:06 -------- d-----w- c:\documents and settings\1704420 Ontario Inc\Application Data\ElevatedDiagnostics 2011-07-18 17:44 . 2011-07-18 17:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-18 17:44 . 2011-07-18 17:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-05 21:56 . 2011-07-05 21:56 -------- d-----w- c:\program files\Common Files\Merge Modules 2011-07-05 20:41 . 2011-07-05 20:41 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-05 04:06 . 2011-07-05 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-07-01 04:56 . 2011-06-29 13:25 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-06-30 19:42 . 2011-06-30 19:42 -------- d-----w- c:\program files\Atlas Copco Tools AB . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-18 18:24 . 2011-06-20 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-18 17:42 . 2007-04-22 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-29 13:26 . 2009-11-10 14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-29 13:25 . 2011-06-29 13:27 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys 2011-06-02 14:02 . 2007-04-22 19:44 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-04-22 20:15 692736 ------w- c:\windows\system32\inetcomm.dll 1998-04-28 00:15 . 2007-12-03 02:49 570128 ------w- c:\program files\Common Files\dao350.dll . . ((((((((((((((((((((((((((((( [email protected]_00.58.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-29 15:37 . 2011-07-29 15:37 16384 c:\windows\Temp\Perflib_Perfdata_4b0.dat + 2011-07-29 15:37 . 2011-07-29 15:37 16384 c:\windows\Temp\Perflib_Perfdata_47c.dat + 2011-07-29 15:37 . 2011-07-29 15:37 16384 c:\windows\Temp\Perflib_Perfdata_468.dat + 2011-07-29 15:37 . 2011-07-29 15:37 16384 c:\windows\Temp\Perflib_Perfdata_2fc.dat - 2007-04-22 20:19 . 2011-07-19 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-04-22 20:19 . 2011-07-29 15:46 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2011-07-16 12:29 . 2011-07-19 21:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-29 12:58 . 2011-07-29 15:46 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-05 19:39 . 2011-07-29 15:44 235342 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPSMain"="TPSMain.exe" [2006-07-26 315392] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-28 1191216] "TFncKy"="TFncKy.exe" [BU] "NDSTray.exe"="NDSTray.exe" [BU] "TPSODDCtl"="TPSODDCtl.exe" [2007-02-02 110592] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "CognexOpc"="c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe" [2006-07-18 90112] "TOSDCR"="TOSDCR.EXE" [2005-12-13 57344] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2008-07-15 102453] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 434176] "00THotkey"="c:\windows\system320THotkey.exe" [2006-07-05 258048] "000StTHK"="000StTHK.exe" [2001-06-23 24576] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "RTHDCPL"="RTHDCPL.EXE" [2007-03-12 16125440] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608] "TFNF5"="TFNF5.exe" [2006-04-10 622592] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880] "WinCC flexible Smart Start"="c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" [2010-04-20 118784] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . c:\documents and settings\1704420 Ontario Inc\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-1 813584] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\Miniweb.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/3/2009 9:54 PM 64288] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 4:07 PM 20992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 6:23 PM 6528] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/1/2011 12:56 AM 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/10/2009 10:12 AM 101720] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [11/30/2007 2:38 PM 5888] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [3/29/2010 9:13 AM 1594368] R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [6/25/2007 4:46 PM 266240] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 4:47 PM 28363] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 2151640] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/6/2009 10:26 AM 10384] R2 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [7/9/2007 10:47 AM 94208] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [5/9/2006 8:31 AM 203552] R2 MSSQL$WINCC;SQL Server (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/9/2006 8:32 AM 28938072] R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 9:29 AM 29178224] R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [5/4/2005 12:04 AM 9150464] R2 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [9/18/2007 9:35 PM 77824] R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [9/18/2007 8:21 PM 491520] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 8:02 PM 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [3/2/2010 8:37 AM 77312] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [3/2/2010 8:47 AM 1576072] R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [3/2/2010 8:38 AM 209920] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [3/1/2010 4:51 PM 31232] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [3/2/2010 8:40 AM 173568] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2/24/2009 5:39 PM 73088] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [3/2/2010 8:47 AM 240776] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/29/2011 9:27 AM 74968] R2 SSCService;SIMATIC Security Control Service;c:\program files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [7/17/2007 11:36 AM 339968] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856] R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [11/30/2007 2:38 PM 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016] R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [11/5/2007 12:31 PM 115654] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [5/14/2009 10:54 AM 26137] R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [9/17/2007 11:36 PM 217088] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [4/8/2010 11:15 AM 12112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/22/2007 4:20 PM 35968] R3 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [9/18/2007 12:57 AM 212992] R3 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [9/18/2007 12:57 AM 212992] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [11/30/2007 2:41 PM 435072] S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [10/29/2001 1:53 PM 113600] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?] S2 CCAgent;CCAgent;c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe [?] S2 CCEClient;CCEClient;c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe [?] S2 CCEServer;CCEServer;c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 RedundancyControl;RedundancyControl;c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe [?] S2 RedundancyState;RedundancyState;c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe [?] S2 SCSMonitor;SCSMonitor;c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe --> c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe [?] S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 7:13 PM 71448] S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [4/5/2000 2:22 PM 8192] S3 cgnxcdc;cgnxcdc;c:\windows\system32\drivers\cgnxcdc.sys [5/5/2010 4:42 PM 49152] S3 CogISSvc;Cognex In-Sight Port Service;c:\program files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Utilities\cogissvc.exe [7/18/2006 8:20 AM 172632] S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSightService.exe [7/18/2006 8:46 AM 24576] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [7/4/2005 4:04 PM 68280] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Textron VPN Client\Extranet_serv.exe [5/14/2009 10:54 AM 835584] S3 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [9/17/2007 11:29 PM 61440] S3 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [9/17/2007 11:29 PM 143360] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [5/14/2009 10:54 AM 155152] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [9/24/2010 3:45 PM 15232] S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?] S3 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [9/17/2007 11:32 PM 270336] S3 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [9/21/2007 2:27 PM 753664] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 8:27 AM 142592] S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 2:38 PM 16447] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 10:33 AM 39067] S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [4/23/2002 7:02 PM 38999] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 1:48 PM 155440] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [12/5/2007 11:25 AM 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [12/5/2007 11:25 AM 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512] S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [3/2/2010 8:39 AM 124928] S3 S7OUSBPX;S7OUSBPX;c:\windows\system32\drivers\S7OUSBPX.sys [11/26/2008 9:34 AM 27212] S3 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [4/28/2008 11:24 PM 94208] S3 SQLAgent$WINCC;SQL Server Agent (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [4/14/2006 10:06 AM 319776] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [5/3/2005 9:42 PM 323584] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/22/2007 3:44 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-07-29 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-29 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-29 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-29 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll FF - ProfilePath - c:\documents and settings\1704420 Ontario Inc\Application Data\Mozilla\Firefox\Profiles\[email protected]\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-07-29 11:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3879435519-312499763-1611728940-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1808) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(5020) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\TOSHIBA\TME3\TMEEJMD.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msdtc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe c:\program files\Rockwell Software\RSLINX\dnwhodisp.exe c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE c:\program files\COMMON FILES\SIEMENS\ALMPANELPLUGIN\ALMPANELPLUGIN.EXE c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe c:\program files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe c:\program files\Rockwell Software\RSView Enterprise\TagSrv.exe c:\progra~1\ROCKWE~2\RSLinx\RSLINX.EXE c:\program files\Common Files\Rockwell\RsvcHost.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\mqsvc.exe c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TME3\TMEEJME.EXE c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\program files\Common Files\Rockwell\RnaDirServer.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\TFNF5.exe c:\windows\system32\igfxext.exe c:\program files\Common Files\Siemens\Sqlany\dbsrv9.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Microsoft Office\Office\1033\msoffice.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2011-07-29 11:56:49 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-29 15:56 ComboFix2.txt 2011-07-29 03:09 ComboFix3.txt 2011-07-28 17:22 ComboFix4.txt 2011-07-28 13:23 ComboFix5.txt 2011-07-29 15:16 . Pre-Run: 23,352,578,048 bytes free Post-Run: 23,366,496,256 bytes free . Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - F130F944CC5C47DCE50FE8B697AEDE7A Is there anything I should do to verify or cleanup. Thankyou for all your time and effort. Not sure where you find all the time for this. psc23351
  3. Hi CeciliaB It looks like a normal Combofix log not a short one it was 24K size same as all the rest. Avast identified the malware file here is the log. aswMBR version 0.9.8.977 Copyright© 2011 AVAST Software Run date: 2011-07-29 08:23:34 ----------------------------- 08:23:34.562 OS Version: Windows 5.1.2600 Service Pack 3 08:23:34.562 Number of processors: 2 586 0xF0D 08:23:34.562 ComputerName: 1704420_1 UserName: 08:23:36.187 Initialize success 08:33:55.468 AVAST engine defs: 11072900 08:34:10.593 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 08:34:10.593 Disk 0 Vendor: Hitachi_ SBDO Size: 114473MB BusType: 3 08:34:10.609 Disk 0 MBR read successfully 08:34:10.609 Disk 0 MBR scan 08:34:10.640 Disk 0 Windows XP default MBR code 08:34:10.640 Disk 0 scanning sectors +234436545 08:34:10.703 Disk 0 scanning C:\WINDOWS\system32\drivers 08:34:24.171 Service scanning 08:34:26.156 Modules scanning 08:34:34.828 Disk 0 trace - called modules: 08:34:34.843 ntkrnlpa.exe CLASSPNP.SYS disk.sys thpdrv.sys hal.dll iaStor.sys 08:34:34.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87346030] 08:34:34.843 3 CLASSPNP.SYS[f75dcfd7] -> nt!IofCallDriver -> \Device\THPDRV[0x87363030] 08:34:34.843 5 thpdrv.sys[f781e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x87385030] 08:34:35.578 AVAST engine scan C:\WINDOWS 08:35:02.703 AVAST engine scan C:\WINDOWS\system32 08:36:16.140 File: C:\WINDOWS\system32\nwwksp.dll **INFECTED** Win32:MalOb-EI [Cryp] 08:37:16.718 AVAST engine scan C:\WINDOWS\system32\drivers 08:37:33.296 AVAST engine scan C:\Documents and Settings\1704420 Ontario Inc 08:39:25.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\1704420 Ontario Inc\Desktop\MBR.dat" 08:39:25.921 The log file has been saved successfully to "C:\Documents and Settings\1704420 Ontario Inc\Desktop\aswMBR.txt" Avast allowed me to copy the file. I ran it on VirusTotal here is the link to the report. [url="http://www.virustotal.com/file-scan/report.html?id=2aeaf3f9c75c07dd78b2cb35ba2ed12cf6e3df98e5983e8333f944118618f7bf-1311943115"]http://www.virustotal.com/file-scan/report...f7bf-1311943115[/url]
  4. Hi Cecilia Ran Combfix again with new script. File did not create in C:\ as was expected. Again ran a Windows search and neither file shows up even though the one in C:\Windows\System32 is still there.
