FriedPickles
-
Posts
12 -
Joined
-
Last visited
-
Rootkit Infection - Rootkit.win32.tdss.ld4
FriedPickles replied to FriedPickles's topic in Resolved Malware Removal Logs
The full scan just found some tracking cookies. I cleaned them, rescanned again using both TDSSKiller and Malwarebytes. Then rebooted a few more times. Everything seems to be good, now... So I reinstalled the Anti Virus application. Did I mention that McAfee sucks at infection detection/cleaning? BUT that is the application my company uses. Thanks Gammo for the reply. -
Rootkit Infection - Rootkit.win32.tdss.ld4
FriedPickles replied to FriedPickles's topic in Resolved Malware Removal Logs
Update: I booted into the Recovery Console and did a "fixmbr", rebooted and ran TDSSKiller again. There were no threats detected. Now I'm running a full MalwareBytes scan. -
Hello, I suspected and discovered a rootkit on one of my users PC's. It was acting funny and I wasn't able to remove an MSN Toolbar. So I scanned the computer using TDSSKiller. It found "Rootkit.win32.tdss.ld4" and wanted to "cure" it, then reboot. After the reboot, I scanned it again using TDSSKiller.exe, it found the rootkit was still there. I also ran HijackThis and have incuded the log file. Assistance in removing this would be grately appreciated. Thank you in advance for any help. Doug ==================================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:17:30 AM, on 11/4/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\lotus\notes\nsd.exe C:\Program Files\lotus\notes\nslsvice.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\lotus\notes\ntmulti.exe C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\Program Files\Analog Devices\Core\smax4pnp.exe C:\WINDOWS\system32\ICO.EXE C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe C:\WINDOWS\system32\FSRremoS.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe C:\Program Files\xerox\DSClient\DsTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Xerox\DSClient\DSMon.exe C:\Program Files\Xerox\DSClient\DSPLACES.EXE C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\WINDOWS\notepad.exe C:\WINDOWS\notepad.exe D:\_Virus Tools\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.us.huhtamaki.com/ O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: DSClient Browser Helper Object - {78839ABD-14B9-11D4-BA68-00104BC6425F} - C:\Program Files\Xerox\DSClient\BHO.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O2 - BHO: ZeonIEEventHelper Class - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Nuance PDF - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\npwinext.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [PDFHook] C:\Program Files\Nuance\PDF Professional 5\pdfpro5hook.exe O4 - HKLM\..\Run: [PDF5 Registry Controller] C:\Program Files\Nuance\PDF Professional 5\RegistryController.exe O4 - HKLM\..\Run: [sSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [Nuance PDF Professional 5-reminder] "C:\Program Files\Nuance\PDF Professional 5\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\Nuance\PDF Professional 5\Ereg\Ereg.ini" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - Global Startup: DocuShare Client.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Append the content of the link to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Append the content of the selected links to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML O8 - Extra context menu item: Append to existing PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML O8 - Extra context menu item: Create PDF file - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF file from the content of the link - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML O8 - Extra context menu item: Create PDF files from the selected links - res://C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} (JNILoader Control) - http://st.huhtamaki.com/sametime/STMeeting...STJNILoader.cab O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://mymeetings.webex.com/client/v_myweb...bex/ieatgpc.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ame.pkg O17 - HKLM\Software\..\Telephony: DomainName = ame.pkg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ame.pkg O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: Google Update Service (gupdate1c9eb6d15b0d229) (gupdate1c9eb6d15b0d229) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lotus Notes Diagnostics - IBM Corp - C:\Program Files\lotus\notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: PDFProFiltSrv - Nuance Communications, Inc. - C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Scalable WinINSTALL Master Agent (WIMASvc) - Scalable Software, Inc. - C:\Program Files\Scalable\WinINSTALL\Bin\WIMASvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 8753 bytes
-
LDTate - I started the SP3 install before I read your last post. I will finish the SP3 installation, then I will run the ComboFix /Uninstall processes. Thanks for all your help. I'm grateful for the help!
