ComboFix 07-09-08.7 - "00195592" 2007-09-08 10:04:33.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.574 [GMT -7:00]
* Created a new restore point
.
((((((((((((((((((((((((( Files Created from 2007-08-08 to 2007-09-08 )))))))))))))))))))))))))))))))
.
2007-09-08 10:01 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-07 10:27 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-09-06 12:27 4,868 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-05 22:49 <DIR> d-------- C:\DOCUME~1\00195592\.housecall6.6
2007-09-05 10:52 28,672 --a------ C:\WINDOWS\system32\drivers\CO_Mon.sys
2007-09-05 01:46 <DIR> d-------- C:\Program Files\a-squared Free
2007-09-05 01:21 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-04 23:00 <DIR> d-------- C:\QUARANTINE
2007-08-26 11:12 <DIR> dr------- C:\DOCUME~1\00195592\APPLIC~1\Brother
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-05 01:00 --------- d-------- C:\Program Files\SpywareBlaster
2007-02-09 15:30 487 --a------ C:\Program Files\acad2000.cfg
2007-02-09 15:25 6795264 --a------ C:\Program Files\acad.exe
2007-02-09 15:25 146227 --a------ C:\Program Files\DeIsL1.isu
1999-03-26 11:49 115920 --a------ C:\Program Files\actusm.dll
1999-03-25 05:14 88773 --a------ C:\Program Files\acadapp.arx
1999-03-25 05:07 274432 --a------ C:\Program Files\asilisp.arx
1999-03-25 05:06 12288 --a------ C:\Program Files\asilloc.dll
1999-03-25 05:05 122880 --a------ C:\Program Files\cao15.dll
1999-03-25 05:04 1290240 --a------ C:\Program Files\condlg.arx
1999-03-25 04:55 110592 --a------ C:\Program Files\aclbed.dll
1999-03-25 04:54 167936 --a------ C:\Program Files\aseloc.dll
1999-03-25 04:54 1089536 --a------ C:\Program Files\ase.arx
1999-03-25 04:49 417792 --a------ C:\Program Files\csp.dll
1999-03-25 04:48 40960 --a------ C:\Program Files\asiloc.dll
1999-03-25 04:47 831488 --a------ C:\Program Files\sqleng.dll
1999-03-25 04:43 118784 --a------ C:\Program Files\tmptbl.dll
1999-03-25 04:39 524288 --a------ C:\Program Files\sqldata.dll
1999-03-25 04:29 57344 --a------ C:\Program Files\oletohdi6.dll
1999-03-25 04:28 45056 --a------ C:\Program Files\styleeng.dll
1999-03-25 04:28 139264 --a------ C:\Program Files\styshwiz.exe
1999-03-25 04:27 69632 --a------ C:\Program Files\prntprog.dll
1999-03-25 04:27 32768 --a------ C:\Program Files\styexe.exe
1999-03-25 04:27 192512 --a------ C:\Program Files\addplwiz.exe
1999-03-25 04:26 389120 --a------ C:\Program Files\pc3edit.dll
1999-03-25 04:26 28672 --a------ C:\Program Files\pc3exe.exe
1999-03-25 04:25 528384 --a------ C:\Program Files\plcfmgr.dll
1999-03-25 04:25 225280 --a------ C:\Program Files\psizewiz.dll
1999-03-25 04:25 135168 --a------ C:\Program Files\plcalwiz.dll
1999-03-25 04:24 32768 --a------ C:\Program Files\apperr.dll
1999-03-25 04:23 45056 --a------ C:\Program Files\coreerr.dll
1999-03-25 04:23 28672 --a------ C:\Program Files\plcferr.dll
1999-03-25 04:13 790528 --a------ C:\Program Files\physpen.dll
1999-03-25 04:12 933888 --a------ C:\Program Files\styedit.dll
1999-03-25 04:11 86016 --a------ C:\Program Files\gridres.dll
1999-03-25 03:46 1105920 --a------ C:\Program Files\vllib.dll
1999-03-25 03:45 65536 --a------ C:\Program Files\vlreac.dll
