Tech Support Forum - View Single Post - Pop Ups

laughalot · 12-10-2007, 09:02 AM

Here are the exe's that popped up in task manager:

swreg.cfexe
hidfind.exe
findstr.exe
sed.cfexe
vfind.cfexe

I was not able to always end them, they would appear then disappear in TaskM. I did keep getting a windows popup stating "This application has failed to start because detoured.dll was not found. Re-installing the application may fix this problem."

Here are the log files:

ComboFix 07-12-09.1 - lcramer 2007-12-10 9:18:43.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.595 [GMT -5:00]
* Created a new restore point
.
Rootkit driver pe386 is present. ... attempting disinfection
Rootkit driver msguard is present. ... attempting disinfection
pe386 ...... driver unloaded successfully.
msguard ...... driver unloaded successfully.

((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 )))))))))))))))))))))))))))))))
.

2007-12-05 12:18 . 2007-12-05 12:18 <DIR> d-------- C:\Program Files\Trend Micro
2007-12-05 11:51 . 2007-12-05 11:51 <DIR> d-------- C:\ie-spyad_zo
2007-12-05 11:44 . 2007-12-05 11:44 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-12-05 11:36 . 2007-12-05 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2007-12-05 11:22 . 2007-12-05 11:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-12-05 11:22 . 2007-12-05 11:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2007-12-05 11:22 . 2007-12-05 11:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2007-12-05 11:22 . 2007-12-05 11:42 1,406 --a------ C:\WINDOWS\system32\Help.ico
2007-12-03 16:13 . 2007-12-03 16:14 <DIR> d-------- C:\Documents and Settings\bblakeney\Application Data\Autodesk
2007-12-03 16:11 . 2006-04-28 21:24 <DIR> d-------- C:\Documents and Settings\bblakeney\Application Data\Intel
2007-11-29 13:40 . 2007-11-29 13:40 <DIR> d-------- C:\Program Files\RealVNC
2007-11-28 12:15 . 2006-04-28 21:24 <DIR> d-------- C:\Documents and Settings\arodgers\Application Data\Intel
2007-11-20 15:00 . 2007-10-18 21:14 184,080 --a------ C:\WINDOWS\system32\drivers\ino_fltr.sys
2007-11-20 15:00 . 2007-08-06 22:07 27,536 --a------ C:\WINDOWS\system32\drivers\ino_flpy.sys
2007-11-20 14:59 . 2007-11-20 14:59 <DIR> d-------- C:\WINDOWS\system32\Debug
2007-11-20 13:04 . 2007-11-26 09:46 <DIR> d-------- C:\DEDUCT

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-09 16:02 996 ----a-w C:\reg5.reg
2007-11-09 16:02 654 ----a-w C:\reg30.reg
2007-11-09 16:02 6,844 ----a-w C:\reg19.reg
2007-11-09 16:02 6,668 ----a-w C:\reg29.reg
2007-11-09 16:02 572 ----a-w C:\reg28.reg
2007-11-09 16:02 5,068 ----a-w C:\reg20.reg
2007-11-09 16:02 426 ----a-w C:\reg33.reg
2007-11-09 16:02 322 ----a-w C:\reg23.reg
2007-11-09 16:02 314 ----a-w C:\reg43.reg
2007-11-09 16:02 300 ----a-w C:\reg21.reg
2007-11-09 16:02 3,490 ----a-w C:\reg1.reg
2007-11-09 16:02 28,564 ----a-w C:\reg18.reg
2007-11-09 16:02 278 ----a-w C:\reg38.reg
2007-11-09 16:02 276 ----a-w C:\reg32.reg
2007-11-09 16:02 248 ----a-w C:\reg44.reg
2007-11-09 16:02 248 ----a-w C:\reg42.reg
2007-11-09 16:02 248 ----a-w C:\reg41.reg
2007-11-09 16:02 248 ----a-w C:\reg40.reg
2007-11-09 16:02 230 ----a-w C:\reg2.reg
2007-11-09 16:02 212 ----a-w C:\reg39.reg
2007-11-09 16:02 212 ----a-w C:\reg37.reg
2007-11-09 16:02 212 ----a-w C:\reg36.reg
2007-11-09 16:02 212 ----a-w C:\reg35.reg
2007-11-09 16:02 12,480 ----a-w C:\reg27.reg
2007-11-09 16:02 1,294 ----a-w C:\reg34.reg
2007-11-09 15:05 --------- d-----w C:\Program Files\XoftSpySE
2007-11-07 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-11-07 19:02 --------- d-----w C:\Program Files\Yahoo!
2007-11-07 14:26 --------- d-----w C:\Program Files\Google
2007-11-06 18:07 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-06 17:02 378,721 --sh--w C:\WINDOWS\system32\ttvwa.ini2
2007-11-06 16:58 377,566 --sh--w C:\WINDOWS\system32\ttvwa.bak2
2007-11-05 19:14 115,712 ----a-w C:\VundoFix.exe
2007-11-01 04:29 6,470 --sha-w C:\WINDOWS\system32\ttvwa.bak1
2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll
1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler]
@={36A21736-36C2-4C11-8ACB-D4136F2B57BD}
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files]

[HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}]
2007-02-12 01:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" []
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe]
"SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe]
"Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27]
"nwiz"="nwiz.exe" [2006-01-19 15:14 C:\WINDOWS\system32\nwiz.exe]
"NVHotkey"="nvHotkey.dll" [2006-01-19 15:14 C:\WINDOWS\system32\nvhotkey.dll]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29]
"Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 12:26]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26]
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-28 21:31:58]
EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 09:39:02]
GroupWise Notify.lnk - C:\Novell\GroupWise\Notify.exe [2006-05-12 07:34:00]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys
R2 MB4-TOMCAT;MB4-TOMCAT;C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe
R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys
S1 abpicw2k;AB PIC/AIC+ Driver;C:\WINDOWS\system32\DRIVERS\abpicw2k.sys
S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys
S3 HMI;HMI;C:\WINDOWS\system32\drivers\g3usb.sys
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS

.
**************************************************************************

catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-10 10:12:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-12-10 10:34:40 - machine was rebooted
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:36, on 2007-12-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe
C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\ComboFix\swreg.cfexe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenixspecialty.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe
O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189175730336
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenixssc.com
O17 - HKLM\Software\..\Telephony: DomainName = phoenixssc.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3B76F5-1223-48FE-B8AA-6C2B23E150FF}: NameServer = 192.25.25.15,192.25.25.17
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phoenixssc.com
O18 - Protocol: WebCD - {41AAF073-8687-4877-AAA2-228AB7D195AD} - C:\Program Files\Motion Selector\WebCD\FirstProtocol.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe
O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe
O23 - Service: MB4-TOMCAT - Alexandria Software Consulting - C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe
O23 - Service: MySql - Unknown owner - C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 9048 bytes