-
I have run ComboFix. It never said I needed to reboot. Please let me know what you find, if anything. The computer appears to be running normal (forgot to mention that from your earlier post). What else do you suggest? ComboFix 10-09-20.04 - Administrator 09/21/2010 18:10:19.2.2 - x86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3071.2536 [GMT -4:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0} * Resident AV is active . ((((((((((((((((((((((((( Files Created from 2010-08-21 to 2010-09-21 ))))))))))))))))))))))))))))))) . 2010-09-21 22:04 . 2010-09-21 22:04 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-60ac0811-n\msvcp71.dll 2010-09-21 22:04 . 2010-09-21 22:04 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-60ac0811-n\jmc.dll 2010-09-21 22:04 . 2010-09-21 22:04 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-60ac0811-n\msvcr71.dll 2010-09-21 22:04 . 2010-09-21 22:04 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-25707c44-n\decora-sse.dll 2010-09-21 22:04 . 2010-09-21 22:04 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-25707c44-n\decora-d3d.dll 2010-09-21 20:44 . 2010-09-21 20:44 -------- d-----w- c:\documents and settings\husseR\Application Data\Malwarebytes 2010-09-21 20:43 . 2010-09-21 20:43 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-09-21 20:42 . 2010-09-21 20:43 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-09-21 20:35 . 2010-09-21 20:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\McAfee 2010-09-20 21:03 . 2010-09-20 21:03 -------- d-----w- c:\documents and settings\piked\Application Data\Xerox 2010-09-20 21:01 . 2010-09-20 21:01 -------- d-----w- c:\documents and settings\piked\Application Data\Malwarebytes 2010-09-20 20:59 . 2010-09-20 20:59 59928 ----a-w- c:\documents and settings\piked\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-09-20 20:39 . 2010-09-20 20:39 503808 ----a-w- c:\documents and settings\piked\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-46c4cc5a-n\msvcp71.dll 2010-09-20 20:39 . 2010-09-20 20:39 499712 ----a-w- c:\documents and settings\piked\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-46c4cc5a-n\jmc.dll 2010-09-20 20:39 . 2010-09-20 20:39 348160 ----a-w- c:\documents and settings\piked\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-46c4cc5a-n\msvcr71.dll 2010-09-20 20:39 . 2010-09-20 20:39 61440 ----a-w- c:\documents and settings\piked\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3cdbe6fc-n\decora-sse.dll 2010-09-20 20:39 . 2010-09-20 20:39 12800 ----a-w- c:\documents and settings\piked\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-3cdbe6fc-n\decora-d3d.dll 2010-09-20 19:25 . 2010-09-20 19:25 -------- d-----w- c:\documents and settings\piked\Application Data\SUPERAntiSpyware.com 2010-09-20 19:25 . 2010-09-20 19:25 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2010-09-20 19:04 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-09-20 19:04 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-09-20 18:59 . 2010-09-20 19:00 -------- d-----w- c:\temp\MotoConnectTemp 2010-09-20 18:59 . 2010-09-20 18:59 -------- d-----w- C:\Temp 2010-09-20 18:20 . 2010-09-20 18:20 -------- d-----w- c:\windows\system32\wbem\Repository 2010-09-20 18:19 . 2010-09-20 18:19 -------- d-----w- c:\documents and settings\husseR\Application Data\smkits 2010-09-20 18:19 . 2010-09-20 18:19 -------- d-----w- C:\RATrendData 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- C:\PhoneTool 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- C:\HEMtemp 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- C:\CGCM 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- c:\program files\Fiery 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- c:\program files\Common Files\EFI 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- c:\program files\Avanquest update 2010-09-20 18:18 . 2010-09-20 18:18 -------- d-----w- c:\documents and settings\husseR\Application Data\InstallShield 2010-09-20 18:15 . 2010-09-20 18:18 -------- d-----w- c:\program files\ThermaCAM Report Viewer 2000 Dec 02 Ed 2010-09-20 18:15 . 2010-09-20 18:16 -------- d-----w- c:\program files\My Company Name 2010-09-20 18:15 . 2010-09-20 18:16 -------- d-----w- c:\program files\Investintech.com Inc 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\Visioneer OneTouch 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\Visicom Media 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\VideoLAN 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\TriActive 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\New River Kinematics 2010-09-20 18:15 . 2010-09-20 18:15 -------- d-----w- c:\program files\Google 2010-09-17 19:26 . 2010-09-17 19:26 -------- d-----w- c:\documents and settings\piked\Application Data\McAfee 2010-09-17 14:03 . 2010-09-17 14:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-09-17 14:03 . 2010-09-21 16:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-09-21 20:38 . 1980-01-01 08:00 138368 ----a-w- c:\windows\system32\drivers\afd.sys 2010-09-20 18:18 . 2007-11-08 12:23 -------- d-----w- c:\program files\Motorola Phone Tools 2010-09-17 13:45 . 2005-01-29 17:39 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-09-17 12:59 . 2009-04-02 14:18 -------- d-----w- c:\program files\Motorola 2010-09-17 12:56 . 2007-11-08 12:23 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software 2010-09-17 12:54 . 2006-01-17 13:31 -------- d-----w- c:\program files\Citrix 2010-08-31 15:29 . 2010-04-22 19:16 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-08-03 20:14 . 2010-08-03 20:14 -------- d-----w- c:\documents and settings\husseR\Application Data\McAfee 2010-08-03 20:12 . 2010-08-03 20:12 5292733 ----a-w- c:\documents and settings\All Users\Application Data\McAfee\Common Framework\Current\EPOAGENT3000\Install\0409\FramePkg.exe 2010-08-03 13:58 . 2010-08-03 13:58 503808 ----a-w- c:\documents and settings\husseR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76955abf-n\msvcp71.dll 2010-08-03 13:58 . 2010-08-03 13:58 499712 ----a-w- c:\documents and settings\husseR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76955abf-n\jmc.dll 2010-08-03 13:58 . 2010-08-03 13:58 348160 ----a-w- c:\documents and settings\husseR\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-76955abf-n\msvcr71.dll 2010-08-03 13:58 . 2010-08-03 13:58 61440 ----a-w- c:\documents and settings\husseR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38d9775b-n\decora-sse.dll 2010-08-03 13:58 . 2010-08-03 13:58 12800 ----a-w- c:\documents and settings\husseR\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-38d9775b-n\decora-d3d.dll 2010-07-27 17:41 . 2010-07-27 17:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Macrovision 2010-07-27 17:40 . 2010-07-27 17:40 -------- d-----w- c:\documents and settings\All Users\Application Data\WFCU 2010-07-07 18:23 . 2010-07-07 18:23 45056 ----a-w- c:\documents and settings\All Users\Application Data\Rockwell Automation\RSLogix 5000\root\c42821f4\afb6e0d8\assembly\dl3\5f451c84\0090c3f6_bd90c901\Logix5000.Reports.Generator.DLL 2010-01-07 00:07 . 