1999-03-25 03:45 380928 --a------ C:\Program Files\vlabout.dll
1999-03-25 03:45 36864 --a------ C:\Program Files\vldlg.dll
1999-03-25 03:45 323584 --a------ C:\Program Files\vlide.dll
1999-03-25 03:45 233472 --a------ C:\Program Files\vlmsg.dll
1999-03-25 03:45 20480 --a------ C:\Program Files\vlres.dll
1999-03-25 03:45 118784 --a------ C:\Program Files\vlcom.dll
1999-03-25 03:44 581632 --a------ C:\Program Files\vl.arx
1999-03-25 03:43 77824 --a------ C:\Program Files\dwgaids.arx
1999-03-25 03:43 6821 --a------ C:\Program Files\solids.xmx
1999-03-25 03:43 286720 --a------ C:\Program Files\axdb15.dll
1999-03-25 03:43 105125 --a------ C:\Program Files\acsolids.arx
1999-03-25 03:42 2723840 --a------ C:\Program Files\axauto15.dll
1999-03-25 03:41 68768 --a------ C:\Program Files\geomcal.arx
1999-03-25 03:41 66540 --a------ C:\Program Files\geom3d.arx
1999-03-25 03:41 53479 --a------ C:\Program Files\acadaut.reg
1999-03-25 03:41 44078 --a------ C:\Program Files\rectang.arx
1999-03-25 03:40 91720 --a------ C:\Program Files\render.xmx
1999-03-25 03:40 45056 --a------ C:\Program Files\aclsobj.arx
1999-03-25 03:40 172032 --a------ C:\Program Files\acadps.arx
1999-03-25 03:40 1335296 --a------ C:\Program Files\acrender.arx
1999-03-25 03:30 32768 --a------ C:\Program Files\whohas.arx
1999-03-25 03:30 192512 --a------ C:\Program Files\acadvba.arx
1999-03-25 03:29 98304 --a------ C:\Program Files\acqsetup.arx
1999-03-25 03:29 61440 --a------ C:\Program Files\acoscale.arx
1999-03-25 03:29 204800 --a------ C:\Program Files\acasetup.arx
1999-03-25 03:29 200704 --a------ C:\Program Files\acadstar.arx
1999-03-25 03:28 69632 --a------ C:\Program Files\textfind.arx
1999-03-25 03:28 49152 --a------ C:\Program Files\units.arx
1999-03-25 03:28 49152 --a------ C:\Program Files\pltcmdln.arx
1999-03-25 03:28 110592 --a------ C:\Program Files\appload.arx
1999-03-25 03:27 94208 --a------ C:\Program Files\acDcTextStyles.arx
1999-03-25 03:27 81920 --a------ C:\Program Files\acmatch.arx
1999-03-25 03:27 139264 --a------ C:\Program Files\acorbit.arx
1999-03-25 03:27 131072 --a------ C:\Program Files\AcRefEd.arx
1999-03-25 03:26 86016 --a------ C:\Program Files\acDcDimStyles.arx
1999-03-25 03:25 94208 --a------ C:\Program Files\acDcLinetypes.arx
1999-03-25 03:25 86016 --a------ C:\Program Files\acDcXrefs.arx
1999-03-25 03:24 81920 --a------ C:\Program Files\acDcLayouts.arx
1999-03-25 03:24 69632 --a------ C:\Program Files\acDcImages.arx
1999-03-25 03:24 147456 --a------ C:\Program Files\acDcSymbols.arx
1999-03-25 03:23 516096 --a------ C:\Program Files\acDcFrame.arx
1999-03-25 03:17 143360 --a------ C:\Program Files\acDcUtils.dll
1999-03-25 03:16 204800 --a------ C:\Program Files\acISMui.arx
1999-03-25 03:12 61440 --a------ C:\Program Files\resize.dll
1999-03-25 03:12 45056 --a------ C:\Program Files\color.dll
1999-03-25 03:12 32768 --a------ C:\Program Files\textedit.arx
1999-03-25 03:12 118784 --a------ C:\Program Files\acadinet.dll
1999-03-25 03:11 69632 --a------ C:\Program Files\attedit.arx
1999-03-25 03:11 552960 --a------ C:\Program Files\AcDim.arx
1999-03-25 03:11 28728 --a------ C:\Program Files\acdorder.arx
1999-03-25 03:09 610304 --a------ C:\Program Files\acopm.arx
