I logged on my computer today to see that my CA Anti-virus has been detecting infected files. I thought it stopped and deleted them, but every few hours it keeps detecting more, leading me to believe there is some sort of program running that I am not aware about.
Any help would be appreciated. I have a HJT Log
This is what CA Anti-Virus Found.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection. Quarantined
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:43 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection. Quarantined
3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:31:08 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 6:31:08 AM File infection: C:\WINDOWS\system32\gebyy.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:11 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\8V908OJR\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 9:21:11 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:16 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:54 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\F6Q7HPS1\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:42:57 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:55 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:58 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:13 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSTpscre\Tpscrex.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\mrofinu1645.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Evidence Eliminator\Ee.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\jkkkiii.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] "C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1645.exe 61A847B5BBF72813349F3D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkkkiii - C:\WINDOWS\SYSTEM32\jkkkiii.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSOBSERV.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12775 bytes
Any help would be appreciated. I have a HJT Log
This is what CA Anti-Virus Found.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection. Quarantined
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:16:02 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a18104.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:43 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection. Quarantined
3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:44 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:18:45 AM File infection: C:\DOCUME~1\Stevo\LOCALS~1\Temp\a21419.exe is Win32/VMalum.CCLF infection.
3/26/2008 6:31:08 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 6:31:08 AM File infection: C:\WINDOWS\system32\gebyy.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 8:21:15 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 8:21:16 AM File infection: C:\WINDOWS\system32\ssttt.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:11 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\8V908OJR\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 9:21:11 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 9:21:12 AM File infection: C:\WINDOWS\system32\pmnnl.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:16 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 10:21:17 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 10:21:18 AM File infection: C:\WINDOWS\system32\pmnli.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:54 AM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\F6Q7HPS1\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 11:42:55 AM File infection: C:\WINDOWS\system32\jkhfg.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:42:57 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\E58HA85G\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 12:43:00 PM File infection: C:\WINDOWS\system32\vtsqp.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:55 PM File infection: C:\Documents and Settings\Stevo\Local Settings\Temporary Internet Files\Content.IE5\DAB9P0KL\css4[1] is Win32/Chisyne.DU trojan. Deleted
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan. Deleted
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:57 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
3/26/2008 13:42:58 PM File infection: C:\WINDOWS\system32\pmkji.dll is Win32/Chisyne.DU trojan.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:13 AM, on 3/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Nexon\Mabinogi\npkcmsvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Gateway\EzTune\DTHtml.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe
C:\Program Files\Portrait Displays\Pivot Software\floater.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\MSTpscre\Tpscrex.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\mrofinu1645.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Evidence Eliminator\Ee.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CAGlobal.exe
C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Light\CAGlobalLight.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\jkkkiii.dll
O2 - BHO: CA Toolbar Helper - {FBF2401B-7447-4727-BE5D-C19B2075CA84} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O3 - Toolbar: CA Toolbar - {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - C:\Program Files\CA\CA Internet Security Suite\CA Website Inspector\WebsiteInspector\Toolbar\CallingIDIE.dll
O4 - HKLM\..\Run: [PivotSoftware] "C:\Program Files\Portrait Displays\Pivot Software\wpctrl.exe"
O4 - HKLM\..\Run: [DT GWY] "C:\Program Files\Common Files\Portrait Displays\Shared\DT_startup.exe" -GWY
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [XboxStat] "c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.32\QOELoader.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Tpscrex] C:\Program Files\MSTpscre\Tpscrex.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1645.exe 61A847B5BBF72813349F3D466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/WebfettiInitialSetup1.0.0.15-3.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: jkkkiii - C:\WINDOWS\SYSTEM32\jkkkiii.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\dtsrvc.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V16\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: FactoryTalk Activation Service - Macrovision Corporation - C:\Program Files\Rockwell Software\FactoryTalk Activation\lmgrd.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\PROGRA~1\ROCKWE~1\RSLINX\RSOBSERV.EXE
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: npkcmsvc - INCA Internet Co., Ltd. - C:\Nexon\Mabinogi\npkcmsvc.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 12775 bytes