2010-01-04 17:05 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll . ((((((((((((((((((((((((((((( SnapShot@2010-09-21_16.53.03 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-21 21:56 . 2010-09-21 21:56 16384 c:\windows\temp\Perflib_Perfdata_118.dat + 2005-03-07 17:55 . 2010-09-21 20:32 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2005-03-07 17:55 . 2010-09-21 16:08 49152 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2005-03-07 17:55 . 2010-09-21 20:32 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2005-03-07 17:55 . 2010-09-21 16:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2010-09-21 18:23 . 2010-09-21 20:32 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2005-03-07 17:55 . 2010-09-21 16:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-04-20 438272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-10-22 114741] "Sxplog"="c:\sxpinst\sxpstub.exe" [2004-03-18 20480] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2004-08-03 4493312] "RoxioEngineUtility"="c:\program files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-02 65536] "nwiz"="nwiz.exe" [2004-08-03 917504] "UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176] "NvMediaCenter"="NvMCTray.dll" [2004-08-03 86016] "ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2010-01-07 124240] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "Client Access Service"="c:\program files\IBM\Client Access\cwbsvstr.exe" [2007-03-07 20531] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2010-06-01 140608] "SDJobCheck"="triggusr.exe" [bU] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-920026266-839522115-14939\Scripts\Logon\0\0] "Script"=US-Huhtamaki Screen Saver Settings.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-920026266-839522115-9228\Scripts\Logon\0\0] "Script"=US-Huhtamaki Screen Saver Settings.vbs [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1343024091-920026266-839522115-9454\Scripts\Logon\0\0] "Script"=US-Huhtamaki Screen Saver Settings.vbs [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Start 3DxWare.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Start 3DxWare.lnk backup=c:\windows\pss\Start 3DxWare.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader] 2007-03-09 15:09 63712 ----a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] 2004-04-20 10:01 438272 ----a-w- c:\program files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck] 2001-07-09 16:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioAudioCentral] 2003-07-15 20:36 319488 ----a-w- c:\program files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxioDragToDisc] 2003-07-17 08:19 868352 ----a-w- c:\program files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2009-02-27 17:31 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ERSvc"=2 (0x2) "bufserv"=3 (0x3) "Alerter"=2 (0x2) "gusvc"=3 (0x3) [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"= "c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\lmgrd.exe"= "c:\\Program Files\\Rockwell Software\\FactoryTalk Activation\\flexsvr.exe"= R2 FactoryTalk Activation Service;FactoryTalk Activation Service;c:\program files\Rockwell Software\FactoryTalk Activation\lmgrd.exe [11/17/2003 7:50 PM 659456] R2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [9/29/2008 2:49 PM 66848] R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\program files\lotus\notes\nsd.exe [3/16/2010 5:59 PM 3391488] R2 McAfeeEngineService;McAfee Engine Service;c:\program files\McAfee\VirusScan Enterprise\engineserver.exe [1/6/2010 8:07 PM 22816] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [1/4/2010 1:05 PM 70728] R2 MotoConnect Service;MotoConnect Service;c:\program files\Motorola\MotoConnectService\MotoConnectService.exe [12/15/2009 8:34 AM 91392] R2 SDService;Unicenter Software Delivery;c:\program files\CA\Unicenter Software Delivery\BIN\SDServ.exe [11/19/2003 11:29 AM 32768] R2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\windows\system32\spool\ugplot\ugiipqd.exe [7/23/2003 8:07 PM 57344] R2 WIMASvc;Scalable WinINSTALL Master Agent;c:\program files\Scalable\WinINSTALL\Bin\WIMASvc.exe [12/29/2008 9:01 PM 202048] S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\piked\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\piked\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?] S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\piked\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\piked\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?] S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\Drivers\VirtualBackplane.sys --> c:\windows\system32\Drivers\VirtualBackplane.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 2:10 PM 135664] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [1/4/2010 1:05 PM 66600] S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [11/9/2009 4:48 PM 19712] S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [11/9/2009 4:48 PM 8320] S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\drivers\motport.sys [12/15/2009 8:35 AM 23936] S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 4:22 PM 34064] S3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [7/5/2008 7:19 PM 39067] S3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\system32\rsserial.sys [7/5/2008 7:19 PM 155440] S3 TWXWD;TWXWD;c:\windows\system32\drivers\TwxWD.sys [8/5/2004 3:44 AM 26964] S4 AdvTCPIPDataLogger;Advanced TCP/IP Data Logger service;c:\program files\Advanced TCP IP Data Logger\aipdlogsrv.exe --> c:\program files\Advanced TCP IP Data Logger\aipdlogsrv.exe [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 Trusted Zone: usdso-sirius FF - ProfilePath - FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false); . - - - - ORPHANS REMOVED - - - - SafeBoot-klmdb.sys AddRemove-HijackThis - E:\HijackThis.exe ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-09-21 18:16 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????4???????????????????>?@?????L???<??????|?????????????$???? ???D??????>@???? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'lsass.exe'(908) c:\program files\lotus\notes\npnotes.dll - - - - - - - > 'explorer.exe'(196) c:\program files\McAfee\Common Framework\McTrayLegacySupportPlugin.dll c:\program files\McAfee\Common Framework\McTrayInterfaceLib.dll c:\program files\McAfee\Common Framework\McAfeeWin32GUISupportDLL.dll c:\windows\system32\msi.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2010-09-21 18:19:17 ComboFix-quarantined-files.txt 2010-09-21 22:19 ComboFix2.txt 2010-09-21 16:54 Pre-Run: 11,408,879,616 bytes free Post-Run: 11,382,124,544 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect - - End Of File - - 86F8AD237294B45771D0CF1C3FC0C697
-
Forgot to mention - I haven't installed SP3 or IE updates due to time constrants. It would take too long to do these updates. Would rather clean the machine and then do updates. Hope that is cool with you.