1999-03-25 03:08 53248 --a------ C:\Program Files\acsiui.arx
1999-03-25 03:08 32768 --a------ C:\Program Files\acbrowse.arx
1999-03-25 03:08 221184 --a------ C:\Program Files\acblock.arx
1999-03-25 03:07 65536 --a------ C:\Program Files\aceplotx.arx
1999-03-25 03:07 32768 --a------ C:\Program Files\acsiobj.arx
1999-03-25 03:07 118784 --a------ C:\Program Files\achlnkui.arx
1999-03-25 03:06 40960 --a------ C:\Program Files\ddelib.dll
1999-03-25 03:06 397312 --a------ C:\Program Files\acgs.dll
1999-03-25 03:06 32768 --a------ C:\Program Files\oleaprot.arx
1999-03-25 03:06 245760 --a------ C:\Program Files\Ereg.dll
1999-03-25 02:44 339968 --a------ C:\Program Files\acmted.arx
1999-03-25 02:42 298911 --a------ C:\Program Files\acad.xmx
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 14:48]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-08-06 09:27]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 00:28]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 00:26]
"AGRSMMSG"="AGRSMMSG.exe" [2004-10-27 23:37 C:\WINDOWS\agrsmmsg.exe]
"Tvs"="C:\Program Files\Toshiba\Tvs\TvsTray.exe" [2004-11-12 18:57]
"NDSTray.exe"="NDSTray.exe" []
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-03 02:05]
"SmoothView"="C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2004-09-15 16:03]
"PadTouch"="C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe" [2004-09-07 15:03]
"THotkey"="C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe" [2005-01-14 17:45]
"TFncKy"="TFncKy.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-01-13 17:36]
"nwiz"="nwiz.exe" [2005-01-13 17:36 C:\WINDOWS\system32\nwiz.exe]
"TPSMain"="TPSMain.exe" [2004-12-28 17:02 C:\WINDOWS\system32\TPSMain.exe]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 02:01]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-08-18 08:00]
"Network Associates Error Reporting Service"="C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"NWTRAY"="NWTRAY.EXE" [2002-03-12 11:37 C:\WINDOWS\system32\nwtray.exe]
"ZENRC Tray Icon"="c:\WINDOWS\system32\zentray.exe" [2003-03-18 15:37]
"VersatoMs"="C:\Program Files\MagicMus\MulMouse.exe" [2004-06-17 16:14]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-06-21 13:19]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 09:38]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 08:46]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 10:55]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 02:25]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Application Explorer.lnk - C:\Program Files\Novell\ZENworks\NALDESK.EXE [2003-03-24 13:08:30]
HotSync Manager.lnk - C:\Palm\HOTSYNC.EXE [2007-01-15 13:41:52]
RAMASST.lnk - C:\WINDOWS\system32\RAMASST.exe [2005-01-10 14:35:49]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"CompatibleRUPSecurity"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B4870B70-F390-11d2-9FB9-F4ED725EA20D}"= C:\Program Files\Novell\ZENworks\NalExpEx.dll [2003-03-24 13:08 131072]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 nwv1_0
R0 NICM;Novell InterService Communication Driver;C:\WINDOWS\system32\Drivers\Nicm.sys
R0 NWFILTER;Novell UNC Path Filter;C:\WINDOWS\system32\NetWare\nwfilter.sys