  5. Hi CeciliaB Ad-Adware finaly finished took 9hrs. nwwksp.dll still coming up and will not remove after re-boot. will run combofix with new script.
  6. Yes it did posted below. Running Ad-Adware now. ComboFix 11-07-28.04 - 1704420 Ontario Inc 07/28/2011 12:56:59.7.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.301 [GMT -4:00] Running from: c:\documents and settings\1704420 Ontario Inc\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\1704420 Ontario Inc\Desktop\CFScript.txt AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\iun6002.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-28 ))))))))))))))))))))))))))))))) . . 2011-07-27 02:04 . 2011-07-27 02:04 -------- d-----w- c:\program files\ESET 2011-07-25 15:01 . 2011-07-25 15:01 -------- d-----w- c:\program files\HD Tune 2011-07-25 04:06 . 2011-07-25 04:06 -------- d-----w- c:\documents and settings\1704420 Ontario Inc\Application Data\ElevatedDiagnostics 2011-07-18 17:44 . 2011-07-18 17:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-18 17:44 . 2011-07-18 17:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-05 21:56 . 2011-07-05 21:56 -------- d-----w- c:\program files\Common Files\Merge Modules 2011-07-05 20:41 . 2011-07-05 20:41 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-05 04:06 . 2011-07-05 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-07-01 04:56 . 2011-06-29 13:25 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-06-30 19:42 . 2011-06-30 19:42 -------- d-----w- c:\program files\Atlas Copco Tools AB 2011-06-29 13:27 . 2011-06-29 13:25 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-18 18:24 . 2011-06-20 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-18 17:42 . 2007-04-22 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-29 13:26 . 2009-11-10 14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-02 14:02 . 2007-04-22 19:44 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-04-22 20:15 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2007-04-22 19:43 151552 ----a-w- c:\windows\system32\schannel.dll 1998-04-28 00:15 . 2007-12-03 02:49 570128 ------w- c:\program files\Common Files\dao350.dll . . ((((((((((((((((((((((((((((( [email protected]_00.58.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-28 17:11 . 2011-07-28 17:11 16384 c:\windows\Temp\Perflib_Perfdata_464.dat + 2011-07-28 17:11 . 2011-07-28 17:11 16384 c:\windows\Temp\Perflib_Perfdata_43c.dat + 2011-07-28 17:11 . 2011-07-28 17:11 16384 c:\windows\Temp\Perflib_Perfdata_428.dat + 2011-07-28 17:11 . 2011-07-28 17:11 16384 c:\windows\Temp\Perflib_Perfdata_290.dat - 2007-04-22 20:19 . 2011-07-19 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-04-22 20:19 . 2011-07-28 16:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2011-07-16 12:29 . 2011-07-19 21:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-28 16:11 . 2011-07-28 16:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-05 19:39 . 2011-07-28 17:15 235337 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPSMain"="TPSMain.exe" [2006-07-26 315392] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-28 1191216] "TFncKy"="TFncKy.exe" [BU] "NDSTray.exe"="NDSTray.exe" [BU] "TPSODDCtl"="TPSODDCtl.exe" [2007-02-02 110592] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "CognexOpc"="c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe" [2006-07-18 90112] "TOSDCR"="TOSDCR.EXE" [2005-12-13 57344] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2008-07-15 102453] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 434176] "00THotkey"="c:\windows\system320THotkey.exe" [2006-07-05 258048] "000StTHK"="000StTHK.exe" [2001-06-23 24576] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "RTHDCPL"="RTHDCPL.EXE" [2007-03-12 16125440] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608] "TFNF5"="TFNF5.exe" [2006-04-10 622592] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880] "WinCC flexible Smart Start"="c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" [2010-04-20 118784] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . c:\documents and settings\1704420 Ontario Inc\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-1 813584] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\Miniweb.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/3/2009 9:54 PM 64288] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 4:07 PM 20992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 6:23 PM 6528] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/1/2011 12:56 AM 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/10/2009 10:12 AM 101720] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [11/30/2007 2:38 PM 5888] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [3/29/2010 9:13 AM 1594368] R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [6/25/2007 4:46 PM 266240] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 4:47 PM 28363] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/6/2009 10:26 AM 10384] R2 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [7/9/2007 10:47 AM 94208] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [5/9/2006 8:31 AM 203552] R2 MSSQL$WINCC;SQL Server (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/9/2006 8:32 AM 28938072] R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 9:29 AM 29178224] R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [5/4/2005 12:04 AM 9150464] R2 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [9/18/2007 9:35 PM 77824] R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [9/18/2007 8:21 PM 491520] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 8:02 PM 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [3/2/2010 8:37 AM 77312] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [3/2/2010 8:47 AM 1576072] R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [3/2/2010 8:38 AM 209920] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [3/1/2010 4:51 PM 31232] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [3/2/2010 8:40 AM 173568] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2/24/2009 5:39 PM 73088] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [3/2/2010 8:47 AM 240776] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/29/2011 9:27 AM 74968] R2 SSCService;SIMATIC Security Control Service;c:\program files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [7/17/2007 11:36 AM 339968] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856] R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [11/30/2007 2:38 PM 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016] R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [11/5/2007 12:31 PM 115654] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [5/14/2009 10:54 AM 26137] R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [9/17/2007 11:36 PM 217088] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [4/8/2010 11:15 AM 12112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/22/2007 4:20 PM 35968] R3 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [9/18/2007 12:57 AM 212992] R3 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [9/18/2007 12:57 AM 212992] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [11/30/2007 2:41 PM 435072] S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [10/29/2001 1:53 PM 113600] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?] S2 CCAgent;CCAgent;c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe [?] S2 CCEClient;CCEClient;c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe [?] S2 CCEServer;CCEServer;c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 RedundancyControl;RedundancyControl;c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe [?] S2 RedundancyState;RedundancyState;c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe [?] S2 SCSMonitor;SCSMonitor;c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe --> c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe [?] S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 7:13 PM 71448] S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [4/5/2000 2:22 PM 8192] S3 cgnxcdc;cgnxcdc;c:\windows\system32\drivers\cgnxcdc.sys [5/5/2010 4:42 PM 49152] S3 CogISSvc;Cognex In-Sight Port Service;c:\program files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Utilities\cogissvc.exe [7/18/2006 8:20 AM 172632] S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSightService.exe [7/18/2006 8:46 AM 24576] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [7/4/2005 4:04 PM 68280] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Textron VPN Client\Extranet_serv.exe [5/14/2009 10:54 AM 835584] S3 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [9/17/2007 11:29 PM 61440] S3 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [9/17/2007 11:29 PM 143360] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [5/14/2009 10:54 AM 155152] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 2151640] S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?] S3 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [9/17/2007 11:32 PM 270336] S3 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [9/21/2007 2:27 PM 753664] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 8:27 AM 142592] S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 2:38 PM 16447] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 10:33 AM 39067] S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [4/23/2002 7:02 PM 38999] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 1:48 PM 155440] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [12/5/2007 11:25 AM 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [12/5/2007 11:25 AM 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512] S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [3/2/2010 8:39 AM 124928] S3 S7OUSBPX;S7OUSBPX;c:\windows\system32\drivers\S7OUSBPX.sys [11/26/2008 9:34 AM 27212] S3 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [4/28/2008 11:24 PM 94208] S3 SQLAgent$WINCC;SQL Server Agent (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [4/14/2006 10:06 AM 319776] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [5/3/2005 9:42 PM 323584] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/22/2007 3:44 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-07-28 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-28 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-28 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-28 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-28 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll FF - ProfilePath - c:\documents and settings\1704420 Ontario Inc\Application Data\Mozilla\Firefox\Profiles\[email protected]\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-07-28 13:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3879435519-312499763-1611728940-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1808) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(5736) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\TOSHIBA\TME3\TMEEJMD.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\msdtc.exe c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe c:\program files\Executive Software\DiskeeperWorkstation\DKService.exe c:\program files\Rockwell Software\RSLINX\dnwhodisp.exe c:\program files\COMMON FILES\SIEMENS\ALMPANELPLUGIN\ALMPANELPLUGIN.EXE c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe c:\program files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe c:\program files\Rockwell Software\RSView Enterprise\TagSrv.exe c:\progra~1\ROCKWE~2\RSLinx\RSLINX.EXE c:\program files\Common Files\Rockwell\RsvcHost.exe c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\windows\system32\ThpSrv.exe c:\windows\system32\TODDSrv.exe c:\windows\system32\mqsvc.exe c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe c:\program files\Common Files\Rockwell\RnaDirServer.exe c:\windows\system32\TPSBattM.exe c:\program files\TOSHIBA\TOSHIBA Controls\TFncKy.exe c:\program files\TOSHIBA\ConfigFree\NDSTray.exe c:\program files\TOSHIBA\TME3\TMEEJME.EXE c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe c:\windows\RTHDCPL.EXE c:\windows\system32\TFNF5.exe c:\windows\system32\igfxsrvc.exe c:\program files\Common Files\Siemens\Sqlany\dbsrv9.exe c:\windows\system32\igfxext.exe c:\program files\Apoint2K\Apntex.exe c:\program files\Microsoft Office\Office\1033\msoffice.exe c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE . ************************************************************************** . Completion time: 2011-07-28 13:22:10 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-28 17:22 ComboFix2.txt 2011-07-28 13:23 ComboFix3.txt 2011-07-26 02:21 ComboFix4.txt 2011-07-16 12:22 . Pre-Run: 23,433,617,408 bytes free Post-Run: 23,407,386,624 bytes free . Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - A11001318423EB676A90D62485B0C7CE
  7. Hi CeciliaB Thought everything including Internet Explorer was not running when I ran Gmer, do you want me to run again. Ran the code you asked with Combofix but the file nwwksp.dll.bad did not create in the C folder. Ran a search for it on all of C drive and it as well as the one located at C\Windows\System32 did not appear in the search. psc23351