-
Roger that.... I'll continue. Then post log. THanks!
-
My company forces McAfee Enterprise to run using ePO agent and policy. I have attempted to shut it down, but eveytime I do, it just restarts due to the policies in place. I am running ComboFix now, but it has told me it didn't like that fact about McAfee. At the moment, it is downloading from MS the recovery console. Should I continue with ComboFix even if I cannot disable the AV scanners?
-
I agree and will install SP3 asap. Also upgrade IE to version 7 or 8 at least. MBAM did find something. Here is the MBAM log file. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4663 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 9/21/2010 5:49:22 PM mbam-log-2010-09-21 (17-49-22).txt Scan type: Quick scan Objects scanned: 197200 Time elapsed: 11 minute(s), 22 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\forceclassiccontrolpanel (Hijack.ControlPanelStyle) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Its still scanning now. I'll post the report if it finds anything at all or other wise. Shouldn't be too much longer.
-
LDTate - Thank you for the assisance. It appears to have worked. I'm all cleared up. I am now able to run MBAM w/o issues. Thank again. I will be a frequent flyer. Here is the log file you requested. 2010/09/21 16:36:07.0821 TDSS rootkit removing tool 2.4.2.1 Sep 7 2010 14:43:44 2010/09/21 16:36:07.0821 ================================================================================ 2010/09/21 16:36:07.0821 SystemInfo: 2010/09/21 16:36:07.0821 2010/09/21 16:36:07.0821 OS Version: 5.1.2600 ServicePack: 2.0 2010/09/21 16:36:07.0821 Product type: Workstation 2010/09/21 16:36:07.0821 ComputerName: WTV-111123 2010/09/21 16:36:07.0821 UserName: Administrator 2010/09/21 16:36:07.0821 Windows directory: C:\WINDOWS 2010/09/21 16:36:07.0821 System windows directory: C:\WINDOWS 2010/09/21 16:36:07.0821 Processor architecture: Intel x86 2010/09/21 16:36:07.0821 Number of processors: 2 2010/09/21 16:36:07.0821 Page size: 0x1000 2010/09/21 16:36:07.0821 Boot type: Normal boot 2010/09/21 16:36:07.0821 ================================================================================ 2010/09/21 16:36:08.0114 Initialize success 2010/09/21 16:36:21.0068 ================================================================================ 2010/09/21 16:36:21.0068 Scan started 2010/09/21 16:36:21.0068 Mode: Manual; 2010/09/21 16:36:21.0068 ================================================================================ 2010/09/21 16:36:21.0499 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2010/09/21 16:36:21.0560 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2010/09/21 16:36:21.0606 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2010/09/21 16:36:21.0652 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2010/09/21 16:36:21.0729 aeaudio (3cb6ae5435987b1f8c83fd2730479878) C:\WINDOWS\system32\drivers\aeaudio.sys 2010/09/21 16:36:21.0791 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys 2010/09/21 16:36:21.0868 AFD (f92c6d162329a1367d71517c6b0de56c) C:\WINDOWS\System32\drivers\afd.sys 2010/09/21 16:36:21.0868 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: f92c6d162329a1367d71517c6b0de56c, Fake md5: 55e6e1c51b6d30e54335750955453702 2010/09/21 16:36:21.0868 AFD - detected Rootkit.Win32.TDSS.tdl3 (0) 2010/09/21 16:36:21.0914 agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys 2010/09/21 16:36:21.0960 agpCPQ (67288b07d6aba6c1267b626e67bc56fd) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2010/09/21 16:36:22.0006 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2010/09/21 16:36:22.0068 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2010/09/21 16:36:22.0175 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2010/09/21 16:36:22.0237 akshasp (3f9f42085ab5b6a55498a539c54575ab) C:\WINDOWS\system32\DRIVERS\akshasp.sys 2010/09/21 16:36:22.0268 aksusb (d2b95315cc47f9230006fdbcba394d8d) C:\WINDOWS\system32\DRIVERS\aksusb.sys 2010/09/21 16:36:22.0314 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2010/09/21 16:36:22.0360 alim1541 (f312b7cef21eff52fa23056b9d815fad) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2010/09/21 16:36:22.0391 amdagp (675c16a3c1f8482f85ee4a97fc0dde3d) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2010/09/21 16:36:22.0437 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2010/09/21 16:36:22.0483 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys 2010/09/21 16:36:22.0514 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2010/09/21 16:36:22.0560 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2010/09/21 16:36:22.0606 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2010/09/21 16:36:22.0668 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2010/09/21 16:36:22.0714 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys 2010/09/21 16:36:22.0806 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2010/09/21 16:36:22.0868 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2010/09/21 16:36:22.0899 b57w2k (2c078ae1a50b152a0e779c1f707f82c9) C:\WINDOWS\system32\DRIVERS\b57xp32.sys 2010/09/21 16:36:22.0929 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2010/09/21 16:36:23.0052 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2010/09/21 16:36:23.0099 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2010/09/21 16:36:23.0145 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys 2010/09/21 16:36:23.0191 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2010/09/21 16:36:23.0237 CdaC15BA (f76cb7259aa575cc53f3996bc6b68c18) C:\WINDOWS\system32\drivers\CDAC15BA.SYS 2010/09/21 16:36:23.0268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2010/09/21 16:36:23.0299 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys 2010/09/21 16:36:23.0345 Cdr4_xp (bf79e659c506674c0497cc9c61f1a165) C:\WINDOWS\system32\drivers\Cdr4_xp.sys 2010/09/21 16:36:23.0360 Cdralw2k (2c41cd49d82d5fd85c72d57b6ca25471) C:\WINDOWS\system32\drivers\Cdralw2k.sys 2010/09/21 16:36:23.0391 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2010/09/21 16:36:23.0437 cdudf_xp (23347f35984fff18a6344fe2fd2d835c) C:\WINDOWS\system32\drivers\cdudf_xp.sys 2010/09/21 16:36:23.0514 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2010/09/21 16:36:23.0591 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2010/09/21 16:36:23.0668 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2010/09/21 16:36:23.0699 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2010/09/21 16:36:23.0760 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys 2010/09/21 16:36:23.0822 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys 2010/09/21 16:36:23.0852 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys 2010/09/21 16:36:23.0883 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2010/09/21 16:36:23.0945 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys 2010/09/21 16:36:23.0991 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2010/09/21 16:36:24.0037 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys 2010/09/21 16:36:24.0099 drvmcdb (dfdd4e4dfafc6b41dba4bd7b1f9ef7a6) C:\WINDOWS\system32\DRIVERS\drvmcdb.sys 2010/09/21 16:36:24.0145 drvnddm (d3c1e501ed42e77574b3095309dd4075) C:\WINDOWS\system32\drivers\drvnddm.sys 2010/09/21 16:36:24.0222 DVDVRRdr_xp (f0470a61ead8ec91bb0d40a189c9ef99) C:\WINDOWS\system32\drivers\DVDVRRdr_xp.sys 2010/09/21 16:36:24.0268 dvd_2K (539f5dfcbe3eefae5bfa9c084df407f1) C:\WINDOWS\system32\drivers\dvd_2K.sys 2010/09/21 16:36:24.0299 EGATHDRV (7f220875288944c9c7856e2bc8613b1f) C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS 2010/09/21 16:36:24.0422 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys 2010/09/21 16:36:24.0452 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys 2010/09/21 16:36:24.0483 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys 2010/09/21 16:36:24.0514 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2010/09/21 16:36:24.0560 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys 2010/09/21 16:36:24.0591 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2010/09/21 16:36:24.0637 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2010/09/21 16:36:24.0683 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2010/09/21 16:36:24.0760 Hardlock (d95554949082fd29a04d351b58396718) C:\WINDOWS\system32\drivers\hardlock.sys 2010/09/21 16:36:24.0822 Haspnt (2dd25f060dc9f79b5cdf33d90ed93669) C:\WINDOWS\system32\drivers\Haspnt.sys 2010/09/21 16:36:24.0868 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2010/09/21 16:36:24.0914 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2010/09/21 16:36:24.0976 HPZid412 (5faba4775d4c61e55ec669d643ffc71f) C:\WINDOWS\system32\DRIVERS\HPZid412.sys 2010/09/21 16:36:25.0006 HPZipr12 (a3c43980ee1f1beac778b44ea65dbdd4) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 2010/09/21 16:36:25.0068 HPZius12 (2906949bd4e206f2bb0dd1896ce9f66f) C:\WINDOWS\system32\DRIVERS\HPZius12.sys 2010/09/21 16:36:25.0129 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys 2010/09/21 16:36:25.0160 i2omgmt (8f09f91b5c91363b77bcd15599570f2c) C:\WINDOWS\system32\drivers\i2omgmt.sys 2010/09/21 16:36:25.0206 i2omp (ed6bf9e441fdea13292a6d30a64a24c3) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2010/09/21 16:36:25.0237 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2010/09/21 16:36:25.0283 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys 2010/09/21 16:36:25.0345 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2010/09/21 16:36:25.0391 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys 2010/09/21 16:36:25.0422 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2010/09/21 16:36:25.0468 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys 2010/09/21 16:36:25.0499 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2010/09/21 16:36:25.0545 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2010/09/21 16:36:25.0591 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2010/09/21 16:36:25.0637 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2010/09/21 16:36:25.0668 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys 2010/09/21 16:36:25.0745 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2010/09/21 16:36:25.0776 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2010/09/21 16:36:25.0822 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2010/09/21 16:36:25.0868 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys 2010/09/21 16:36:25.0914 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys 2010/09/21 16:36:26.0052 mfeapfk (5cbf9d2fab2abc461b2f67c802f52543) C:\WINDOWS\system32\drivers\mfeapfk.sys 2010/09/21 16:36:26.0099 mfeavfk (10718b3eeb9e98c5b4aad7c0a23a9efa) C:\WINDOWS\system32\drivers\mfeavfk.sys 2010/09/21 16:36:26.0129 mfebopk (e665cff48e376b48d2cc84be1559f131) C:\WINDOWS\system32\drivers\mfebopk.sys 2010/09/21 16:36:26.0176 mfehidk (e2f200d38b72e47b88489e2c97dfd6d8) C:\WINDOWS\system32\drivers\mfehidk.sys 2010/09/21 16:36:26.0206 mferkdet (ef04236d1a4f9f672b5258de83e2ee35) C:\WINDOWS\system32\drivers\mferkdet.sys 2010/09/21 16:36:26.0252 mfetdik (d5a4b1ae4958ccfc66c1d17c1f42ba08) C:\WINDOWS\system32\drivers\mfetdik.sys 2010/09/21 16:36:26.0299 mmc_2K (ef513137587185f2726725ba1010c943) C:\WINDOWS\system32\drivers\mmc_2K.sys 2010/09/21 16:36:26.0345 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2010/09/21 16:36:26.0406 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys 2010/09/21 16:36:26.0468 motccgp (c741717b0a18813dd7d12085937cee72) C:\WINDOWS\system32\DRIVERS\motccgp.sys 2010/09/21 16:36:26.0514 motccgpfl (b812da6605caf02641312f1f65c75419) C:\WINDOWS\system32\DRIVERS\motccgpfl.sys 2010/09/21 16:36:26.0576 motmodem (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motmodem.sys 2010/09/21 16:36:26.0652 motport (54fee02961c70fd9d4d7e2f87afa23fa) C:\WINDOWS\system32\DRIVERS\motport.sys 2010/09/21 16:36:26.0729 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2010/09/21 16:36:26.0776 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2010/09/21 16:36:26.0822 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys 2010/09/21 16:36:26.0868 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2010/09/21 16:36:26.0914 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2010/09/21 16:36:26.0991 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2010/09/21 16:36:27.0037 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys 2010/09/21 16:36:27.0099 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2010/09/21 16:36:27.0145 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2010/09/21 16:36:27.0206 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys 2010/09/21 16:36:27.0252 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2010/09/21 16:36:27.0314 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys 2010/09/21 16:36:27.0360 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys 2010/09/21 16:36:27.0422 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys 2010/09/21 16:36:27.0468 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys 2010/09/21 16:36:27.0514 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys 2010/09/21 16:36:27.0560 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2010/09/21 16:36:27.0606 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2010/09/21 16:36:27.0668 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2010/09/21 16:36:27.0699 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys 2010/09/21 16:36:27.0745 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys 2010/09/21 16:36:27.0791 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys 2010/09/21 16:36:27.0852 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys 2010/09/21 16:36:27.0914 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys 2010/09/21 16:36:27.0976 NPF (6623e51595c0076755c29c00846c4eb2) C:\WINDOWS\system32\drivers\npf.sys 2010/09/21 16:36:28.0022 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys 2010/09/21 16:36:28.0114 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys 2010/09/21 16:36:28.0160 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2010/09/21 16:36:28.0299 nv (933a02052aed2da698811a14b7848faf) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2010/09/21 16:36:28.0406 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2010/09/21 16:36:28.0468 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2010/09/21 16:36:28.0560 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys 2010/09/21 16:36:28.0606 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys 2010/09/21 16:36:28.0637 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys 2010/09/21 16:36:28.0683 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2010/09/21 16:36:28.0745 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys 2010/09/21 16:36:28.0806 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2010/09/21 16:36:28.0852 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys 2010/09/21 16:36:29.0022 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2010/09/21 16:36:29.0068 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2010/09/21 16:36:29.0129 Pfc (444f122e68db44c0589227781f3c8b3f) C:\WINDOWS\system32\drivers\pfc.sys 2010/09/21 16:36:29.0206 pmem (fa292805788528c083f416e151b60ab6) C:\WINDOWS\system32\DRIVERS\pmemnt.sys 2010/09/21 16:36:29.0253 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2010/09/21 16:36:29.0299 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys 2010/09/21 16:36:29.0329 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2010/09/21 16:36:29.0376 pwd_2k (64515bc1d8737d05e09086ee6cabdc59) C:\WINDOWS\system32\drivers\pwd_2k.sys 2010/09/21 16:36:29.0422 PxHelp20 (f7bb4e7a7c02ab4a2672937e124e306e) C:\WINDOWS\system32\DRIVERS\PxHelp20.sys 2010/09/21 16:36:29.0468 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2010/09/21 16:36:29.0514 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2010/09/21 16:36:29.0560 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2010/09/21 16:36:29.0606 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2010/09/21 16:36:29.0637 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2010/09/21 16:36:29.0683 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2010/09/21 16:36:29.0729 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2010/09/21 16:36:29.0760 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2010/09/21 16:36:29.0791 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2010/09/21 16:36:29.0853 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2010/09/21 16:36:29.0883 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2010/09/21 16:36:29.0929 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2010/09/21 