Jump to content

Recommended Posts

Hello All,

I contracted the "Windows Recovery" virus over the weekend. After running MBAM.exe I was able to remove at least most of this malware and make the PC functional again, except for a few nagging problems. I also ran unhide.exe to get toolbar and Favorites icons back. Any help with the remaining problems listed would be appreciated.

  • The Desktop will not display at all. I cannot save anything to the Desktop unless I do it through My Computer (My Computer still shows all the old Desktop icons). Right-clicking on the Desktop does not show any choices. When I right-click on the bottom toolbar and can choose "Show Desktop", but even then nothing is displayed.
  • I still see a few "Internet Script Errors" popping up.
  • User names and passwords are not remembered for Google and other internet forums. I cannot move between tabs on my Google homepage for this reason. I notice that the "Remember Me" selection is unchecked on each forum.

Thanks in advance,

Paul

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Thanks, Chris.

MBAM has been updated, ran the quick scan and got these results:

Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org

Database version: 6579

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

5/14/2011 3:58:04 PM

mbam-log-2011-05-14 (15-58-04).txt

Scan type: Quick scan

Objects scanned: 324880

Time elapsed: 1 hour(s), 14 minute(s), 31 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

c:\documents and settings\wheelerp\start menu\Programs\windows recovery (Trojan.FakeAV) -> Quarantined and deleted successfully.

Files Infected:

c:\documents and settings\wheelerp\start menu\Programs\windows recovery\uninstall windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

c:\documents and settings\wheelerp\start menu\Programs\windows recovery\windows recovery.lnk (Trojan.FakeAV) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Restarted the computer after running MBAM and my Desktop icons are showing up now - great!

Downloaded dds.scr and saved it to the Desktop, double-clicked on it, but all I see is Notepad with a lot of gobbledy-gook. I can't really tell if its scanning anything or not.

Link to post
Share on other sites

  • Staff

Hi,

My apologies for the delay.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Link to post
Share on other sites

OTL Extras logfile created on: 5/20/2011 8:14:07 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\wheelerp\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): C:\pagefile.sys 800 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.47 Gb Total Space | 20.18 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Drive D: | 675.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WIFA0118379 | User Name: wheelerp | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntivirus]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"4410:TCP" = 4410:TCP:LocalSubNet:Enabled:Automation License Management

"12345:TCP" = 12345:TCP:*:Enabled:Trend Micro OfficeScan Listener

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00060000-0000-1004-8002-0000C06B5161}" = WIBU-KEY Setup (WIBU-KEY Remove)

"{047BC977-015A-4339-B571-44CA33901F63}" = TIA Portal Single SetupPackage - HWConfig Single SetupPackage V10.5 + SP2

"{05BB8E07-3148-40FB-994C-F95E667DEB3D}" = MSXML 4.0

"{06960058-76A9-405D-8833-6D38BFC66979}" = OPC .NET API 2.00 Redistributables

"{08B33EF8-8F5E-42B1-8964-BD7D3BE996BC}" = S7-200 Toolbox: TP Designer 1.0

"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager

"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel

"{0D1CBBB9-F4A8-45B6-95E7-202BA61D7AF4}" = Microsoft Office Communicator 2007 R2

"{0D61D68B-DF5E-4635-82C7-B0C53F0A581B}" = Microsoft SQL Server 2005 Backward compatibility

"{0D9BD855-B1EB-4D81-87E2-73B143A68C40}" = CTSoft

"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA

"{134A51EB-1BBB-4249-BAF5-494C3D186A06}" = PKZIP Server for Windows 12.40.0008

"{18BBF24A-6D04-4CA4-B6B4-1CF372162EEC}" = Adobe Flash Player 10 ActiveX

"{19E00662-723E-4049-5CC5-000000000004}" = PKI Basic Client 4.0.1

"{1E8250AD-CC1B-43A4-9E75-321806D6F256}" = WinCC flexible Graphics

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F528948-0E80-4C96-B455-DE4167CB1DF7}" = Internal Network Card Power Management

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"{2609EDF1-34C4-4B03-B634-55F3B3BC4931}" = Configuration Manager Client

"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 17

"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (WINCCFLEXEXPRESS)

"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform

"{31C1839C-7967-469C-921D-0BEB49AC0652}" = Totally Integrated Automation Portal V10 - TIA Portal Single SetupPackage V10.5 + SP2

"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2

"{34540622-805E-4CC7-98CF-65A43E99CF4D}" = RSLinx

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{36014B69-72EF-484B-B04E-1DB4450C23C0}" = SIMATIC S7-Technology V4.1 + SP1