  8. Hi CeciliaB No there is no iexplore.exe in the Task Manager with Internet Explorer not running. Here is the log from the SystemLook. SystemLook 04.09.10 by jpshortstuff Log created at 14:26 on 27/07/2011 by 1704420 Ontario Inc Administrator - Elevation successful ========== filefind ========== Searching for "UACrqpxdoet.sys" No files found. Searching for "UACjlkrxkni.dll" No files found. ========== file ========== C:\Windows\System32\nwwksp.dll - Unable to find/read file. -= EOF =- Here is the new log for TDSSKiller.log 2011/07/27 14:47:07.0625 2724 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/27 14:47:09.0625 2724 ================================================================================ 2011/07/27 14:47:09.0625 2724 SystemInfo: 2011/07/27 14:47:09.0625 2724 2011/07/27 14:47:09.0625 2724 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/27 14:47:09.0625 2724 Product type: Workstation 2011/07/27 14:47:09.0625 2724 ComputerName: 1704420_1 2011/07/27 14:47:09.0625 2724 UserName: 1704420 Ontario Inc 2011/07/27 14:47:09.0625 2724 Windows directory: C:\WINDOWS 2011/07/27 14:47:09.0625 2724 System windows directory: C:\WINDOWS 2011/07/27 14:47:09.0625 2724 Processor architecture: Intel x86 2011/07/27 14:47:09.0625 2724 Number of processors: 2 2011/07/27 14:47:09.0625 2724 Page size: 0x1000 2011/07/27 14:47:09.0625 2724 Boot type: Normal boot 2011/07/27 14:47:09.0625 2724 ================================================================================ 2011/07/27 14:47:10.0265 2724 Initialize success 2011/07/27 14:47:17.0015 4396 ================================================================================ 2011/07/27 14:47:17.0015 4396 Scan started 2011/07/27 14:47:17.0015 4396 Mode: Manual; 2011/07/27 14:47:17.0015 4396 ================================================================================ 2011/07/27 14:47:20.0015 4396 ABKTCX (f25a62362ae736a5ac670f17ba28642c) C:\WINDOWS\System32\Drivers\ABKTCX.sys 2011/07/27 14:47:20.0078 4396 abpicw2k (654ae24d0719f922754ccbf4481b7661) C:\WINDOWS\system32\DRIVERS\abpicw2k.sys 2011/07/27 14:47:20.0140 4396 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/27 14:47:20.0281 4396 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/27 14:47:20.0406 4396 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/27 14:47:20.0484 4396 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/07/27 14:47:20.0531 4396 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/27 14:47:20.0687 4396 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/07/27 14:47:20.0937 4396 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/07/27 14:47:21.0078 4396 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/07/27 14:47:21.0187 4396 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/07/27 14:47:21.0218 4396 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/27 14:47:21.0328 4396 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/27 14:47:21.0375 4396 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/27 14:47:21.0531 4396 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/27 14:47:21.0578 4396 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/27 14:47:21.0593 4396 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/27 14:47:21.0640 4396 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/07/27 14:47:21.0640 4396 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/07/27 14:47:21.0703 4396 c5511w2k (544b08b12cb67a7be43d231200cf3e62) C:\WINDOWS\system32\DRIVERS\c5511w2k.sys 2011/07/27 14:47:21.0953 4396 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/27 14:47:22.0015 4396 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/27 14:47:22.0078 4396 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/27 14:47:22.0109 4396 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/27 14:47:22.0187 4396 cgnxcdc (ef2c28136fa438fffa4eae7c5cbf1557) C:\WINDOWS\system32\DRIVERS\cgnxcdc.sys 2011/07/27 14:47:22.0390 4396 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/07/27 14:47:22.0437 4396 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/07/27 14:47:22.0531 4396 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/27 14:47:22.0609 4396 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/27 14:47:22.0796 4396 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/27 14:47:22.0828 4396 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/27 14:47:22.0875 4396 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/27 14:47:22.0937 4396 dpmconv (abb186a0b070fa91b379f9fc3a198b8b) C:\WINDOWS\System32\Drivers\dpmconv.sys 2011/07/27 14:47:23.0109 4396 dpmcslv (0bd72e62c3974c4f5e4372dba971901b) C:\WINDOWS\system32\drivers\dpmcslv.sys 2011/07/27 14:47:23.0156 4396 Dpmtrcdd (cddebaba436c8564ab4224ccea58a620) C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys 2011/07/27 14:47:23.0234 4396 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/27 14:47:23.0296 4396 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/07/27 14:47:23.0453 4396 Eacfilt (3271c60b98bff0a9d4bf9bf66f90d2eb) C:\WINDOWS\system32\DRIVERS\eacfilt.sys 2011/07/27 14:47:23.0515 4396 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/27 14:47:23.0546 4396 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/07/27 14:47:23.0609 4396 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/27 14:47:23.0625 4396 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/07/27 14:47:23.0781 4396 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/27 14:47:23.0843 4396 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/27 14:47:23.0906 4396 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys 2011/07/27 14:47:23.0937 4396 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/27 14:47:23.0968 4396 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys 2011/07/27 14:47:24.0031 4396 fwkbdrtm (7e4d38e22513b0af200fa6f94c77a2a6) C:\WINDOWS\system32\drivers\fwkbdrtm.sys 2011/07/27 14:47:24.0187 4396 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/27 14:47:24.0265 4396 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2011/07/27 14:47:24.0468 4396 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 2011/07/27 14:47:24.0515 4396 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/27 14:47:24.0578 4396 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/27 14:47:24.0640 4396 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/27 14:47:24.0828 4396 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/27 14:47:25.0218 4396 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/07/27 14:47:25.0765 4396 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys 2011/07/27 14:47:25.0796 4396 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2011/07/27 14:47:25.0859 4396 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/27 14:47:26.0281 4396 IntcAzAudAddService (474d59c18652c8ef0151a9efae9ee619) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/27 14:47:27.0015 4396 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/27 14:47:27.0093 4396 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/27 14:47:27.0187 4396 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/27 14:47:27.0281 4396 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/27 14:47:27.0328 4396 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/27 14:47:27.0375 4396 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/27 14:47:27.0437 4396 IPSECEXT (a45ed7b412ff678c61f83a6723bcec17) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys 2011/07/27 14:47:27.0453 4396 IPSECSHM (a45ed7b412ff678c61f83a6723bcec17) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys 2011/07/27 14:47:27.0531 4396 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/27 14:47:27.0656 4396 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/27 14:47:27.0687 4396 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/27 14:47:27.0734 4396 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/27 14:47:27.0781 4396 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/27 14:47:27.0906 4396 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 2011/07/27 14:47:28.0343 4396 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/07/27 14:47:28.0406 4396 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2011/07/27 14:47:28.0562 4396 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/07/27 14:47:28.0656 4396 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/07/27 14:47:28.0937 4396 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/27 14:47:29.0062 4396 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/27 14:47:29.0171 4396 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/27 14:47:29.0250 4396 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/27 14:47:29.0562 4396 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/27 14:47:29.0687 4396 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2011/07/27 14:47:29.0968 4396 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/27 14:47:30.0031 4396 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/27 14:47:30.0093 4396 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/27 14:47:30.0171 4396 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/27 14:47:30.0296 4396 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/27 14:47:30.0343 4396 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/27 14:47:30.0390 4396 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/27 14:47:30.0453 4396 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/27 14:47:30.0515 4396 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/27 14:47:30.0640 4396 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/27 14:47:30.0687 4396 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/27 14:47:30.0718 4396 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/27 14:47:30.0765 4396 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/27 14:47:30.0828 4396 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/27 14:47:30.0953 4396 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/27 14:47:31.0046 4396 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/07/27 14:47:31.0265 4396 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/07/27 14:47:31.0515 4396 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/27 14:47:31.0562 4396 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/27 14:47:31.0609 4396 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/27 14:47:31.0796 4396 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/27 14:47:31.0828 4396 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/27 14:47:31.0843 4396 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/27 14:47:31.0890 4396 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/27 14:47:31.0984 4396 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/07/27 14:47:32.0031 4396 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/27 14:47:32.0218 4396 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/27 14:47:32.0265 4396 PCI (9c8f3cc31f7e2a3373af70d0da6cb58a) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/27 14:47:32.0328 4396 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/27 14:47:32.0359 4396 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/07/27 14:47:32.0531 4396 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/27 14:47:32.0546 4396 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/27 14:47:32.0578 4396 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/27 14:47:32.0734 4396 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/27 14:47:32.0875 4396 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/27 14:47:32.0906 4396 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/27 14:47:32.0984 4396 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/27 14:47:33.0000 4396 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/27 14:47:33.0046 4396 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/27 14:47:33.0078 4396 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/27 14:47:33.0234 4396 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/27 14:47:33.0281 4396 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/27 14:47:33.0296 4396 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/27 14:47:33.0375 4396 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2011/07/27 14:47:33.0453 4396 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS 2011/07/27 14:47:33.0500 4396 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS 2011/07/27 14:47:33.0656 4396 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS 2011/07/27 14:47:33.0687 4396 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS 2011/07/27 14:47:33.0734 4396 RS_SS_NT (e4fab1cdfaed6ef7542606aa055b104a) C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS 2011/07/27 14:47:33.0781 4396 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/07/27 14:47:33.0828 4396 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/07/27 14:47:33.0984 4396 S5AS511 (0dc8be05f9d9b0bf6e5a0c40bfdcd38f) C:\WINDOWS\system32\drivers\S5AS511.sys 2011/07/27 14:47:34.0093 4396 S5MCD (4044af405d5de24321b58d7f6af408a0) C:\WINDOWS\system32\drivers\S5MCD.sys 