12-10-2007, 09:02 AM	#3 (permalink)
laughalot Registered User Join Date: Dec 2007 Posts: 12 OS: XP	Re: Pop Ups - Vundo.GN Here are the exe's that popped up in task manager: swreg.cfexe hidfind.exe findstr.exe sed.cfexe vfind.cfexe I was not able to always end them, they would appear then disappear in TaskM. I did keep getting a windows popup stating "This application has failed to start because detoured.dll was not found. Re-installing the application may fix this problem." Here are the log files: ComboFix 07-12-09.1 - lcramer 2007-12-10 9:18:43.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.595 [GMT -5:00] * Created a new restore point . Rootkit driver pe386 is present. ... attempting disinfection Rootkit driver msguard is present. ... attempting disinfection pe386 ...... driver unloaded successfully. msguard ...... driver unloaded successfully. ((((((((((((((((((((((((( Files Created from 2007-11-10 to 2007-12-10 ))))))))))))))))))))))))))))))) . 2007-12-05 12:18 . 2007-12-05 12:18 <DIR> d-------- C:\Program Files\Trend Micro 2007-12-05 11:51 . 2007-12-05 11:51 <DIR> d-------- C:\ie-spyad_zo 2007-12-05 11:44 . 2007-12-05 11:44 <DIR> d-------- C:\Program Files\SpywareBlaster 2007-12-05 11:36 . 2007-12-05 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7 2007-12-05 11:22 . 2007-12-05 11:42 <DIR> d-------- C:\WINDOWS\system32\ActiveScan 2007-12-05 11:22 . 2007-12-05 11:42 30,590 --a------ C:\WINDOWS\system32\pavas.ico 2007-12-05 11:22 . 2007-12-05 11:42 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico 2007-12-05 11:22 . 2007-12-05 11:42 1,406 --a------ C:\WINDOWS\system32\Help.ico 2007-12-03 16:13 . 2007-12-03 16:14 <DIR> d-------- C:\Documents and Settings\bblakeney\Application Data\Autodesk 2007-12-03 16:11 . 2006-04-28 21:24 <DIR> d-------- C:\Documents and Settings\bblakeney\Application Data\Intel 2007-11-29 13:40 . 2007-11-29 13:40 <DIR> d-------- C:\Program Files\RealVNC 2007-11-28 12:15 . 2006-04-28 21:24 <DIR> d-------- C:\Documents and Settings\arodgers\Application Data\Intel 2007-11-20 15:00 . 2007-10-18 21:14 184,080 --a------ C:\WINDOWS\system32\drivers\ino_fltr.sys 2007-11-20 15:00 . 2007-08-06 22:07 27,536 --a------ C:\WINDOWS\system32\drivers\ino_flpy.sys 2007-11-20 14:59 . 2007-11-20 14:59 <DIR> d-------- C:\WINDOWS\system32\Debug 2007-11-20 13:04 . 2007-11-26 09:46 <DIR> d-------- C:\DEDUCT . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2007-11-09 16:02 996 ----a-w C:\reg5.reg 2007-11-09 16:02 654 ----a-w C:\reg30.reg 2007-11-09 16:02 6,844 ----a-w C:\reg19.reg 2007-11-09 16:02 6,668 ----a-w C:\reg29.reg 2007-11-09 16:02 572 ----a-w C:\reg28.reg 2007-11-09 16:02 5,068 ----a-w C:\reg20.reg 2007-11-09 16:02 426 ----a-w C:\reg33.reg 2007-11-09 16:02 322 ----a-w C:\reg23.reg 2007-11-09 16:02 314 ----a-w C:\reg43.reg 2007-11-09 16:02 300 ----a-w C:\reg21.reg 2007-11-09 16:02 3,490 ----a-w C:\reg1.reg 2007-11-09 16:02 28,564 ----a-w C:\reg18.reg 2007-11-09 16:02 278 ----a-w C:\reg38.reg 2007-11-09 16:02 276 ----a-w C:\reg32.reg 2007-11-09 16:02 248 ----a-w C:\reg44.reg 2007-11-09 16:02 248 ----a-w C:\reg42.reg 2007-11-09 16:02 248 ----a-w C:\reg41.reg 2007-11-09 16:02 248 ----a-w C:\reg40.reg 2007-11-09 16:02 230 ----a-w C:\reg2.reg 2007-11-09 16:02 212 ----a-w C:\reg39.reg 2007-11-09 16:02 212 ----a-w C:\reg37.reg 2007-11-09 16:02 212 ----a-w C:\reg36.reg 2007-11-09 16:02 212 ----a-w C:\reg35.reg 2007-11-09 16:02 12,480 ----a-w C:\reg27.reg 2007-11-09 16:02 1,294 ----a-w C:\reg34.reg 2007-11-09 15:05 --------- d-----w C:\Program Files\XoftSpySE 2007-11-07 21:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft 2007-11-07 19:02 --------- d-----w C:\Program Files\Yahoo! 2007-11-07 14:26 --------- d-----w C:\Program Files\Google 2007-11-06 18:07 --------- d-----w C:\Program Files\Common Files\Adobe 2007-11-06 17:02 378,721 --sh--w C:\WINDOWS\system32\ttvwa.ini2 2007-11-06 16:58 377,566 --sh--w C:\WINDOWS\system32\ttvwa.bak2 2007-11-05 19:14 115,712 ----a-w C:\VundoFix.exe 2007-11-01 04:29 6,470 --sha-w C:\WINDOWS\system32\ttvwa.bak1 2007-10-26 03:36 8,454,656 ------w C:\WINDOWS\system32\dllcache\shell32.dll 1998-12-09 02:53 99,840 ----a-w C:\Program Files\Common Files\IRAABOUT.DLL 1998-12-09 02:53 70,144 ----a-w C:\Program Files\Common Files\IRAMDMTR.DLL 1998-12-09 02:53 48,640 ----a-w C:\Program Files\Common Files\IRALPTTR.DLL 1998-12-09 02:53 31,744 ----a-w C:\Program Files\Common Files\IRAWEBTR.DLL 1998-12-09 02:53 186,368 ----a-w C:\Program Files\Common Files\IRAREG.DLL 1998-12-09 02:53 17,920 ----a-w C:\Program Files\Common Files\IRASRIAL.DLL . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AutoCAD Digital Signatures Icon Overlay Handler] @={36A21736-36C2-4C11-8ACB-D4136F2B57BD} [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Offline Files] [HKEY_CLASSES_ROOT\CLSID\{36A21736-36C2-4C11-8ACB-D4136F2B57BD}] 2007-02-12 01:12 44648 --a------ C:\WINDOWS\system32\AcSignIcon.