"{36038E53-19DF-48EB-A2A8-76F753575CCB}" = Motion Perfect 2

"{36F8A5A0-64DD-493F-9E91-F40D9862EC49}" = CA 01 - the Offline Mall of Siemens Energy & Automation 02-2008

"{37F822E3-B56D-4131-8E3D-0A6753DFB8A5}" = TIA Portal Single SetupPackage - S7BASUCL V10.5 + SP12

"{3EB30640-F847-4F59-AF74-837D0FD02B73}" = TIA Portal Single SetupPackage - WinCC Single SetupPackage V10.5 + SP2

"{42590FE2-6BD0-429E-8F83-B490B5E51564}" = Simatic WinCC flexible 2008 SP2

"{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{45534579-B75B-4A42-953B-2EF8E1DEB4F3}" = Microsoft XML Parser

"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials

"{4cb16094-f92a-49a9-9f10-60a109ebdacd}" = WIMGAPI

"{5081528F-5DD5-49BA-8213-9A6A13502497}" = Sentinel System Driver 5.41.1 (32-bit)

"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)

"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE3-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE4-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE5-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE6-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE7-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE8-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEE9-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEEA-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEEB-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEEC-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5545EEED-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA

"{5783F2D7-0101-0409-0000-0060B0CE6BBA}" = AutoCAD 2002

"{5783F2D7-9029-0409-0002-0060B0CE6BBA}" = AutoCAD ecscad 2011

"{5783F2D7-9029-0409-1002-0060B0CE6BBA}" = AutoCAD ecscad 2011 Language Pack - English

"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3

"{5B4264F5-F898-4D79-8EF5-8F373202B650}" = Motion Perfect 2

"{5BCC634A-58AD-42F9-B3C6-2EA52F81CF85}" = Snagit 10

"{6378DF92-255F-4357-9264-1EC65EAC82E5}" = Trio USB driver

"{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"{66F62657-25A2-4839-BFC2-4400861D810E}" = SIMATIC S7-PLCSIM V5.4 + SP4 Professional 2010

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.1

"{689404D2-1C94-44B3-9203-BEC5594FDA7A}" = Microsoft SQL Server Desktop Engine (SIEMENSSIZER)

"{6B8B4BE3-680C-4F72-8906-6A2D317DD66A}" = PLC WorkShop for S5 - Performance Series

"{6C64AB8C-F78B-45C0-98E3-6DE9702E0225}" = Microsoft Office Live Meeting 2007

"{6DEF11C0-35FF-4160-A543-FDD336C4DAE5}" = Microsoft SQL Server 2005 Express Edition (WINCCPLUS)

"{721ABC3B-5F12-4332-9C0C-C11424EF666C}" = WIMGAPI

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{73E87740-85F1-11D1-B2C1-006008AA7622}" = PowerTools-FM

"{74EC78BC-B379-4E29-9006-8F161DCAABA6}" = Apple Software Update

"{75F9DAD1-792C-44E9-B48B-2E22C76E0CBF}" = OPC Core Components Redistributable

"{797BECC8-1C8B-4350-A98A-26CDA24532E6}" = Motion Perfect 2

"{7B4174E8-FE92-4269-808A-3B8D116D9538}" = Advanced Security for Outlook

"{81EDB8C2-A6A8-4F05-878D-D17C637ACDBB}" = Alternatiff Plug-In

"{82CE6B7B-9665-4E29-8CE0-DD993484B38D}" = Intel® PROSet/Wireless WiFi Software

"{8DC3CBC2-2B1C-4D53-965E-F2E5D727B5B1}" = SIMATIC STEP 7-Micro/WIN 32 V3.2.4.27

"{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)

"{8F3A9039-0C3E-11D5-BB74-0060971D5D0E}" = EPSON RC+ 4.0

"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90520409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Viewer 2003 (English)

"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool

"{95120000-0038-0409-0000-0000000FF1CE}" = Time Zone Data Update Tool for Microsoft Office Outlook

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{951B0F30-9F1A-4BF6-B3DA-99EB0E917B1C}" = FARO LS 1.1.406.58

"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow! Plus

"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime

"{96F139DE-C33E-4FCC-A72B-684BF899F679}" = SIMATIC S7-SCL V5.3 + SP5 Professional 2006 SR5

"{987CAEDE-EB67-4D5A-B0C0-AE0640A17B5F}" = Microsoft Conferencing Add-in for Microsoft Office Outlook