2011/07/27 14:47:34.0171 4396 s7odpx2x (fea94d6320c1c813ab79b74db83f468f) C:\WINDOWS\System32\Drivers\S7odpx2x.sys 2011/07/27 14:47:34.0234 4396 s7oefs_x (f4e4348f0ecc78a61a190e447eb2467d) C:\WINDOWS\System32\drivers\s7oefs_x.sys 2011/07/27 14:47:34.0265 4396 s7opcmcx (3e89156b70c39a8fe0b1962440f83c15) C:\WINDOWS\System32\Drivers\s7opcmcx.sys 2011/07/27 14:47:34.0437 4396 S7opcsrtx (a8114fc3bb7de5feeae32e854574ef57) C:\WINDOWS\system32\DRIVERS\s7opcsrtx.sys 2011/07/27 14:47:34.0484 4396 S7oppilx (dc00bcd3176780b488cd74a17af0eae9) C:\WINDOWS\system32\Drivers\S7oppilx.sys 2011/07/27 14:47:34.0593 4396 s7oppinx (95aebab91051fb2d071375700571f339) C:\WINDOWS\System32\Drivers\s7oppinx.sys 2011/07/27 14:47:34.0625 4396 s7osmcax (588feeaafbda18c00a8f697f19c2bde7) C:\WINDOWS\System32\Drivers\s7osmcax.sys 2011/07/27 14:47:34.0671 4396 s7otranx (d60b08e3251cd16c60dc03e36764a081) C:\WINDOWS\System32\Drivers\s7otranx.sys 2011/07/27 14:47:34.0828 4396 S7OUSBPX (3c0b3f2ee858520ebb1627a4cfc6765f) C:\WINDOWS\system32\drivers\S7OUSBPX.sys 2011/07/27 14:47:34.0890 4396 s7snsrtx (1b2666464be6719e1122c53eba487dd6) C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys 2011/07/27 14:47:35.0000 4396 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys 2011/07/27 14:47:35.0031 4396 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys 2011/07/27 14:47:35.0078 4396 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/07/27 14:47:35.0125 4396 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/07/27 14:47:35.0281 4396 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/27 14:47:35.0343 4396 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 2011/07/27 14:47:35.0390 4396 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/27 14:47:35.0406 4396 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/27 14:47:35.0453 4396 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/07/27 14:47:35.0671 4396 SNTIE (d953a20a0ad1052e44e5dfce6d352bba) C:\WINDOWS\system32\DRIVERS\sntie.sys 2011/07/27 14:47:35.0859 4396 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/27 14:47:35.0906 4396 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/27 14:47:36.0015 4396 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/27 14:47:36.0187 4396 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/07/27 14:47:36.0250 4396 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/27 14:47:36.0296 4396 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/27 14:47:36.0406 4396 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/27 14:47:36.0468 4396 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\Drivers\Tbiosdrv.sys 2011/07/27 14:47:36.0625 4396 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/27 14:47:36.0671 4396 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys 2011/07/27 14:47:36.0718 4396 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 2011/07/27 14:47:36.0750 4396 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/27 14:47:36.0906 4396 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/27 14:47:36.0937 4396 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys 2011/07/27 14:47:37.0062 4396 TEchoCan (65855534483d0c1330703100b31cac00) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys 2011/07/27 14:47:37.0250 4396 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/27 14:47:37.0312 4396 Thpdrv (557cfdb7869499d357da1877ed93043f) C:\WINDOWS\system32\DRIVERS\thpdrv.sys 2011/07/27 14:47:37.0375 4396 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS 2011/07/27 14:47:37.0406 4396 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys 2011/07/27 14:47:37.0578 4396 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS 2011/07/27 14:47:37.0671 4396 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/07/27 14:47:37.0703 4396 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys 2011/07/27 14:47:37.0734 4396 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS 2011/07/27 14:47:37.0781 4396 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/27 14:47:37.0843 4396 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/27 14:47:38.0015 4396 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/27 14:47:38.0093 4396 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/27 14:47:38.0156 4396 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/27 14:47:38.0203 4396 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/27 14:47:38.0250 4396 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/27 14:47:38.0281 4396 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/27 14:47:38.0437 4396 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/27 14:47:38.0484 4396 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/07/27 14:47:38.0531 4396 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/27 14:47:38.0593 4396 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/27 14:47:38.0640 4396 vsnl2ada (7ed275a019948cf77b91313addd1f459) C:\WINDOWS\System32\Drivers\vsnl2ada.sys 2011/07/27 14:47:38.0796 4396 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/27 14:47:38.0859 4396 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/07/27 14:47:39.0031 4396 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/27 14:47:39.0156 4396 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/07/27 14:47:39.0234 4396 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/27 14:47:39.0265 4396 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/27 14:47:39.0312 4396 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0 2011/07/27 14:47:39.0484 4396 Boot (0x1200) (e4764e29a897927d88e63851e22d3f41) \Device\Harddisk0\DR0\Partition0 2011/07/27 14:47:39.0484 4396 ================================================================================ 2011/07/27 14:47:39.0484 4396 Scan finished 2011/07/27 14:47:39.0484 4396 ================================================================================ 2011/07/27 14:47:39.0500 4364 Detected object count: 0 2011/07/27 14:47:39.0500 4364 Actual detected object count: 0 psc23351
  9. Hi CeciliaB Here is the Gmer.log GMER 1.0.15.15641 - [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-07-27 09:58:29 Windows 5.1.2600 Service Pack 3 Running: 111htut7.exe; Driver: C:\DOCUME~1\170442~1\LOCALS~1\Temp\uwlorpob.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwCreateKey [0x9BA994D0] SSDT \SystemRoot\system32\drivers\sbaphd.sys (Sunbelt ActiveProtection hook driver/Sunbelt Software) ZwSetValueKey [0x9BA99520] INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) 9B51C16D INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) 9B51BFC2 ---- Kernel code sections - GMER 1.0.15 ---- .text C:\WINDOWS\system32\drivers\hardlock.sys section is writeable [0x9AD57400, 0x87EE2, 0xE8000020] .protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9ADFB620] C:\WINDOWS\system32\drivers\hardlock.sys entry point in ".protectÿÿÿÿhardlockentry point in ".protectÿÿÿÿhardlockentry point in ".p" section [0x9ADFB620] .protectÿÿÿÿhardlockunknown last code section [0x9ADFB400, 0x5126, 0xE0000020] C:\WINDOWS\system32\drivers\hardlock.sys unknown last code section [0x9ADFB400, 0x5126, 0xE0000020] ? C:\DOCUME~1\170442~1\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2116] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 3E2154C5 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 3E2E9A91 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 3E2DD0CD C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 3E2EDB04 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 3E25466E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 3E3E5329 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 3E3E525B C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 3E3E52C6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 3E3E512C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 3E3E518E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 3E3E538C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 3E3E51F0 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 3E2EDB60 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4552] ole32.dll!OleLoadFromStream 7752981B 5 Bytes JMP 3E3E5691 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 fwkbdrtm.SYS (WinCC flexible RT Module: FwKbdRTm/Siemens AG) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] \systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet001\Services\[email protected] file system Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACjlkrxkni.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtrpbpbes.dat Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnshfntmx.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACehtkorwq.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACodpqqsik.dll Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmchmtbue.log Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACbxpayvwu.log Reg HKLM\SYSTEM\ControlSet001\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACfxurrwqs.log Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] \systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet002\Services\[email protected] file system Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACjlkrxkni.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtrpbpbes.dat Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnshfntmx.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACehtkorwq.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACodpqqsik.dll Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmchmtbue.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACbxpayvwu.log Reg HKLM\SYSTEM\ControlSet002\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACfxurrwqs.log Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] \systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet003\Services\[email protected] file system Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACjlkrxkni.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtrpbpbes.dat Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnshfntmx.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACehtkorwq.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACodpqqsik.dll Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmchmtbue.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACbxpayvwu.log Reg HKLM\SYSTEM\ControlSet003\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACfxurrwqs.log Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] 1 Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] \systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet004\Services\[email protected] file system Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\modules (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\drivers\UACrqpxdoet.sys Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACjlkrxkni.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACtrpbpbes.dat Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACnshfntmx.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACehtkorwq.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACodpqqsik.dll Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACmchmtbue.log Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACbxpayvwu.log Reg HKLM\SYSTEM\ControlSet004\Services\UACd.sys\[email protected] \\?\globalroot\systemroot\system32\UACfxurrwqs.log ---- EOF - GMER 1.0.15 ----