R1 NaiAvTdi1;NaiAvTdi1;C:\WINDOWS\system32\drivers\mvstdi5x.sys
R1 nipplpt2;Novell iCapture Lpt Redirector 2;C:\WINDOWS\system32\drivers\nipplpt.sys
R2 BlankScr;HBDevice;C:\WINDOWS\system32\drivers\BlankScr.sys
R2 FxControlRuntime;FxControl Runtime;C:\Program Files\CIMPLICITY Machine Edition\fxControl\Runtime\NT\FxControl.exe
R2 Kblock;Kblock;C:\WINDOWS\system32\drivers\Kblock.sys
R2 Mouslock;Mouslock;C:\WINDOWS\system32\drivers\Mouslock.sys
R2 MUsbFltr;USB WTMouse Filter Service;C:\WINDOWS\system32\DRIVERS\MUsbFltr.sys
R2 NA_Service;NetAccess Service;C:\WINDOWS\system32\NA_Service.exe
R2 NetwareWorkstation;Novell Client for Windows;C:\WINDOWS\system32\NetWare\nwfs.sys
R2 NWDHCP;Novell DHCP Inform Client;C:\WINDOWS\system32\NetWare\nwdhcp.sys
R2 Prometheus Wake-On-LAN Status Agent;Novell ZfD Wake on LAN Status Agent;c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
R2 RESMGR;Novell NetWare Resource Manager;C:\WINDOWS\system32\NetWare\resmgr.sys
R2 SRVLOC;Novell Service Location;C:\WINDOWS\system32\NetWare\srvloc.sys
R2 TrapiServer;Trapi File Server;C:\Program Files\CIMPLICITY Machine Edition\Common\Components\NT\trapiserver.exe
R3 EntDrv51;EntDrv51;\??\C:\WINDOWS\system32\drivers\EntDrv51.sys
R3 nscmnt;Novell Local Security Context Manager;C:\WINDOWS\system32\drivers\novell\nscmnt.sys
R3 NWDNS;Novell DNS Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwdns.sys
R3 NWHOST;Novell Host File Name Space Service Provider;C:\WINDOWS\system32\NetWare\NWHOST.sys
R3 NWSLP;Novell SLP Name Space Service Provider;C:\WINDOWS\system32\NetWare\nwslp.sys
R3 NWSNS;Novell Simple Naming Services;C:\WINDOWS\system32\NetWare\NWSNS.sys
S1 oxmf;OXPCI Bus enumerator;C:\WINDOWS\system32\DRIVERS\oxmf.sys
S1 oxser;OX16C95x Serial port driver;C:\WINDOWS\system32\DRIVERS\oxser.sys
S1 VirtualBackplane;A-B Virtual Backplane;C:\WINDOWS\system32\Drivers\VirtualBackplane.sys
S2 cusrvc;Client Update Service for Novell;C:\WINDOWS\system32\cusrvc.exe
S2 NWSIPX32;Novell NetWare IPX/SPX Transport Interface;C:\WINDOWS\system32\NetWare\nwsipx32.sys
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys
S3 NWSAP;Novell SAP Name Space Provider;C:\WINDOWS\system32\NetWare\NWSAP.sys
S3 Oxmfuf;Filter driver for OX16PCI95x ports;C:\WINDOWS\system32\DRIVERS\oxmfuf.sys
S3 RS_SS_NT;RSLinx S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS
S3 RSSERIAL;RSLinx Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS
S3 tosrfec;Bluetooth ACPI from TOSHIBA;C:\WINDOWS\system32\DRIVERS\tosrfec.sys
S3 usb2ser;usb2ser;C:\WINDOWS\system32\DRIVERS\usb2ser.sys
S3 xauthnt;Novell XTier Authentication Service;C:\WINDOWS\system32\drivers\novell\xauthnt.sys
Start Pending2 Remote Management Agent;Novell ZfD Remote Management;c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0d2bc720-c43f-11db-b3d1-0012f09f82d9}]
AutoRun\command- F:\setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b2813d90-9c20-11db-b3a0-0012f09f82d9}]
AutoRun\command- F:\setupSNK.exe
*Newly Created Service* - ENTDRV51
.
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2007-09-08 10:10:12
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-09-08 10:11:54 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-08 10:11
.