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24] "ModemOnHold"="C:\Program Files\NetWaiting\netWaiting.exe" [2003-09-10 02:24] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="RUNDLL32.exe" [2004-08-04 05:00 C:\WINDOWS\system32\rundll32.exe] "SigmatelSysTrayApp"="stsystra.exe" [2005-11-16 21:35 C:\WINDOWS\stsystra.exe] "Realtime Monitor"="C:\Program Files\CA\eTrustITM\realmon.exe" [2007-01-16 21:27] "nwiz"="nwiz.exe" [2006-01-19 15:14 C:\WINDOWS\system32\nwiz.exe] "NVHotkey"="nvHotkey.dll" [2006-01-19 15:14 C:\WINDOWS\system32\nvhotkey.dll] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 16:50] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 16:50] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 11:55] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 11:56] "DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-12-09 20:29] "Document Manager"="C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe" [2006-03-09 12:26] "DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 05:20] "Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [2006-02-20 12:39] "Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 19:13] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 22:46] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 08:18:22] Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2006-04-28 21:31:58] EMBASSY Trust Suite Secure Update.lnk - C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe [2005-11-30 09:39:02] GroupWise Notify.lnk - C:\Novell\GroupWise\Notify.exe [2006-05-12 07:34:00] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2000-01-21 03:15:54] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=wxvault.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth R0 PBADRV;PBADRV;C:\WINDOWS\system32\drivers\pbadrv.sys R2 MB4-TOMCAT;MB4-TOMCAT;C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe R3 USBCCID;USB Smart Card reader;C:\WINDOWS\system32\DRIVERS\usbccid.sys S1 abpicw2k;AB PIC/AIC+ Driver;C:\WINDOWS\system32\DRIVERS\abpicw2k.sys S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys S3 HMI;HMI;C:\WINDOWS\system32\drivers\g3usb.sys S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS . ************************************************************************ catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2007-12-10 10:12:52 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************ . Completion time: 2007-12-10 10:34:40 - machine was rebooted . --- E O F --- Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:36, on 2007-12-10 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16544) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Wave Systems Corp\Common\DataServer.exe C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\cmd.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\System32\DLA\DLACTRLW.EXE C:\Program Files\Apoint\Apoint.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Apoint\Apntex.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\ComboFix\swreg.cfexe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.phoenixspecialty.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [Document Manager] C:\Program Files\Wave Systems Corp\Services Manager\DocMgr\bin\docmgr.exe O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: EMBASSY Trust Suite Secure Update.lnk = C:\Program Files\Wave Systems Corp\Services Manager\Secure Update\AutoUpdate.exe O4 - Global Startup: GroupWise Notify.lnk = C:\Novell\GroupWise\Notify.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1189175730336 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = phoenixssc.com O17 - HKLM\Software\..\Telephony: DomainName = phoenixssc.com O17 - HKLM\System\CCS\Services\Tcpip\..\{8B3B76F5-1223-48FE-B8AA-6C2B23E150FF}: NameServer = 192.25.25.15,192.25.25.17 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = phoenixssc.com O18 - Protocol: WebCD - {41AAF073-8687-4877-AAA2-228AB7D195AD} - C:\Program Files\Motion Selector\WebCD\FirstProtocol.dll O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Autodesk Network Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe O23 - Service: DataSvr2 - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Common\DataServer.exe O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE O23 - Service: iTechnology iGateway 4.2 (iGateway) - CA, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe O23 - Service: eTrust ITM RPC Service (InoRPC) - CA - C:\Program Files\CA\eTrustITM\InoRpc.exe O23 - Service: eTrust Antivirus Realtime Service (InoRT) - CA - C:\Program Files\CA\eTrustITM\InoRT.exe O23 - Service: eTrust ITM Job Service (InoTask) - CA - C:\Program Files\CA\eTrustITM\InoTask.exe O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRealtime\bin\ITMRTSVC.exe O23 - Service: MB4-TOMCAT - Alexandria Software Consulting - C:\Program Files\Motion Selector\Application\tomcat\bin\tomcat.exe O23 - Service: MySql - Unknown owner - C:\Program Files\Motion Selector\Application\mysql\bin\mysqld-max-nt.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: NTRU Hybrid TSS v2.0.7 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v2.0.7\bin\tcsd_win32.exe O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 9048 bytes