  10. Hi CeciliaB Here is the Eset log. The scanner said there was not viruses. [email protected] as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=aeca907ec66a8440a31eb59338a8809c # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2011-07-27 06:18:12 # local_time=2011-07-27 02:18:12 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 75183832 75183832 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=453948 # found=0 # cleaned=0 # scan_time=14378 DDS.log . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26 Run by 1704420 Ontario Inc at 8:42:01 on 2011-07-27 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.303 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe C:\Program Files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe C:\Program Files\Common Files\Rockwell\NmspHost.exe C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Rockwell\RdcyHost.exe C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe C:\PROGRA~1\ROCKWE~2\RSLinx\RSLINX.EXE C:\Program Files\Common Files\Rockwell\RsvcHost.exe C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ThpSrv.exe C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe C:\WINDOWS\system32\TODDSrv.exe C:\WINDOWS\system32\mqsvc.exe C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe svchost.exe C:\Program Files\Common Files\Rockwell\EventServer.exe C:\Program Files\Common Files\Rockwell\RnaDirServer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\WINDOWS\Explorer.EXE C:\Program Files\TOSHIBA\TME3\TMERzCtl.EXE C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe C:\WINDOWS\system32\TPSBattM.exe C:\Program Files\TOSHIBA\TAudEffect\TAudEff.exe C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe C:\Program Files\TOSHIBA\TME3\TMEEJME.EXE C:\Program Files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE C:\Program Files\TOSHIBA\TouchED\TouchED.exe C:\Program Files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe C:\WINDOWS\system320THotkey.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Siemens\S7ubtoox\S7ubtoox.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxtray.exe C:\Program Files\Apoint2K\Apoint.exe C:\WINDOWS\system32\TFNF5.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\ltmoh\Ltmoh.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxext.exe C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Siemens\Sqlany\dbsrv9.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\Microsoft Office\Office\1033\msoffice.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TPSMain] TPSMain.exe mRun: [TMERzCtl.EXE] c:\program files\toshiba\tme3\TMERzCtl.EXE /Service mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [TFncKy] TFncKy.exe mRun: [NDSTray.exe] NDSTray.exe mRun: [TPSODDCtl] TPSODDCtl.exe mRun: [TMESRV.EXE] c:\program files\toshiba\tme3\TMESRV31.EXE /Logon mRun: [TAudEffect] c:\program files\toshiba\taudeffect\TAudEff.exe /run mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe mRun: [CognexOpc] c:\program files\cognex\in-sight\in-sight opc server 3.3.0\OpcInSight.exe -I mRun: [TOSDCR] TOSDCR.EXE mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE mRun: [TouchED] c:\program files\toshiba\touched\TouchED.exe mRun: [S7UB Start] "c:\program files\common files\siemens\s7ubtoox\s7ubtstx.exe" -StartDB mRun: [TosHKCW.exe] "c:\program files\toshiba\wireless hotkey\TosHKCW.exe" mRun: [SsAAD.exe] c:\progra~1\sony\sonics~1\SsAAD.exe mRun: [UsbCipHelper] c:\program files\rockwell automation\rockwell automation usb cip driver package\usbciphelper\UsbCipHelper.exe mRun: [00THotkey] c:\windows\system320THotkey.exe mRun: [000StTHK] 000StTHK.exe mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [RTHDCPL] RTHDCPL.EXE mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [TFNF5] TFNF5.exe mRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup mRun: [WinCC flexible Smart Start] "c:\program files\siemens\simatic wincc flexible\wincc flexible 2008\HmiSmartStart.exe" /startup mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" StartupFolder: c:\docume~1\170442~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\servic~1.lnk - c:\program files\microsoft sql server\80\tools\binn\sqlmangr.exe uPolicies-explorer: DisablePersonalDirChange = 1 IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{8E112997-EA3C-4EE4-8704-6BFE07518B62} : DhcpNameServer = 192.168.0.1 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\quicktax 2007\ic2007pp.dll Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll Handler: intu-qt2009 - {03947252-2355-4e9b-B446-8CCC75C43370} - c:\program files\quicktax 2009\ic2009pp.dll Handler: intu-res - {9CE7D474-16F9-4889-9BB9-53E2008EAE8A} - c:\program files\common files\intuit\intu-res.dll Notify: igfxcui - igfxdev.dll Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\1704420 ontario inc\application data\mozilla\firefox\profiles\[email protected]\ FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-3 64288] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [2007-3-22 20992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [2007-3-9 6528] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [2011-7-1 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2009-11-10 101720] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [2007-11-30 5888] R2 almservice;Automation License Manager Service;c:\program files\common files\siemens\sws\almsrv\almsrvx.exe [2010-3-29 1594368] R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [2007-6-25 266240] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [2007-6-25 28363] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-1-6 10384] R2 LogReceiver;LogReceiver;c:\program files\rockwell software\rslinx enterprise\LogReceiver.exe [2007-7-9 94208] R2 MsDtsServer;SQL Server Integration Services;c:\program files\microsoft sql server\90\dts\binn\MsDtsSrvr.exe [2006-5-9 203552] R2 MSSQL$WINCC;SQL Server (WINCC);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2006-5-9 28938072] R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2007-2-10 29178224] R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\microsoft sql server\mssql$winccflexible\binn\sqlservr.exe [2005-5-4 9150464] R2 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\rockwell software\rsview enterprise\RsAlarmLogServ.exe [2007-9-18 77824] R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\rockwell software\rsview enterprise\ServerFramework.exe [2007-9-18 491520] R2 s7asysvx;S7 Global Services;c:\program files\siemens\step7\s7bin\s7asysvx.exe [2008-7-14 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [2010-3-2 77312] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\common files\siemens\s7iepg\s7oiehsx.exe [2010-3-2 1576072] R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [2010-3-2 209920] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [2010-3-1 31232] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [2010-3-2 173568] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2009-2-24 73088] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\common files\siemens\automation\traceengine\bin\S7TraceServiceX.exe [2010-3-2 240776] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-6-29 74968] R2 SSCService;SIMATIC Security Control Service;c:\program files\common files\siemens\simaticsecuritycontrol\ssc_service_x.exe [2007-7-17 339968] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856] R2 Tmesrv;Tmesrv3;c:\program files\toshiba\tme3\TMESRV31.exe [2007-11-30 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016] R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [2007-11-5 115654] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [2009-5-14 26137] R3 EventServer;Rockwell Event Server;c:\program files\common files\rockwell\EventServer.exe [2007-9-17 217088] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [2010-4-8 12112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-4-22 35968] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-24 15232] R3 NmspHost;Rockwell Namespace Services;c:\program files\common files\rockwell\NmspHost.exe [2007-9-18 212992] R3 RdcyHost;Rockwell Redundancy Services;c:\program files\common files\rockwell\RdcyHost.exe [2007-9-18 212992] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [2007-11-30 435072] S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [2001-10-29 113600] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\virtualbackplane.sys --> c:\windows\system32\drivers\VirtualBackplane.sys [?] S2 CCAgent;CCAgent;c:\program files\common files\siemens\ace\bin\ccagent.exe --> c:\program files\common files\siemens\ace\bin\CCAgent.exe [?] S2 CCEClient;CCEClient;c:\program files\common files\siemens\ace\bin\cceclient.exe --> c:\program files\common files\siemens\ace\bin\CCEClient.exe [?] S2 CCEServer;CCEServer;c:\program files\common files\siemens\ace\bin\cceserver.exe --> c:\program files\common files\siemens\ace\bin\CCEServer.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 2151640] S2 RedundancyControl;RedundancyControl;c:\program files\common files\siemens\ace\bin\redundancycontrol.exe --> c:\program files\common files\siemens\ace\bin\RedundancyControl.exe [?] S2 RedundancyState;RedundancyState;c:\program files\common files\siemens\ace\bin\redundancystate.exe --> c:\program files\common files\siemens\ace\bin\RedundancyState.exe [?] S2 SCSMonitor;SCSMonitor;c:\program files\common files\siemens\ace\bin\scsmx.exe --> c:\program files\common files\siemens\ace\bin\SCSMX.exe [?] S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [2000-5-31 71448] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;\??\c:\windows\system32\drivers\nsdriver.sys --> c:\windows\system32\drivers\NSDriver.sys [?] S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;\??\c:\windows\system32\drivers\awrtpd.sys --> c:\windows\system32\drivers\AWRTPD.sys [?] S3 Ad-Watch Registry Filter;Ad-Watch Registry Kernel Filter;\??\c:\windows\system32\drivers\awrtrd.sys --> c:\windows\system32\drivers\AWRTRD.sys [?] S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [2000-4-5 8192] S3 cgnxcdc;cgnxcdc;c:\windows\system32\drivers\cgnxcdc.sys [2010-5-5 49152] S3 CogISSvc;Cognex In-Sight Port Service;c:\program files\cognex\in-sight\in-sight explorer 3.3.0\utilities\cogissvc.exe [2006-7-18 172632] S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\cognex\in-sight\in-sight opc server 3.3.0\OpcInSightService.exe [2006-7-18 24576] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [2005-7-4 68280] S3 ExtranetAccess;Contivity VPN Service;c:\program files\textron vpn client\Extranet_serv.exe [2009-5-14 835584] S3 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\common files\rockwell\FTAEArchiver.exe [2007-9-17 61440] S3 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\common files\rockwell\FTAE_HistServ.exe [2007-9-17 143360] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [2009-5-14 155152] S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\drivers\pcidnt.sys --> c:\windows\system32\drivers\pcidnt.sys [?] S3 RnaAeServer;Rockwell Alarm Server;c:\program files\common files\rockwell\RnaAeServer.exe [2007-9-17 270336] S3 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\common files\rockwell\RnaAlarmMux.exe [2007-9-21 753664] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [1999-11-10 142592] S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [2002-11-13 16447] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2006-1-18 39067] S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [2002-4-23 38999] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [1999-5-11 155440] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [2007-12-5 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [2007-12-5 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [2002-10-18 30512] S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [2010-3-2 124928] S3 S7OUSBPX;S7OUSBPX;c:\windows\system32\drivers\S7OUSBPX.sys [2008-11-26 27212] S3 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [2008-4-28 94208] S3 SQLAgent$WINCC;SQL Server Agent (WINCC);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2006-4-14 319776] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\microsoft sql server\mssql$winccflexible\binn\sqlagent.EXE [2005-5-3 323584] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2007-4-22 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?] . =============== Created Last 30 ================ . 2011-07-27 02:04:30 -------- d-----w- c:\program files\ESET 2011-07-25 15:01:01 -------- d-----w- c:\program files\HD Tune 2011-07-25 04:06:36 -------- d-----w- c:\documents and settings\1704420 ontario inc\application data\ElevatedDiagnostics 2011-07-20 00:03:24 -------- d-sha-r- C:\cmdcons 2011-07-18 17:44:52 476904 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll 2011-07-18 17:44:51 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-15 23:07:52 208896 ----a-w- c:\windows\MBR.exe 2011-07-15 23:07:50 256000 ----a-w- c:\windows\PEV.exe 2011-07-05 21:56:11 -------- d-----w- c:\program files\common files\Merge Modules 2011-07-05 20:41:32 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-07-05 20:41:32 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-01 04:56:06 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-06-30 19:42:34 -------- d-----w- c:\program files\Atlas Copco Tools AB 2011-06-29 13:27:21 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys . ==================== Find3M ==================== . 2011-07-18 18:24:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-18 17:42:59 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-29 13:26:27 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-07 18:33:44 10532 --sh--r- C:\EVRSI.SYS 2011-05-02 15:31:52 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-29 02:47:42 16432 ----a-w- c:\windows\system32\lsdelete.exe 1998-04-28 00:15:06 570128 ------w- c:\program files\common files\dao350.dll . ============= FINISH: 8:49:06.62 ===============
  11. Hi CeciliaB Could not copy file says access is denied. Running ESET online scan currently but will take awhile have 500,000 files only at 75,000 in one hour. will post results when done. Thanks psc23351
  12. Hi CeciliaB Struggling with this Virus Total analysis. After selecting send file a popup screen telling you not to navigate away until analysis is completed. But this screen pops up and disappears so fast had to redue this 6 times to be able to read it. The screen returns immediately to the send file and remains there doing nothing, waited for over 30min each time tried. Just out of curiousity tried to analyze another Windows\System32 file and it returned file already analized, comment page and link to the report. Found a file that would be propriatory to my machine and sent it, the screen went to an analizer screen analized the file and gave me a URL for the report as you said it should. What do you think. Am I still doing something wrong or is this file crashing there analizer.