"{9996EED1-3F54-44F7-9E39-F92FE60003A5}" = C3MGR V 1.4.4.16 RELEASE 2004 2-9

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9BC2391F-FBCA-4F06-8E6C-FB1BB119A9EF}" = MINITAB Release 14

"{9DEABCB6-B759-4D52-92F8-51B34A2B4D40}" = Autodesk Material Library 2011

"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver

"{9FFAA2B0-E239-11D0-B491-004095AA7487}" = AMTECH ProDesign NEC version

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser

"{A4A4567C-5C29-4756-992D-F84D8250C435}" = VC User 71 RTL X86 ---

"{ABE2EE7E-11F7-4374-B86B-CB75A5F276B0}" = TIA Portal Single SetupPackage - WINCCBASUCL V10.5 + SP12

"{ABF01487-BE35-464C-AA3D-0ABDF51CAAF5}" = Control Techniques Communications Server

"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.1

"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290

"{B3372270-9C79-42D7-BF46-00755A0C1A87}" = SIMATIC STEP 7 V5.5 Professional 2010

"{B4938B26-C719-4AAF-A63C-15AF6AC210BE}" = SIMATIC WinCC flexible Runtime 2008 SP2

"{B510A987-487E-4C66-9F4F-D386AC275715}" = TextPad 4.7

"{B51F9715-B072-447B-9C70-C2D7762D06A4}" = PC Interface Software for X-SEL

"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger

"{B7FEEEC2-76AD-493E-9ACA-CD3B155778BA}" = E-Designer 7

"{BBC30525-7E2E-4525-83BD-948BAFAB72A8}" = Motion Perfect 2

"{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C111BA56-9ACF-42FD-92D6-ED75618AB22E}" = SIMATIC S7-PCT V2.1 Professional 2010

"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet

"{C6552C44-AB11-4DB8-AE07-321E4B03BF4A}" = SIMATIC iMap - STEP7 AddOn V3.0 + SP1

"{CB23DA03-E5BF-4789-ADF0-9662577D6742}" = promis-e Standalone 5.05

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CCC01ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Device Drivers

"{CCC02ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC LanguageSupportTool

"{CCC02FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI Symbol Library

"{CCC04ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Colour Editor

"{CCC05ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Interface Editor

"{CCC07ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC Version View

"{CCC15FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI ProSave

"{CCC16FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible OCX

"{CCC22ADD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC SCL Compiler

"{CCC22FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC HMI License Manager Panel Plugin

"{CCC59FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible Tag Simulator

"{CCC60FDD-3A54-11D6-92A8-00A0245B3AC6}" = SIMATIC WinCC flexible Simulator

"{CD1E078C-A6B9-47DA-B035-6365C85C7832}" = Autodesk Material Library 2011 Base Image library

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86

"{CEECF731-3F08-4210-8073-7E87F58C01D3}" = Microsoft Office Communicator 2007 R2, MUI

"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD

"{D7EC8A27-CDA2-46AE-8A26-4104A04FA5BE}" = 32 Bit HP CIO Components Installer

"{D8C0B866-2FF9-11D8-BA57-0090CC0D7BA0}" = GP-PRO/PBIII C-Package03

"{DC62C484-A0B2-421A-9A0F-1ABFE1E10D71}" = TIA Portal Single SetupPackage - STEP 7 Single SetupPackage V10.5 + SP2

"{E151F944-3FCB-46F6-AE4A-D84CF22C82EB}" = AutoCAD ecscad 2011

"{E2A91BF5-FE48-46CF-A1BE-F639D21D06C2}" = SIMATIC S7-GRAPH V5.3 + SP6 Professional 2006 SR5

"{E44BD710-B71A-11d3-9F79-006008A88EC8}" = VBA

"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call

"{E85D273D-7191-4232-99C8-FA1703A384D1}" = Siemens Automation License Manager V5.0 + SP1 Professional 2010

"{E9DD8350-836D-4DF8-9291-621DBD91DAB3}" = Prosave V7.4 incl. SP6

"{E9F44C98-B8B6-480F-AF7B-E42A0A46F4E3}" = Microsoft SQL Server VSS Writer

"{EC347206-B5CB-4758-BA21-E68DBDDB60F4}" = Motion Perfect 2

"{ECB6B9FC-22AB-11D5-93A0-000102DD43D4}" = SIMATIC NET PC Software V6.1 B3045

"{ED7DFC69-2B9A-4A1F-9F50-8AB89B688EBA}" = AutoCAD 2011 VBA Enabler

"{EE60EC03-ABFA-47CB-9963-625AE707885E}" = SIMATIC S7 CP PtP Param V5.1 + SP11

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F1D4FDEE-BB94-4C17-8BB0-AC06DAF854BD}" = TIA Portal Single SetupPackage - HW Module Base Package V10.5 + HF1