--- E O F ---
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, September 08, 2007 12:15:47 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 8/09/2007
Kaspersky Anti-Virus database records: 410326
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 64507
Number of viruses found: 4
Number of infected objects: 44
Number of suspicious objects: 0
Duration of the scan process: 01:04:59
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\00195592\.housecall6.6\Quarantine\printer.exe.bac_a03320 Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\Documents and Settings\00195592\.housecall6.6\Quarantine\system.exe.Vir.bac_a03320 Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\Documents and Settings\00195592\.housecall6.6\Quarantine\systems.txt.bac_a03320 Infected: not-virus:Hoax.Win32.Renos.jh skipped
C:\Documents and Settings\00195592\.housecall6.6\Quarantine\vtr.xxx.bac_a03320 Infected: Trojan.Win32.Agent.bfe skipped
C:\Documents and Settings\00195592\.housecall6.6\Quarantine\winavxx.exe.bac_a03320 Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\Documents and Settings\00195592\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\00195592\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\00195592\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\00195592\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\00195592\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\00195592\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\00195592\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\00195592\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\00195592\Local Settings\Temp\NAILogs\UpdaterUI_SOEE-Z-60986.log Object is locked skipped
C:\Documents and Settings\00195592\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\00195592\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\00195592\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_SOEE-Z-60986.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\PrdMgr_SOEE-Z-60986.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070908_Time-100941667_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20070908_Time-100941667_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\RMErrorLog1.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0021854.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0021855.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0021873.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0021874.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022012.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022013.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022061.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022062.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022080.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP111\A0022081.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022115.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022116.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022130.dll Infected: Trojan.Win32.Agent.bfe skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022148.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022149.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022150.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022186.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022187.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022188.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022252.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP112\A0022253.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022309.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022310.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022311.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022347.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022348.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022349.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022383.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022384.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022385.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022426.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022427.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022428.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP113\A0022429.exe Infected: not-virus:Hoax.Win32.Renos.je skipped
C:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP115\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\novell\nici\00195282\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\00195282\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS2 Object is locked skipped
C:\WINDOWS\system32\novell\nici\SYSTEM\XMGRCFG.KS3 Object is locked skipped
C:\WINDOWS\system32\systems.txt Infected: not-virus:Hoax.Win32.Renos.jh skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\TempFile Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{9F6D27BD-8333-4C91-A655-AFB30354E2FB}\RP115\change.log Object is locked skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:22:23 PM, on 08/09/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\GE Fanuc\GE Fanuc Licensing\CCFLIC0.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\CIMPLICITY Machine Edition\fxControl\Runtime\NT\FxControl.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
c:\Program Files\Novell\ZENworks\nalntsrv.exe
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\OpcEnum.exe
c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\Program Files\CIMPLICITY Machine Edition\Common\Components\NT\trapiserver.exe
c:\Program Files\Novell\ZENworks\wm.exe
c:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\WINDOWS\system32\NWTRAY.EXE
C:\Program Files\MagicMus\MulMouse.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicMus\MagicWl.exe
C:\Palm\HOTSYNC.EXE
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\DllHost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.ca/
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ZENRC Tray Icon] c:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [VersatoMs] C:\Program Files\MagicMus\MulMouse.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - .DEFAULT User Startup: IEHOME.LNK = C:\Documents and Settings\Default User\Local Settings\Temp\iehome.bat (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Application Explorer.lnk = C:\Program Files\Novell\ZENworks\NALDESK.EXE
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - c:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) -
http://notesmail.bcit.ca/iNotes6W.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 4106342381
O17 - HKLM\System\CCS\Services\Tcpip\..\{52C1545D-3A82-4047-BBAB-5AE9E1302000}: NameServer = 154.11.128.59,154.11.128.187
O17 - HKLM\System\CCS\Services\Tcpip\..\{F2E0297F-14EA-41AE-A693-FD17F72F2929}: NameServer = 154.11.128.59,154.11.128.187
O17 - HKLM\System\CS1\Services\Tcpip\..\{52C1545D-3A82-4047-BBAB-5AE9E1302000}: NameServer = 154.11.128.59,154.11.128.187
O17 - HKLM\System\CS2\Services\Tcpip\..\{52C1545D-3A82-4047-BBAB-5AE9E1302000}: NameServer = 154.11.128.59,154.11.128.187
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AEClientHostService - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\Alarm Viewer\Host\AEClientHostService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Proficy Licensing (CCFLIC0) - GE Fanuc Automation Americas - C:\Program Files\GE Fanuc\GE Fanuc Licensing\CCFLIC0.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Client Update Service for Novell (cusrvc) - Novell, Inc. - C:\WINDOWS\system32\cusrvc.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: FxControl Runtime (FxControlRuntime) - Total Control Products (Canada) Inc. - C:\Program Files\CIMPLICITY Machine Edition\fxControl\Runtime\NT\FxControl.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSCommon\RSOBSERV.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - c:\Program Files\Novell\ZENworks\nalntsrv.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Novell ZfD Wake on LAN Status Agent (Prometheus Wake-On-LAN Status Agent) - Novell Inc. - c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\WolSerNT.exe
O23 - Service: Novell ZfD Remote Management (Remote Management Agent) - Novell Inc. - c:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: RSLinx - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
O23 - Service: Trapi File Server (TrapiServer) - Unknown owner - C:\Program Files\CIMPLICITY Machine Edition\Common\Components\NT\trapiserver.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, INC. - c:\Program Files\Novell\ZENworks\wm.exe
--
End of file - 11360 bytes