  13. Hi CeciliaB I uploaded the file but do not see were to get the scan results to post the link. Do I need to download and install the Virus Loader Upload Utility to get the scan results in my browser. Can you point me in the right direction to find the scan results link to post. Thanks psc23351
  14. Downloaded and ran the new copy of ComboFix. I still see the nwwksp.dll file in C:\Windows\System32 but I think the Date Modified has changed. I'am not sure but earlier today it was 07/21/2011 now it is 02/17/2011. Attached is the new Log file. ComboFix 11-07-25.03 - 1704420 Ontario Inc 07/25/2011 21:51:37.5.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1015.278 [GMT -4:00] Running from: c:\documents and settings\1704420 Ontario Inc\Desktop\ComboFix.exe AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} . . ((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 ))))))))))))))))))))))))))))))) . . 2011-07-25 15:01 . 2011-07-25 15:01 -------- d-----w- c:\program files\HD Tune 2011-07-25 04:06 . 2011-07-25 04:06 -------- d-----w- c:\documents and settings\1704420 Ontario Inc\Application Data\ElevatedDiagnostics 2011-07-18 17:44 . 2011-07-18 17:43 476904 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll 2011-07-18 17:44 . 2011-07-18 17:42 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-07-05 21:56 . 2011-07-05 21:56 -------- d-----w- c:\program files\Common Files\Merge Modules 2011-07-05 20:41 . 2011-07-05 20:41 -------- d-----w- c:\windows\system32\wbem\Repository 2011-07-05 04:06 . 2011-07-05 04:06 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee 2011-07-01 04:56 . 2011-06-29 13:25 21592 ----a-w- c:\windows\system32\drivers\sbaphd.sys 2011-06-30 19:42 . 2011-06-30 19:42 -------- d-----w- c:\program files\Atlas Copco Tools AB 2011-06-29 13:27 . 2011-06-29 13:25 74968 ----a-w- c:\windows\system32\drivers\sbapifs.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-07-18 18:24 . 2011-06-20 01:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-18 17:42 . 2007-04-22 21:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-06-29 13:26 . 2009-11-10 14:12 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-06-02 14:02 . 2007-04-22 19:44 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-05-02 15:31 . 2007-04-22 20:15 692736 ------w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2007-04-22 19:43 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2007-04-22 19:43 456320 ------w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-29 02:47 . 2009-03-04 03:13 16432 ----a-w- c:\windows\system32\lsdelete.exe 1998-04-28 00:15 . 2007-12-03 02:49 570128 ------w- c:\program files\Common Files\dao350.dll . . ((((((((((((((((((((((((((((( [email protected]_00.58.13 ))))))))))))))))))))))))))))))))))))))))) . + 2011-07-26 01:23 . 2011-07-26 01:23 16384 c:\windows\Temp\Perflib_Perfdata_3d0.dat + 2011-07-26 01:23 . 2011-07-26 01:23 16384 c:\windows\Temp\Perflib_Perfdata_370.dat + 2011-07-26 01:23 . 2011-07-26 01:23 16384 c:\windows\Temp\Perflib_Perfdata_35c.dat + 2011-07-26 01:23 . 2011-07-26 01:23 16384 c:\windows\Temp\Perflib_Perfdata_254.dat - 2007-04-22 20:19 . 2011-07-19 21:56 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2007-04-22 20:19 . 2011-07-26 01:25 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2011-07-16 12:29 . 2011-07-19 21:56 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-20 01:20 . 2011-07-26 01:25 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2011-07-05 19:39 . 2011-07-26 01:27 235335 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TPSMain"="TPSMain.exe" [2006-07-26 315392] "TMERzCtl.EXE"="c:\program files\TOSHIBA\TME3\TMERzCtl.EXE" [2006-04-26 90112] "Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2011-06-28 1191216] "TFncKy"="TFncKy.exe" [BU] "NDSTray.exe"="NDSTray.exe" [BU] "TPSODDCtl"="TPSODDCtl.exe" [2007-02-02 110592] "TMESRV.EXE"="c:\program files\TOSHIBA\TME3\TMESRV31.EXE" [2005-12-14 126976] "TAudEffect"="c:\program files\TOSHIBA\TAudEffect\TAudEff.exe" [2006-08-10 344144] "SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744] "CognexOpc"="c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSight.exe" [2006-07-18 90112] "TOSDCR"="TOSDCR.EXE" [2005-12-13 57344] "IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200] "DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296] "IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-20 124512] "TouchED"="c:\program files\TOSHIBA\TouchED\TouchED.exe" [2005-06-29 126976] "S7UB Start"="c:\program files\Common Files\Siemens\S7ubtoox\s7ubtstx.exe" [2008-07-15 102453] "TosHKCW.exe"="c:\program files\TOSHIBA\Wireless Hotkey\TosHKCW.exe" [2005-05-17 49152] "SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920] "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2006-09-28 434176] "00THotkey"="c:\windows\system320THotkey.exe" [2006-07-05 258048] "000StTHK"="000StTHK.exe" [2001-06-23 24576] "IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752] "RTHDCPL"="RTHDCPL.EXE" [2007-03-12 16125440] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-09 162584] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-09 138008] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2004-03-23 196608] "TFNF5"="TFNF5.exe" [2006-04-10 622592] "LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552] "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-09 138008] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] "Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-11-18 623880] "WinCC flexible Smart Start"="c:\program files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe" [2010-04-20 118784] "Synchronization Manager"="c:\windows\system32\mobsync.exe" [2008-04-14 143360] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-05-27 40368] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696] . c:\documents and settings\Administrator\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . c:\documents and settings\1704420 Ontario Inc\Start Menu\Programs\Startup\ OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-4-1 813584] Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-18 65588] Service Manager.lnk - c:\program files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2005-5-3 81920] . c:\documents and settings\Default User\Start Menu\Programs\Startup\ IEHOME.LNK - c:\documents and settings\Default User\Local Settings\Temp\iehome.bat [2007-11-30 298] . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "DisablePersonalDirChange"= 1 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] 2009-07-20 16:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup] @="" . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Common Files\\Siemens\\SQLANY\\dbsrv9.exe"= "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\Miniweb.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\SmartServer.exe"= "c:\\Program Files\\Siemens\\SIMATIC WinCC flexible\\WinCC flexible 2008 Runtime\\HmiLoad.exe"= . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/3/2009 9:54 PM 64288] R0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\drivers\thpdrv.sys [3/22/2007 4:07 PM 20992] R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\drivers\Thpevm.sys [3/9/2007 6:23 PM 6528] R1 sbaphd;sbaphd;c:\windows\system32\drivers\sbaphd.sys [7/1/2011 12:56 AM 21592] R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [11/10/2009 10:12 AM 101720] R1 TMEI3E;TMEI3E;c:\windows\system32\drivers\TMEI3E.sys [11/30/2007 2:38 PM 5888] R2 almservice;Automation License Manager Service;c:\program files\Common Files\Siemens\SWS\almsrv\almsrvx.exe [3/29/2010 9:13 AM 1594368] R2 dpmconv;dpmconv;c:\windows\system32\drivers\dpmconv.sys [6/25/2007 4:46 PM 266240] R2 Dpmtrcdd;Dpmtrcdd;c:\windows\system32\drivers\dpmtrcdd.sys [6/25/2007 4:47 PM 28363] R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/6/2009 10:26 AM 10384] R2 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [7/9/2007 10:47 AM 94208] R2 MsDtsServer;SQL Server Integration Services;c:\program files\Microsoft SQL Server\90\DTS\Binn\MsDtsSrvr.exe [5/9/2006 8:31 AM 203552] R2 MSSQL$WINCC;SQL Server (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [5/9/2006 8:32 AM 28938072] R2 MSSQL$WINCCFLEXEXPRESS;SQL Server (WINCCFLEXEXPRESS);c:\program files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2/10/2007 9:29 AM 29178224] R2 MSSQL$WINCCFLEXIBLE;MSSQL$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlservr.exe [5/4/2005 12:04 AM 9150464] R2 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [9/18/2007 9:35 PM 77824] R2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [9/18/2007 8:21 PM 491520] R2 s7asysvx;S7 Global Services;c:\program files\Siemens\Step7\S7BIN\s7asysvx.exe [7/14/2008 8:02 PM 69685] R2 s7odpx2x;SIMATIC MPI/PROFIBUS DPX2 Driver;c:\windows\system32\drivers\s7odpx2x.sys [3/2/2010 8:37 AM 77312] R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [3/2/2010 8:47 AM 1576072] R2 s7opcmcx;s7opcmcx;c:\windows\system32\drivers\s7opcmcx.sys [3/2/2010 8:38 AM 209920] R2 S7opcsrtx;PROFINET IO RT-Protocol (LLDP);c:\windows\system32\drivers\s7opcsrtx.sys [3/1/2010 4:51 PM 31232] R2 s7osmcax;s7osmcax;c:\windows\system32\drivers\s7osmcax.sys [3/2/2010 8:40 AM 173568] R2 s7snsrtx;PROFINET IO RT-Protocol;c:\windows\system32\drivers\s7snsrtx.sys [2/24/2009 5:39 PM 73088] R2 S7TraceServiceX;S7TraceServiceX;c:\program files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe [3/2/2010 8:47 AM 240776] R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [6/29/2011 9:27 AM 74968] R2 SSCService;SIMATIC Security Control Service;c:\program files\Common Files\Siemens\SimaticSecurityControl\ssc_service_x.exe [7/17/2007 11:36 AM 339968] R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 3:22 PM 105856] R2 Tmesrv;Tmesrv3;c:\program files\TOSHIBA\TME3\TMESRV31.exe [11/30/2007 2:38 PM 126976] R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 3:15 PM 134016] R2 vsnl2ada;SIMATIC MPI/PROFIBUS FDL Transport Driver;c:\windows\system32\drivers\vsnl2ada.sys [11/5/2007 12:31 PM 115654] R3 Eacfilt;Eacfilt Miniport;c:\windows\system32\drivers\eacfilt.sys [5/14/2009 10:54 AM 26137] R3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [9/17/2007 11:36 PM 217088] R3 fwkbdrtm;fwkbdrtm;c:\windows\system32\drivers\fwkbdrtm.sys [4/8/2010 11:15 AM 12112] R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/22/2007 4:20 PM 35968] R3 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [9/18/2007 12:57 AM 212992] R3 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [9/18/2007 12:57 AM 212992] R3 TEchoCan;Toshiba Audio Effect;c:\windows\system32\drivers\TEchoCan.sys [11/30/2007 2:41 PM 435072] S1 abpicw2k;AB PIC/AIC+ Driver;c:\windows\system32\drivers\abpicw2k.sys [10/29/2001 1:53 PM 113600] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?] S2 CCAgent;CCAgent;c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCAgent.exe [?] S2 CCEClient;CCEClient;c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEClient.exe [?] S2 CCEServer;CCEServer;c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe --> c:\program files\Common Files\Siemens\ACE\bin\CCEServer.