"{F8B702AB-DE88-428C-AFD1-EDE9B94D9B1D}" = RSLogix 500 English

"{F9B3DD02-B0B3-42E9-8650-030DFF0D133D}" = Microsoft SQL Server Native Client

"{FF0E78A9-AB99-4E58-881F-7D456E500F40}" = SAP WebApps

"7-Zip" = 7-Zip 9.03 alpha

"ActiveTouchMeetingClient" = WebEx

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe SVG Viewer" = Adobe SVG Viewer 3.0

"Allway Sync_is1" = Allway Sync version 10.1.1

"AnswerWorks" = AnswerWorks Runtime

"ATI Display Driver" = ATI Display Driver

"AuthorsW" = SIMATIC AuthorsW V2.5 + ServicePack 1

"AutoCAD ecscad 2011" = AutoCAD ecscad 2011

"AXIMA" = AXIMA

"CentraOneClient" = CentraOne

"CFC" = SIMATIC CFC V7.0 + SP1 + HF3

"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D110 MDC V.9x Modem

"DayLight Screen Saver" = DayLight Screen Saver

"D-Fend Reloaded" = D-Fend Reloaded 0.4.1 (deinstall)

"Dial-In NetWorking (P.A.L.) v4.31" = Dial-In NetWorking (P.A.L.) v4.31

"DriveES DriveMonitor" = DriveMonitor V5.1 + ServicePack 1 + Hotfix 3

"DriveES Micromaster" = Drives: MICRO-/MIDI-/COMBIMASTER V5.1 + ServicePack 1

"DriveES SIMOREG" = Drives: SIMOREG V5.1 + ServicePack 1 + Hotfix 3

"DriveES SIMOVERT" = Drives: SIMOVERT V5.1 + ServicePack 1 + Hotfix 3

"DriveES_SIMADYND" = Drives: SIMADYN D V5.1 + ServicePack 1 + Hotfix 1

"EasyViewer" = EasyViewer

"FANUC Robotics PC FileServices" = FANUC Robotics PC FileServices

"FROLSuninst" = FANUC Robotics Off-line Support

"FRRSuninst" = FANUC Robotics Robot Server

"FTDICOMM" = FTDI USB Serial Converter Drivers

"FWOCX" = SIMATIC ProTool/Pro V6.0 Common Files

"IAICOMM&10C4&81D7" = IAI USB to UART Bridge Controller

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"IE" = IE

"ie7" = Windows Internet Explorer 7

"InstallShield_{0D9BD855-B1EB-4D81-87E2-73B143A68C40}" = CTSoft

"InstallShield_{25D24E84-64A9-40D2-85CF-540B1C4A6D52}" = Broadcom ASF Management Applications

"InstallShield_{36F8A5A0-64DD-493F-9E91-F40D9862EC49}" = CA 01 - the Offline Mall of Siemens Energy & Automation 02-2008

"InstallShield_{42590FE2-6BD0-429E-8F83-B490B5E51564}" = SIMATIC WinCC flexible 2008 SP2

"InstallShield_{64A77F14-0E08-4A97-A859-E93CFF428756}" = Broadcom Advanced Control Suite 2

"InstallShield_{9996EED1-3F54-44F7-9E39-F92FE60003A5}" = C3MGR V 1.4.4.16 RELEASE 2004 2-9

"InstallShield_{CB23DA03-E5BF-4789-ADF0-9662577D6742}" = promis-e Standalone 5.05

"Lotus Notes" = Lotus Notes

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MCRAILRMT10011E" = FANUC M6.10 and Later R-J3iB Mate Documentation

"Micromaster4xx" = Drives: MICROMASTER 4xx V3.0

"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Motion Planner" = Motion Planner

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"OfficeScanNT" = Trend Micro OfficeScan Client

"PC Adapter USB" = SIMATIC PC Adapter USB V1.1

"PDF Combine_is1" = PDF Combine

"PowerTools Pro - 4.3a " = PowerTools Pro - 4.3a

"PowerTools Pro - v5.0a " = PowerTools Pro - v5.0a

"ProInst" = Intel PROSet Wireless

"Rainbow Sentinel Driver" = Sentinel System Driver

"RDC" = RDC

"SAPClient" = EASY for mySAP Client ENTERPRISE.+

"SAPGUI710" = SAP GUI 7.10

"Siemens Totally Integrated Automation Portal V10" = Siemens Totally Integrated Automation Portal V10