16:36:29.0991 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys 2010/09/21 16:36:30.0022 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys 2010/09/21 16:36:30.0114 RsiKtControl (2af65117091a47732f0997330e3daae6) C:\WINDOWS\system32\RSIKT.SYS 2010/09/21 16:36:30.0253 RSSERIAL (b089419975668e2a701178032d652a24) C:\WINDOWS\SYSTEM32\RSSERIAL.SYS 2010/09/21 16:36:30.0514 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2010/09/21 16:36:30.0591 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys 2010/09/21 16:36:30.0637 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys 2010/09/21 16:36:30.0714 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys 2010/09/21 16:36:30.0806 sisagp (732d859b286da692119f286b21a2a114) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2010/09/21 16:36:30.0853 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys 2010/09/21 16:36:30.0929 smwdm (9b8aeed0dc8198efb83d06baf2fab2e2) C:\WINDOWS\system32\drivers\smwdm.sys 2010/09/21 16:36:31.0006 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys 2010/09/21 16:36:31.0053 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS 2010/09/21 16:36:31.0099 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2010/09/21 16:36:31.0160 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys 2010/09/21 16:36:31.0237 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys 2010/09/21 16:36:31.0299 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys 2010/09/21 16:36:31.0314 sscdbhk5 (328e8bb94ec58480f60458fb4b8437a7) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2010/09/21 16:36:31.0360 ssrtln (7ec8b427cee5c0cdac066320b93f1355) C:\WINDOWS\system32\drivers\ssrtln.sys 2010/09/21 16:36:31.0422 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys 2010/09/21 16:36:31.0453 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys 2010/09/21 16:36:31.0499 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys 2010/09/21 16:36:31.0545 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2010/09/21 16:36:31.0606 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2010/09/21 16:36:31.0637 symmpi (75b645790c705d37d22a88dc5315eac5) C:\WINDOWS\system32\drivers\symmpi.sys 2010/09/21 16:36:31.0683 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2010/09/21 16:36:31.0729 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2010/09/21 16:36:31.0776 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys 2010/09/21 16:36:31.0853 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2010/09/21 16:36:31.0899 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys 2010/09/21 16:36:31.0945 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys 2010/09/21 16:36:31.0991 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys 2010/09/21 16:36:32.0068 tfsnboio (a03e3c621f8cc5751c46a4f671f7b7f4) C:\WINDOWS\system32\dla\tfsnboio.sys 2010/09/21 16:36:32.0176 tfsncofs (04d9d5db0e8339d75606c86b9cef5f4e) C:\WINDOWS\system32\dla\tfsncofs.sys 2010/09/21 16:36:32.0299 tfsndrct (bd09c104e02eb6a4afe3dd0af9b1cb17) C:\WINDOWS\system32\dla\tfsndrct.sys 2010/09/21 16:36:32.0391 tfsndres (5c984670fea565a9ec3855ff9c29f7cc) C:\WINDOWS\system32\dla\tfsndres.sys 2010/09/21 16:36:32.0483 tfsnifs (965c1af88c6528172cebe7674a37d8cd) C:\WINDOWS\system32\dla\tfsnifs.sys 2010/09/21 16:36:32.0591 tfsnopio (90aed91115eef3bab265e5f145a31def) C:\WINDOWS\system32\dla\tfsnopio.sys 2010/09/21 16:36:32.0699 tfsnpool (32a53cb321b8628d41e882223b2d0e4f) C:\WINDOWS\system32\dla\tfsnpool.sys 2010/09/21 16:36:32.0791 tfsnudf (f275b4c714300b6e018a57d6c555fb2c) C:\WINDOWS\system32\dla\tfsnudf.sys 2010/09/21 16:36:32.0899 tfsnudfa (5d85572f26db3ca565b9eababaaf074c) C:\WINDOWS\system32\dla\tfsnudfa.sys 2010/09/21 16:36:33.0037 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2010/09/21 16:36:33.0114 TWXWD (7395af1c1d50bd65a0797e0bf9d593db) C:\WINDOWS\system32\drivers\TWXWD.sys 2010/09/21 16:36:33.0176 UdfReadr_xp (227490c65313ad65ff0430209db20b58) C:\WINDOWS\system32\drivers\UdfReadr_xp.sys 2010/09/21 16:36:33.0206 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys 2010/09/21 16:36:33.0268 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2010/09/21 16:36:33.0329 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys 2010/09/21 16:36:33.0391 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys 2010/09/21 16:36:33.0437 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2010/09/21 16:36:33.0499 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2010/09/21 16:36:33.0545 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2010/09/21 16:36:33.0606 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2010/09/21 16:36:33.0668 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2010/09/21 16:36:33.0714 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2010/09/21 16:36:33.0745 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2010/09/21 16:36:33.0806 usb_rndisx (0ed867f3227383d7de971909cdec4d48) C:\WINDOWS\system32\DRIVERS\usb8023x.sys 2010/09/21 16:36:33.0837 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys 2010/09/21 16:36:33.0883 viaagp (d92e7c8a30cfd14d8e15b5f7f032151b) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2010/09/21 16:36:33.0945 ViaIde (59cb1338ad3654417bea49636457f65d) C:\WINDOWS\system32\DRIVERS\viaide.sys 2010/09/21 16:36:34.0022 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys 2010/09/21 16:36:34.0083 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2010/09/21 16:36:34.0145 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 2010/09/21 16:36:34.0237 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys 2010/09/21 16:36:34.0406 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS 2010/09/21 16:36:34.0483 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2010/09/21 16:36:34.0529 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2010/09/21 16:36:34.0606 ================================================================================ 2010/09/21 16:36:34.0606 Scan finished 2010/09/21 16:36:34.0606 ================================================================================ 2010/09/21 16:36:34.0622 Detected object count: 1 2010/09/21 16:36:45.0668 AFD (f92c6d162329a1367d71517c6b0de56c) C:\WINDOWS\System32\drivers\afd.sys 2010/09/21 16:36:45.0668 Suspicious file (Forged): C:\WINDOWS\System32\drivers\afd.sys. Real md5: f92c6d162329a1367d71517c6b0de56c, Fake md5: 55e6e1c51b6d30e54335750955453702 2010/09/21 16:36:46.0068 Backup copy found, using it.. 2010/09/21 16:36:46.0299 C:\WINDOWS\System32\drivers\afd.sys - will be cured after reboot 2010/09/21 16:36:46.0299 Rootkit.Win32.TDSS.tdl3(AFD) - User select action: Cure 2010/09/21 16:36:57.0022 Deinitialize success
-
Hello, I have a Windows XP SP2 workstation that has a root kit. I downloaded and installed MalwareBytes, but when I attempt to run it, it won't load. I have run SAS.com (SuperAntiSpyware Portable) on this machine and it finds a few things, tells me to reboot. After reboot I still cannot run MBAM. I have renamed the mbam.exe file to mbam1.exe and was able to run and scan the machine. But after a reboot, I attampted to name the exe back to normal (mbam.exe) and it still wont run. After reading thru a lot of posts, I think its best if I ask for some help on this. Please see the attached HJT log file. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:56:01 AM, on 9/21/2010 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\CDAC11BA.EXE C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE C:\Program Files\Rockwell Software\FactoryTalk Activation\flexsvr.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\lotus\notes\nsd.exe C:\Program Files\lotus\notes\nslsvice.exe C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe C:\WINDOWS\system32\mfevtps.exe C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe C:\Program Files\lotus\notes\ntmulti.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\pipc\BIN\pilogsrv.exe C:\Program Files\pipc\BIN\pinetmgr.exe C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE C:\Program Files\Common Files\Rockwell\RsvcHost.exe C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe C:\Program Files\CA\Unicenter Software Delivery\BIN\TRIGGAG.EXE C:\Program Files\RealVNC\VNC4\WinVNC4.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe C:\Program Files\pipc\BIN\pimsgss.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\SxpInst\sxplog32.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe C:\Program Files\McAfee\Common Framework\udaterui.exe C:\Program Files\IBM\Messages By IBM\ibmmessages.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe E:\EmsisoftEmergencyKit\start.exe E:\EMSISOFTEMERGENCYKIT\run\a2emergencykit.exe E:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://10.37.1.10/proxy.pac O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [sxplog] C:\SxpInst\sxpstub.exe O4 - HKLM\..\Run: [sDJobCheck] triggusr.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AMUpdate] C:\PROGRA~1\COMMON~1\CYCOSH~1\AMUPDA~1.EXE O4 - HKLM\..\Run: [usbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Client Access Service] "C:\Program Files\IBM\Client Access\cwbsvstr.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-20\..\Run: [EFI Job Monitor] C:\WINDOWS\TEMP\JobMonitor\JobMonitor.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-21-1343024091-920026266-839522115-14314\..\Run: [iBM RecordNow!] (User 'usdso-wininst') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.taurus O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://intercall.webex.com/client/T26L10NS...bex/ieatgpc.cab O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ame.pkg O17 - HKLM\Software\..\Telephony: DomainName = ame.pkg O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ame.pkg O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Lotus Notes Diagnostics - IBM Corp - C:\Program Files\lotus\notes\nsd.exe O23 - Service: Lotus Notes Single Logon - IBM Corp - C:\Program Files\lotus\notes\nslsvice.exe O23 - Service: McAfee Engine Service (McAfeeEngineService) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\mcshield.exe O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe O23 - Service: MotoConnect Service - Unknown owner - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: PIPC Log Server (pilogsrv) - OSIsoft, Inc. - C:\Program Files\pipc\BIN\pilogsrv.exe O23 - Service: PI Message Subsystem (pimsgss) - OSIsoft, Inc. - C:\Program Files\pipc\BIN\pimsgss.exe O23 - Service: PI Network Manager (pinetmgr) - OSIsoft, Inc. - C:\Program Files\pipc\BIN\pinetmgr.exe O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe O23 - Service: Unicenter Software Delivery (SDService) - Computer Associates International, Inc. - C:\Program Files\CA\Unicenter Software Delivery\BIN\SDSERV.EXE O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: Unigraphics Plot Server (ugiipqd) (ugiipqd) - Unigraphics Solutions, Inc - C:\WINDOWS\system32\spool\ugplot\ugiipqd.exe O23 - Service: Scalable WinINSTALL Master Agent (WIMASvc) - Scalable Software, Inc. - C:\Program Files\Scalable\WinINSTALL\Bin\WIMASvc.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe -- End of file - 11163 bytes