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 2:16 PM 130384] S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 2151640] S2 RedundancyControl;RedundancyControl;c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyControl.exe [?] S2 RedundancyState;RedundancyState;c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe --> c:\program files\Common Files\Siemens\ACE\bin\RedundancyState.exe [?] S2 SCSMonitor;SCSMonitor;c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe --> c:\program files\Common Files\Siemens\ACE\bin\SCSMX.exe [?] S3 ABKTCX;Rockwell Automation 1784-KTC(X) Driver;c:\windows\system32\drivers\abktcx.sys [5/31/2000 7:13 PM 71448] S3 c5511w2k;c5511w2k;c:\windows\system32\drivers\c5511w2k.sys [4/5/2000 2:22 PM 8192] S3 cgnxcdc;cgnxcdc;c:\windows\system32\drivers\cgnxcdc.sys [5/5/2010 4:42 PM 49152] S3 CogISSvc;Cognex In-Sight Port Service;c:\program files\Cognex\In-Sight\In-Sight Explorer 3.3.0\Utilities\cogissvc.exe [7/18/2006 8:20 AM 172632] S3 Cognex.InSight.OpcServer;Cognex OPC Server;c:\program files\Cognex\In-Sight\In-Sight OPC Server 3.3.0\OpcInSightService.exe [7/18/2006 8:46 AM 24576] S3 dpmcslv;dpmcslv;c:\windows\system32\drivers\dpmcslv.sys [7/4/2005 4:04 PM 68280] S3 ExtranetAccess;Contivity VPN Service;c:\program files\Textron VPN Client\Extranet_serv.exe [5/14/2009 10:54 AM 835584] S3 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [9/17/2007 11:29 PM 61440] S3 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [9/17/2007 11:29 PM 143360] S3 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\drivers\ipsecw2k.sys [5/14/2009 10:54 AM 155152] S3 pcidnt;A-B 1784-PCIDS;c:\windows\system32\Drivers\pcidnt.sys --> c:\windows\system32\Drivers\pcidnt.sys [?] S3 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [9/17/2007 11:32 PM 270336] S3 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [9/21/2007 2:27 PM 753664] S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;c:\windows\system32\RS_SS_NT.SYS [11/10/1999 8:27 AM 142592] S3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\system32\drivers\RSI-PKTX-A.sys [11/13/2002 2:38 PM 16447] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [1/18/2006 10:33 AM 39067] S3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\system32\drivers\rsiktNG.sys [4/23/2002 7:02 PM 38999] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [5/11/1999 1:48 PM 155440] S3 S5AS511;S5AS511;c:\windows\system32\drivers\S5AS511.SYS [12/5/2007 11:25 AM 15360] S3 S5MCD;S5MCD;c:\windows\system32\drivers\S5MCD.SYS [12/5/2007 11:25 AM 188416] S3 s7oefs_x;SIMATIC MPI/EFS Driver;c:\windows\system32\drivers\s7oefs_x.sys [10/18/2002 2:34 AM 30512] S3 s7oppinx;s7oppinx;c:\windows\system32\drivers\s7oppinx.sys [3/2/2010 8:39 AM 124928] S3 S7OUSBPX;S7OUSBPX;c:\windows\system32\drivers\S7OUSBPX.sys [11/26/2008 9:34 AM 27212] S3 Sim9Sync;SIMATIC NET Synchronization Service;c:\windows\system32\sim9sync.exe [4/28/2008 11:24 PM 94208] S3 SQLAgent$WINCC;SQL Server Agent (WINCC);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE [4/14/2006 10:06 AM 319776] S3 SQLAgent$WINCCFLEXIBLE;SQLAgent$WINCCFLEXIBLE;c:\program files\Microsoft SQL Server\MSSQL$WINCCFLEXIBLE\Binn\sqlagent.EXE [5/3/2005 9:42 PM 323584] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [4/22/2007 3:44 PM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 2:16 PM 753504] S4 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?] . --- Other Services/Drivers In Memory --- . *Deregistered* - Lavasoft Kernexplorer . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-07-26 c:\windows\Tasks\Ad-Aware Update (Daily 1).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-26 c:\windows\Tasks\Ad-Aware Update (Daily 3).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 11:19] . 2011-07-26 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . 2011-07-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3879435519-312499763-1611728940-1009.job - c:\program files\Real\RealUpgrade\realupgrade.exe [2011-03-29 14:47] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.0.1 Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - c:\program files\QuickTax 2007\ic2007pp.dll FF - ProfilePath - c:\documents and settings\1704420 Ontario Inc\Application Data\Mozilla\Firefox\Profiles\[email protected]\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url="http://www.gmer.net"]http://www.gmer.net[/url] Rootkit scan 2011-07-25 22:09 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3879435519-312499763-1611728940-1009\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1808) c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll c:\program files\common files\logishrd\bluetooth\LBTServ.dll . - - - - - - - > 'explorer.exe'(3044) c:\windows\system32\WININET.dll c:\program files\Logitech\SetPoint\lgscroll.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll c:\windows\system32\ieframe.dll c:\program files\TOSHIBA\TME3\TMEEJMD.DLL c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\TPwrCfg.DLL c:\windows\system32\TPwrReg.dll c:\windows\system32\TPSTrace.DLL . Completion time: 2011-07-25 22:21:22 ComboFix-quarantined-files.txt 2011-07-26 02:21 ComboFix2.txt 2011-07-16 12:22 . Pre-Run: 23,694,782,464 bytes free Post-Run: 23,731,146,752 bytes free . Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,2,3,4,5,6 - - End Of File - - B682915A070EC9E0C20C7ADFB478CA40
  15. Hi CeciliaB Did the scan here is the .txt log file It found 1 Rootkit.boot.SST.a, selected cure and rebooted. 2011/07/25 19:22:00.0977 2248 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56 2011/07/25 19:22:01.0196 2248 ================================================================================ 2011/07/25 19:22:01.0196 2248 SystemInfo: 2011/07/25 19:22:01.0196 2248 2011/07/25 19:22:01.0196 2248 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/25 19:22:01.0196 2248 Product type: Workstation 2011/07/25 19:22:01.0196 2248 ComputerName: 1704420_1 2011/07/25 19:22:01.0196 2248 UserName: 1704420 Ontario Inc 2011/07/25 19:22:01.0196 2248 Windows directory: C:\WINDOWS 2011/07/25 19:22:01.0196 2248 System windows directory: C:\WINDOWS 2011/07/25 19:22:01.0196 2248 Processor architecture: Intel x86 2011/07/25 19:22:01.0196 2248 Number of processors: 2 2011/07/25 19:22:01.0196 2248 Page size: 0x1000 2011/07/25 19:22:01.0196 2248 Boot type: Normal boot 2011/07/25 19:22:01.0196 2248 ================================================================================ 2011/07/25 19:22:02.0055 2248 Initialize success 2011/07/25 19:22:10.0415 3028 ================================================================================ 2011/07/25 19:22:10.0415 3028 Scan started 2011/07/25 19:22:10.0415 3028 Mode: Manual; 2011/07/25 19:22:10.0415 3028 ================================================================================ 2011/07/25 19:22:12.0602 3028 ABKTCX (f25a62362ae736a5ac670f17ba28642c) C:\WINDOWS\System32\Drivers\ABKTCX.sys 2011/07/25 19:22:12.0680 3028 abpicw2k (654ae24d0719f922754ccbf4481b7661) C:\WINDOWS\system32\DRIVERS\abpicw2k.sys 2011/07/25 19:22:12.0727 3028 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/25 19:22:12.0977 3028 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/25 19:22:13.0165 3028 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/25 19:22:13.0212 3028 AegisP (375eb0b97e3950adef3633c27a82438b) C:\WINDOWS\system32\DRIVERS\AegisP.sys 2011/07/25 19:22:13.0337 3028 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/25 19:22:13.0462 3028 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys 2011/07/25 19:22:13.0665 3028 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2011/07/25 19:22:13.0774 3028 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2011/07/25 19:22:13.0852 3028 ApfiltrService (3ed81e8b4709d13e5a38db2d8e792b28) C:\WINDOWS\system32\DRIVERS\Apfiltr.sys 2011/07/25 19:22:13.0946 3028 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2011/07/25 19:22:14.0102 3028 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/25 19:22:14.0133 3028 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/25 19:22:14.0196 3028 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/25 19:22:14.0212 3028 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/25 19:22:14.0227 3028 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/25 19:22:14.0368 3028 Bridge (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/07/25 19:22:14.0383 3028 BridgeMP (f934d1b230f84e1d19dd00ac5a7a83ed) C:\WINDOWS\system32\DRIVERS\bridge.sys 2011/07/25 19:22:14.0415 3028 c5511w2k (544b08b12cb67a7be43d231200cf3e62) C:\WINDOWS\system32\DRIVERS\c5511w2k.sys 2011/07/25 19:22:14.0571 3028 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/25 19:22:14.0633 3028 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/25 19:22:14.0805 3028 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/25 19:22:14.0868 3028 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/25 19:22:14.0946 3028 cgnxcdc (ef2c28136fa438fffa4eae7c5cbf1557) C:\WINDOWS\system32\DRIVERS\cgnxcdc.sys 2011/07/25 19:22:15.0087 3028 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys 2011/07/25 19:22:15.0196 3028 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys 2011/07/25 19:22:15.0383 3028 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/25 19:22:15.0493 3028 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/25 19:22:15.0602 3028 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/25 19:22:15.0618 3028 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/25 19:22:15.0665 3028 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/25 19:22:15.0743 3028 dpmconv (abb186a0b070fa91b379f9fc3a198b8b) C:\WINDOWS\System32\Drivers\dpmconv.sys 2011/07/25 19:22:15.0899 3028 dpmcslv (0bd72e62c3974c4f5e4372dba971901b) C:\WINDOWS\system32\drivers\dpmcslv.sys 2011/07/25 19:22:15.0930 3028 Dpmtrcdd (cddebaba436c8564ab4224ccea58a620) C:\WINDOWS\system32\DRIVERS\dpmtrcdd.sys 2011/07/25 19:22:15.0993 3028 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/25 19:22:16.0102 3028 e1express (8942419786970adb32b05bb7950aee72) C:\WINDOWS\system32\DRIVERS\e1e5132.sys 2011/07/25 19:22:16.0212 3028 Eacfilt (3271c60b98bff0a9d4bf9bf66f90d2eb) C:\WINDOWS\system32\DRIVERS\eacfilt.sys 2011/07/25 19:22:16.0274 3028 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/25 19:22:16.0337 3028 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys 2011/07/25 19:22:16.0399 3028 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/25 19:22:16.0415 3028 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys 2011/07/25 19:22:16.0508 3028 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/25 19:22:16.0540 3028 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/25 19:22:16.0618 3028 FTDIBUS (b7aa8283ec551d3a3b924e520e0621a7) C:\WINDOWS\system32\drivers\ftdibus.sys 2011/07/25 19:22:16.0649 3028 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/25 19:22:16.0712 3028 FTSER2K (596d31583ce332b5514520d74837f434) C:\WINDOWS\system32\drivers\ftser2k.sys 2011/07/25 19:22:16.0774 3028 fwkbdrtm (7e4d38e22513b0af200fa6f94c77a2a6) C:\WINDOWS\system32\drivers\fwkbdrtm.sys 2011/07/25 19:22:16.0821 3028 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/25 19:22:16.0883 3028 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2011/07/25 19:22:17.0071 3028 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 2011/07/25 19:22:17.0118 3028 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/25 19:22:17.0165 3028 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/25 19:22:17.0227 3028 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/25 19:22:17.0446 3028 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/25 19:22:17.0665 3028 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys 2011/07/25 19:22:17.0993 3028 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\WINDOWS\system32\drivers\iaStor.sys 2011/07/25 19:22:18.0055 3028 IFXTPM (0b556e950404d90d097c687e65238730) C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS 2011/07/25 19:22:18.0118 3028 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/25 19:22:18.0337 3028 IntcAzAudAddService (474d59c18652c8ef0151a9efae9ee619) C:\WINDOWS\system32\drivers\RtkHDAud.sys 2011/07/25 19:22:18.0649 3028 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/25 19:22:18.0696 3028 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/25 19:22:18.0743 3028 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/25 19:22:18.0774 3028 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/25 19:22:18.0821 3028 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/25 19:22:18.0946 3028 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/25 19:22:19.0008 3028 IPSECEXT (a45ed7b412ff678c61f83a6723bcec17) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys 2011/07/25 19:22:19.0024 3028 IPSECSHM (a45ed7b412ff678c61f83a6723bcec17) C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys 2011/07/25 19:22:19.0040 3028 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/25 19:22:19.0102 3028 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/25 19:22:19.0149 3028 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/25 19:22:19.0274 3028 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/25 