"SIMATIC ProTool V6.0" = SIMATIC ProTool V6.0 + ServicePack 3

"SIMOTION SCOUT CONFIG" = SIMATIC S7T Config V4.1.2.0

"SWnD5-GPPW" = GX Developer

"Time Sheets Pro v6.5" = Time Sheets Pro v6.5

"VBSdoc" = VBScript Documentation

"Volo View Express" = Volo View Express

"Windows XP Service Pack" = Windows XP Service Pack 3

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinZip" = WinZip

"Xmingw32" = Xmingw32 (remove only)

"XwpUninstKeyXLitePro" = XLitePro

========== Last 10 Event Log Errors ==========

[ Application Events ]

Error - 5/20/2011 7:52:12 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:52:12 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:52:12 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:52:23 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:09 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:10 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:10 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:11 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:11 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

Error - 5/20/2011 7:54:12 PM | Computer Name = WIFA0118379 | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

with error: This network connection does not exist.

[ System Events ]

Error - 5/20/2011 7:44:34 PM | Computer Name = WIFA0118379 | Source = Schannel | ID = 36870

Description = A fatal error occurred when attempting to access the SSL server credential

private key. The error code returned from the cryptographic module is 0x80090016.

Error - 5/20/2011 7:44:42 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:44:42 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:44:42 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:45:15 PM | Computer Name = WIFA0118379 | Source = Service Control Manager | ID = 7026

Description = The following boot-start or system-start driver(s) failed to load:

Haspnt

Error - 5/20/2011 7:52:40 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:52:41 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:52:41 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The machine-default permission settings do not grant Local Activation

permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission

can be modified using the Component Services administrative tool.

Error - 5/20/2011 7:55:22 PM | Computer Name = WIFA0118379 | Source = DCOM | ID = 10016

Description = The application-specific permission settings do not grant Local Launch

permission for the COM Server application with CLSID {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}

to the user NT AUTHORITY\SYSTEM SID (S-1-5-18). This security permission can be

modified using the Component Services administrative tool.

Error - 5/20/2011 7:59:34 PM | Computer Name = WIFA0118379 | Source = W32Time | ID = 39452701

Description = The time provider NtpClient is configured to acquire time from one

or more time sources, however none of the sources are currently accessible. No attempt

to contact a source will be made for 29 minutes. NtpClient has no source of accurate

time.

[ WinCCLog Events ]

Error - 1/28/2008 8:35:22 AM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 1/28/2008 7:35:18 AM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 2/4/2008 7:04:53 AM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 2/4/2008 6:04:46 AM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 2/6/2008 6:29:14 PM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 2/6/2008 5:29:10 PM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: An existing connection was

forcibly closed by the remote host Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.Receive(Byte[] buffer, Int32 offset,

Int32 size, SocketFlags socketFlags) at System.Runtime.Remoting.Channels.SocketStream.Read(Byte[]

buffer, Int32 offset, Int32 size) at System.Runtime.Remoting.Channels.SocketHandler.ReadFromSocket(Byte[]

buffer, Int32 offset, Int32 count) at System.Runtime.Remoting.Channels.SocketHandler.BufferMoreData()

at System.Runtime.Remoting.Channels.SocketHandler.Read(Byte[] buffer, Int32 offset,

Int32 count) at System.Runtime.Remoting.Channels.SocketHandler.ReadAndMatchFourBytes(Byte[]

buffer) at System.Runtime.Remoting.Channels.Tcp.TcpSocketHandler.ReadVersionAndOperation(UInt16&

operation) at System.Runtime.Remoting.Channels.Tcp.TcpClientSocketHandler.ReadHeaders()

at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 11/3/2008 4:47:43 PM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 11/3/2008 3:47:41 PM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 11/5/2008 3:28:54 PM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 11/5/2008 2:28:50 PM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 5/4/2009 11:33:36 AM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 5/4/2009 11:33:34 AM Windows Identity:SYLVANIA\mehrer

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 8/9/2009 8:41:41 AM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 8/9/2009 8:41:39 AM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid,

Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 10/28/2010 1:47:35 PM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 10/28/2010 1:47:35 PM Windows Identity:SYLVANIA\langfels

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String

machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

Error - 3/18/2011 1:39:04 PM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 3/18/2011 1:39:00 PM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: The Undo operation encountered

a context that is different from what was applied in the corresponding Set operation.

The possible cause is that a context was Set on the thread and not reverted(undone).

Exception

Type: System.InvalidOperationException HelpLink: NULL Source: mscorlib TargetSite:

Void Undo() StackTrace Information -------------------------------------------

at System.Threading.SynchronizationContextSwitcher.Undo() at System.Threading.ExecutionContextSwitcher.Undo()

at System.Threading.ExecutionContext.runFinallyCode(Object userData, Boolean

exceptionThrown) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteBackoutCodeHelper(Object

backoutCode, Object userData, Boolean exceptionThrown) at System.Runtime.CompilerServices.RuntimeHelpers.ExecuteCodeWithGuaranteedCleanup(TryCode

code, CleanupCode backoutCode, Object userData) at System.Threading.ExecutionContext.RunInternal(ExecutionContext

executionContext, ContextCallback callback, Object state) at System.Threading.ExecutionContext.Run(ExecutionContext

executionContext, ContextCallback callback, Object state) at System.Net.ContextAwareResult.Complete(IntPtr

userToken) at System.Net.LazyAsyncResult.ProtectedInvokeCallback(Object result,

IntPtr userToken) at System.Net.Sockets.BaseOverlappedAsyncResult.CompletionPortCallback(UInt32

errorCode, UInt32 numBytes, NativeOverlapped* nativeOverlapped) at System.Threading._IOCompletionCallback.PerformIOCompletionCallback(UInt32

errorCode, UInt32 numBytes, NativeOverlapped* pOVERLAP)

Error - 4/26/2011 11:10:55 AM | Computer Name = WIFA0118379 | Source = SystemDiagnosis.DiagnosisClasses | ID = 0

Description = General Information ------------------------------- Machine Name:

WIFA0118379 Time Stamp: 4/26/2011 11:10:54 AM Windows Identity:SYLVANIA\wheelerp

Exception

Information ---------------------------------- Message: No connection could be made

because the target machine actively refused it 127.0.0.1:8085 Exception Type: System.Net.Sockets.SocketException

HelpLink:

NULL Source: mscorlib TargetSite: Void HandleReturnMessage(System.Runtime.Remoting.Messaging.IMessage,

System.Runtime.Remoting.Messaging.IMessage) StackTrace Information -------------------------------------------

Server

stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot,

SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)

at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint

ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket()

at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String

machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage

msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders&

responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage

msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage

reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData&

msgData, Int32 type) at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.TraceServerDispatcher.Ping()

at Siemens.Simatic.Hmi.Utah.SystemDiagnosis.Tracer.Connect(Int32 pid)

< End of report >

Link to post
Share on other sites

OTL logfile created on: 5/20/2011 8:13:33 PM - Run 1

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\wheelerp\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free

3.00 Gb Paging File | 2.00 Gb Available in Paging File | 69.00% Paging File free

Paging file location(s): C:\pagefile.sys 800 1600 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 74.47 Gb Total Space | 20.18 Gb Free Space | 27.10% Space Free | Partition Type: NTFS

Drive D: | 675.96 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WIFA0118379 | User Name: wheelerp | NOT logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/20 20:01:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wheelerp\Desktop\OTL.exe

PRC - [2010/08/12 17:39:50 | 000,870,712 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\PccNTMon.exe

PRC - [2010/08/04 22:04:36 | 001,580,640 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmListen.exe

PRC - [2010/08/04 21:57:30 | 001,459,872 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\NTRtScan.exe

PRC - [2010/06/29 10:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe

PRC - [2010/06/14 22:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe

PRC - [2010/06/07 08:57:18 | 001,576,072 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe

PRC - [2010/06/07 08:57:18 | 000,240,776 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe

PRC - [2010/06/03 02:29:48 | 000,102,453 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\S7UBTOOX\S7ubTstx.exe

PRC - [2010/06/02 17:47:44 | 000,069,685 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe

PRC - [2010/05/06 11:25:40 | 001,102,848 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\SWS\almsrv\almsrvx.exe

PRC - [2010/04/24 23:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe

PRC - [2010/04/20 03:38:42 | 000,118,784 | ---- | M] (SIEMENS AG) -- C:\Program Files\Siemens\SIMATIC WinCC flexible\WinCC flexible 2008\HmiSmartStart.exe

PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

PRC - [2009/11/17 11:04:02 | 000,364,544 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\Automation\Portal V10\Bin\Siemens.Automation.ObjectFrame.FileStorage.Server.exe

PRC - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe

PRC - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe

PRC - [2009/11/03 15:45:48 | 001,372,160 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe

PRC - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe

PRC - [2009/11/03 15:35:14 | 001,202,448 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe

PRC - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

PRC - [2009/10/15 11:54:40 | 000,181,584 | ---- | M] (Siemens AG) -- C:\Program Files\Common Files\Siemens\AlmPanelPlugin\ALMPanelPlugin.exe

PRC - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\CCM\CcmExec.exe

PRC - [2009/09/02 02:01:30 | 000,122,880 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\CardOS API\bin\siecacst.exe

PRC - [2009/04/03 12:44:08 | 000,435,584 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\OfficeScan Client\CNTAoSMgr.exe

PRC - [2008/11/13 09:33:54 | 000,097,128 | ---- | M] (Microsoft Corp.) -- C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe

PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/07/26 16:21:16 | 000,098,304 | ---- | M] (SIEMENS AG) -- C:\WINDOWS\system32\SNTIESV.EXE

PRC - [2007/04/02 19:51:56 | 000,083,512 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Common Files\Siemens\SQLANY\dbsrv9.exe

PRC - [2004/11/10 13:54:48 | 000,598,016 | ---- | M] () -- C:\Program Files\Dell\QuickSet\quickset.exe

PRC - [2004/09/29 10:53:02 | 001,507,600 | ---- | M] (Rockwell Software, Inc.) -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE

PRC - [2004/09/13 18:33:20 | 000,155,648 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe

PRC - [2004/08/19 16:40:08 | 000,045,056 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApntEx.exe

PRC - [2004/04/01 20:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) -- C:\WINDOWS\system32\BAsfIpM.exe

PRC - [2003/05/06 14:13:32 | 000,118,784 | ---- | M] (Rockwell Software Inc.) -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE

PRC - [2002/12/11 16:55:38 | 000,069,632 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\_koss.exe

PRC - [2002/12/11 16:36:44 | 000,086,016 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\_simpcmon.exe

PRC - [2002/12/11 16:34:10 | 000,978,944 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\sservcfg.exe

PRC - [2002/12/11 16:30:34 | 000,339,968 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\scorecfg.exe

PRC - [2002/12/05 17:37:30 | 000,106,496 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\serv1613.exe

PRC - [2002/12/05 17:35:42 | 000,081,920 | ---- | M] (Siemens AG) -- C:\WINDOWS\system32\softpbpp.exe

PRC - [2002/12/05 17:08:08 | 000,086,016 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\ci_serv.exe

PRC - [2002/12/05 17:01:02 | 000,098,304 | ---- | M] (Siemens AG) -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\sim9sync.exe

PRC - [2002/11/28 16:22:32 | 000,344,124 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe

PRC - [2002/11/28 15:58:34 | 000,331,776 | ---- | M] (SIEMENS AG) -- C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe

========== Modules (SafeList) ==========

MOD - [2011/05/20 20:01:39 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\wheelerp\Desktop\OTL.exe

MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MOD - [2008/04/14 05:41:54 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\framedyn.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (magaService)

SRV - [2011/03/23 08:49:43 | 001,045,256 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2010/08/04 22:04:36 | 001,580,640 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe -- (tmlisten)

SRV - [2010/08/04 21:57:30 | 001,459,872 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe -- (ntrtscan)

SRV - [2010/06/29 10:20:40 | 000,497,080 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmPfw.exe -- (TmPfw)

SRV - [2010/06/14 22:34:30 | 000,345,424 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe -- (TMBMServer)

SRV - [2010/06/07 08:57:18 | 001,576,072 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\S7IEPG\s7oiehsx.exe -- (s7oiehsx)

SRV - [2010/06/07 08:57:18 | 000,240,776 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\Automation\TraceEngine\bin\S7TraceServiceX.exe -- (S7TraceServiceX)

SRV - [2010/06/02 17:47:44 | 000,069,685 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Siemens\Step7\S7BIN\s7asysvx.exe -- (s7asysvx)

SRV - [2010/05/06 11:25:40 | 001,102,848 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\sws\almsrv\almsrvx.exe -- (almservice)

SRV - [2010/04/24 23:36:36 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand | Running] -- C:\Program Files\Trend Micro\OfficeScan Client\TmProxy.exe -- (TmProxy)

SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)

SRV - [2009/11/03 15:48:54 | 000,874,768 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel®

SRV - [2009/11/03 15:45:52 | 000,348,160 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel®

SRV - [2009/11/03 15:42:00 | 000,909,312 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) Intel®

SRV - [2009/11/03 15:33:48 | 000,473,360 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel®

SRV - [2009/09/18 04:00:00 | 000,764,768 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec)