19:22:19.0305 3028 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/25 19:22:19.0368 3028 Lbd (b7c19ec8b0dd7efa58ad41ffeb8b8cda) C:\WINDOWS\system32\DRIVERS\Lbd.sys 2011/07/25 19:22:19.0399 3028 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys 2011/07/25 19:22:19.0477 3028 LHidFilt (7f9c7b28cf1c859e1c42619eea946dc8) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 2011/07/25 19:22:19.0633 3028 LMouFilt (ab33792a87285344f43b5ce23421bab0) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 2011/07/25 19:22:19.0696 3028 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/25 19:22:19.0758 3028 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/25 19:22:19.0805 3028 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/25 19:22:19.0837 3028 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/25 19:22:20.0008 3028 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/25 19:22:20.0055 3028 MQAC (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys 2011/07/25 19:22:20.0118 3028 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/25 19:22:20.0165 3028 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/25 19:22:20.0337 3028 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/25 19:22:20.0383 3028 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/25 19:22:20.0446 3028 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/25 19:22:20.0477 3028 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/25 19:22:20.0524 3028 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/25 19:22:20.0727 3028 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/25 19:22:20.0774 3028 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/25 19:22:20.0805 3028 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/25 19:22:20.0837 3028 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/25 19:22:20.0868 3028 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/25 19:22:21.0024 3028 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/25 19:22:21.0071 3028 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/25 19:22:21.0087 3028 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/25 19:22:21.0149 3028 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys 2011/07/25 19:22:21.0274 3028 NETw4x32 (12b0d99865434387f784268b70e23360) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys 2011/07/25 19:22:21.0524 3028 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2011/07/25 19:22:21.0555 3028 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/25 19:22:21.0602 3028 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/25 19:22:21.0805 3028 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/25 19:22:21.0837 3028 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/25 19:22:21.0852 3028 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/25 19:22:21.0899 3028 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2011/07/25 19:22:21.0930 3028 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys 2011/07/25 19:22:21.0962 3028 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/25 19:22:21.0993 3028 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/25 19:22:22.0149 3028 PCI (9c8f3cc31f7e2a3373af70d0da6cb58a) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/25 19:22:22.0227 3028 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/25 19:22:22.0258 3028 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys 2011/07/25 19:22:22.0415 3028 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/25 19:22:22.0446 3028 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/25 19:22:22.0477 3028 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/25 19:22:22.0618 3028 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/25 19:22:22.0743 3028 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/25 19:22:22.0805 3028 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/25 19:22:22.0837 3028 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/25 19:22:22.0868 3028 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/25 19:22:22.0993 3028 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/25 19:22:23.0008 3028 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/25 19:22:23.0087 3028 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/25 19:22:23.0118 3028 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/25 19:22:23.0165 3028 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/25 19:22:23.0352 3028 RMCAST (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys 2011/07/25 19:22:23.0446 3028 RSI-PKTX-A (9d1aff516d727612363c03abdc203380) C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS 2011/07/25 19:22:23.0493 3028 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS 2011/07/25 19:22:23.0790 3028 RSLINXNGKtControl (9e866a7c540c6a4b21bd5255a2a2bd0d) C:\WINDOWS\System32\drivers\RSIKTNG.SYS 2011/07/25 19:22:23.0837 3028 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS 2011/07/25 19:22:23.0883 3028 RS_SS_NT (e4fab1cdfaed6ef7542606aa055b104a) C:\WINDOWS\SYSTEM32\RS_SS_NT.SYS 2011/07/25 19:22:23.0930 3028 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS 2011/07/25 19:22:23.0977 3028 s24trans (e2c6abcbefb1d44f6aaeb1cd5d6062d4) C:\WINDOWS\system32\DRIVERS\s24trans.sys 2011/07/25 19:22:24.0024 3028 S5AS511 (0dc8be05f9d9b0bf6e5a0c40bfdcd38f) C:\WINDOWS\system32\drivers\S5AS511.sys 2011/07/25 19:22:24.0180 3028 S5MCD (4044af405d5de24321b58d7f6af408a0) C:\WINDOWS\system32\drivers\S5MCD.sys 2011/07/25 19:22:24.0243 3028 s7odpx2x (fea94d6320c1c813ab79b74db83f468f) C:\WINDOWS\System32\Drivers\S7odpx2x.sys 2011/07/25 19:22:24.0305 3028 s7oefs_x (f4e4348f0ecc78a61a190e447eb2467d) C:\WINDOWS\System32\drivers\s7oefs_x.sys 2011/07/25 19:22:24.0337 3028 s7opcmcx (3e89156b70c39a8fe0b1962440f83c15) C:\WINDOWS\System32\Drivers\s7opcmcx.sys 2011/07/25 19:22:24.0415 3028 S7opcsrtx (a8114fc3bb7de5feeae32e854574ef57) C:\WINDOWS\system32\DRIVERS\s7opcsrtx.sys 2011/07/25 19:22:24.0555 3028 S7oppilx (dc00bcd3176780b488cd74a17af0eae9) C:\WINDOWS\system32\Drivers\S7oppilx.sys 2011/07/25 19:22:24.0712 3028 s7oppinx (95aebab91051fb2d071375700571f339) C:\WINDOWS\System32\Drivers\s7oppinx.sys 2011/07/25 19:22:24.0743 3028 s7osmcax (588feeaafbda18c00a8f697f19c2bde7) C:\WINDOWS\System32\Drivers\s7osmcax.sys 2011/07/25 19:22:24.0883 3028 s7otranx (d60b08e3251cd16c60dc03e36764a081) C:\WINDOWS\System32\Drivers\s7otranx.sys 2011/07/25 19:22:24.0977 3028 S7OUSBPX (3c0b3f2ee858520ebb1627a4cfc6765f) C:\WINDOWS\system32\drivers\S7OUSBPX.sys 2011/07/25 19:22:25.0008 3028 s7snsrtx (1b2666464be6719e1122c53eba487dd6) C:\WINDOWS\system32\DRIVERS\s7snsrtx.sys 2011/07/25 19:22:25.0149 3028 sbaphd (65a36563c0207824c8240662043c5304) C:\WINDOWS\system32\drivers\sbaphd.sys 2011/07/25 19:22:25.0165 3028 sbapifs (3d6ba67c758735918e323d4d6f64449a) C:\WINDOWS\system32\drivers\sbapifs.sys 2011/07/25 19:22:25.0212 3028 SBRE (0505da5d357f18a5d42fc5dede6bc9a0) C:\WINDOWS\system32\drivers\SBREdrv.sys 2011/07/25 19:22:25.0321 3028 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys 2011/07/25 19:22:25.0430 3028 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/25 19:22:25.0477 3028 Sentinel (aebba7428a6c40cce3c5abde45190b24) C:\WINDOWS\System32\Drivers\SENTINEL.SYS 2011/07/25 19:22:25.0524 3028 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/25 19:22:25.0555 3028 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/25 19:22:25.0649 3028 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys 2011/07/25 19:22:25.0821 3028 SNTIE (d953a20a0ad1052e44e5dfce6d352bba) C:\WINDOWS\system32\DRIVERS\sntie.sys 2011/07/25 19:22:25.0930 3028 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/25 19:22:26.0040 3028 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/25 19:22:26.0087 3028 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/25 19:22:26.0196 3028 StillCam (a9573045baa16eab9b1085205b82f1ed) C:\WINDOWS\system32\DRIVERS\serscan.sys 2011/07/25 19:22:26.0290 3028 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/25 19:22:26.0368 3028 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/25 19:22:26.0477 3028 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/25 19:22:26.0540 3028 TBiosDrv (1f26d86828039c0b594399f7f2ffef09) C:\WINDOWS\system32\Drivers\Tbiosdrv.sys 2011/07/25 19:22:26.0618 3028 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/25 19:22:26.0712 3028 TcUsb (fc6fe02f400308606a911640e72326b5) C:\WINDOWS\system32\Drivers\tcusb.sys 2011/07/25 19:22:26.0758 3028 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys 2011/07/25 19:22:26.0821 3028 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/25 19:22:26.0899 3028 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/25 19:22:26.0977 3028 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys 2011/07/25 19:22:27.0040 3028 TEchoCan (65855534483d0c1330703100b31cac00) C:\WINDOWS\system32\DRIVERS\TEchoCan.sys 2011/07/25 19:22:27.0165 3028 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/25 19:22:27.0258 3028 Thpdrv (557cfdb7869499d357da1877ed93043f) C:\WINDOWS\system32\DRIVERS\thpdrv.sys 2011/07/25 19:22:27.0290 3028 Thpevm (beeca51c9ef368a1038e455278e4715e) C:\WINDOWS\system32\DRIVERS\Thpevm.SYS 2011/07/25 19:22:27.0415 3028 tifm21 (e4c85c291ddb3dc5e4a2f227ca465ba6) C:\WINDOWS\system32\drivers\tifm21.sys 2011/07/25 19:22:27.0493 3028 TMEI3E (684bfb1e9abb05d3f48c53f3cd16a3e6) C:\WINDOWS\system32\Drivers\TMEI3E.SYS 2011/07/25 19:22:27.0587 3028 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys 2011/07/25 19:22:27.0618 3028 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys 2011/07/25 19:22:27.0727 3028 TVALZ (73d3312955f805054e32fabdca5230b1) C:\WINDOWS\system32\DRIVERS\TVALZ.SYS 2011/07/25 19:22:27.0790 3028 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/25 19:22:27.0868 3028 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/25 19:22:27.0993 3028 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/25 19:22:28.0040 3028 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/25 19:22:28.0118 3028 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/25 19:22:28.0165 3028 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/25 19:22:28.0274 3028 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/25 19:22:28.0352 3028 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/25 19:22:28.0368 3028 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/25 19:22:28.0415 3028 usb_rndisx (b6cc50279d6cd28e090a5d33244adc9a) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2011/07/25 19:22:28.0462 3028 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/25 19:22:28.0712 3028 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/25 19:22:28.0758 3028 vsnl2ada (7ed275a019948cf77b91313addd1f459) C:\WINDOWS\System32\Drivers\vsnl2ada.sys 2011/07/25 19:22:28.0821 3028 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/25 19:22:28.0883 3028 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2011/07/25 19:22:29.0102 3028 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/25 19:22:29.0180 3028 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys 2011/07/25 19:22:29.0290 3028 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/25 19:22:29.0446 3028 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/25 19:22:29.0493 3028 MBR (0x1B8) (6f9a1d528242bc09104b85e0becf5554) \Device\Harddisk0\DR0 2011/07/25 19:22:29.0493 3028 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.a (0) 2011/07/25 19:22:29.0508 3028 Boot (0x1200) (e4764e29a897927d88e63851e22d3f41) \Device\Harddisk0\DR0\Partition0 2011/07/25 19:22:29.0508 3028 ================================================================================ 2011/07/25 19:22:29.0508 3028 Scan finished 2011/07/25 19:22:29.0508 3028 ================================================================================ 2011/07/25 19:22:29.0524 4364 Detected object count: 1 2011/07/25 19:22:29.0524 4364 Actual detected object count: 1 2011/07/25 19:22:58.0962 4364 \Device\Harddisk0\DR0 (Rootkit.Boot.SST.a) - will be cured after reboot 2011/07/25 19:22:58.0977 4364 \Device\Harddisk0\DR0 - ok 2011/07/25 19:22:58.0977 4364 Rootkit.Boot.SST.a(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/25 19:23:13.0212 5064 Deinitialize success psc23351