SRV - [2009/09/18 04:00:00 | 000,246,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\System32\CCM\TSManager.exe -- (smstsmgr)

SRV - [2009/02/05 03:04:08 | 000,139,488 | ---- | M] (OPC Foundation) [On_Demand | Stopped] -- C:\WINDOWS\system32\OpcEnum.exe -- (OpcEnum)

SRV - [2007/07/26 16:21:16 | 000,098,304 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\WINDOWS\system32\SNTIESV.EXE -- (SNTIESV)

SRV - [2004/09/29 10:53:02 | 001,507,600 | ---- | M] (Rockwell Software, Inc.) [Auto | Running] -- C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE -- (RSLinx)

SRV - [2004/04/01 20:05:48 | 000,077,824 | ---- | M] (Broadcom Corp.) [Auto | Running] -- C:\WINDOWS\system32\BAsfIpM.exe -- (BAsfIpM)

SRV - [2003/05/06 14:13:32 | 000,118,784 | ---- | M] (Rockwell Software Inc.) [On_Demand | Running] -- C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE -- (Harmony)

SRV - [2002/12/11 16:44:36 | 000,421,888 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binpd\scorepd.exe -- (SIMATIC NET Core Server PD)

SRV - [2002/12/11 16:44:10 | 000,389,120 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bindp2\scoredp2.exe -- (SIMATIC NET Core Server DP2)

SRV - [2002/12/11 16:43:44 | 000,536,576 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binsnmp\scoresnmp.exe -- (SIMATIC NET Core Server SNMP)

SRV - [2002/12/11 16:41:56 | 000,487,500 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binPN\scorepn.exe -- (SIMATIC NET Core Server PN)

SRV - [2002/12/11 16:41:04 | 000,524,288 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binDP\scoredp.exe -- (SIMATIC NET Core Server DP)

SRV - [2002/12/11 16:40:34 | 000,438,272 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binFDL\scorefdl.exe -- (SIMATIC NET Core Server FDL)

SRV - [2002/12/11 16:40:10 | 000,688,128 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binS7\scores7.exe -- (SIMATIC NET Core Server S7)

SRV - [2002/12/11 16:39:30 | 000,491,520 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binSR\scoresr.exe -- (SIMATIC NET Core Server SR)

SRV - [2002/12/11 16:39:00 | 000,458,752 | ---- | M] (Siemens AG) [On_Demand | Stopped] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\binFMS\scorefms.exe -- (SIMATIC NET Core Server FMS)

SRV - [2002/12/11 16:34:10 | 000,978,944 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\sservcfg.exe -- (SIMATIC NET Configuration Service)

SRV - [2002/12/11 16:30:34 | 000,339,968 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\opc2\bincfg\scorecfg.exe -- (SIMATIC NET Configuration Server)

SRV - [2002/12/05 17:37:30 | 000,106,496 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\serv1613.exe -- (Serv1613)

SRV - [2002/12/05 17:35:42 | 000,081,920 | ---- | M] (Siemens AG) [Auto | Running] -- C:\WINDOWS\system32\softpbpp.exe -- (SIMATIC NET SNPB P&P Service)

SRV - [2002/12/05 17:08:08 | 000,086,016 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\SIEMENS\SIMATIC.NET\SimNetCom\ci_serv.exe -- (ci_serv)

SRV - [2002/12/05 17:01:02 | 000,098,304 | ---- | M] (Siemens AG) [Auto | Running] -- C:\Program Files\Siemens\SIMATIC.NET\SimNetCom\sim9sync.exe -- (sim9sync)

SRV - [2002/11/28 16:22:32 | 000,344,124 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\s7wnrmsx\s7wnrmsx.exe -- (SIMATIC NET RouteManager)

SRV - [2002/11/28 15:58:34 | 000,331,776 | ---- | M] (SIEMENS AG) [Auto | Running] -- C:\Program Files\Common Files\Siemens\s7wnsmsx\s7wnsmsx.exe -- (StatMgr)

SRV - [2002/11/20 16:43:44 | 000,127,045 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ACE\Bin\CCEClient.exe -- (CCEClient)

SRV - [2002/11/20 16:43:34 | 000,114,757 | ---- | M] (SIEMENS AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Siemens\ACE\Bin\CCEServer.exe -- (CCEServer)

SRV - [2002/10/16 10:07:18 | 000,159,744 | ---- | M] (Tangram

Link to post
Share on other sites

Hi,

My apologies for the delay.

Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • Click Run Scan and let the program run uninterrupted.
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.

Chris,

See the previous two posts for the two logs you asked for. Thanks for the help.

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.