Done the both fixing and scanning
This is Main.txt
Deckard's System Scanner v20071014.68
Run by Palaniswan on 2008-07-14 00:20:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 2 Restore Point(s) --
2: 2008-07-13 16:21:07 UTC - RP15 - Deckard's System Scanner Restore Point
1: 2008-07-13 04:43:28 UTC - RP14 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Palaniswan.exe) ------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:37 AM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\PalaniswaN\Application Data\U3\0000060329040501\LaunchPad.exe
C:\Documents and Settings\PalaniswaN\Desktop\dss.exe
C:\DOCUME~1\PALANI~1\Desktop\Palaniswan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft....k/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft....k/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft....k/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://go.microsoft....k/?LinkId=69157R3 - URLSearchHook: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCsPF.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EC2B4C85-F250-4259-B1B5-2A009148F554} - C:\WINDOWS\system32\nnnnnNhi.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! ¤u¨ã¦C - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -
http://favorites.liv...m/quickadd.aspxO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -
http://support.dell....iler/SysPro.CABO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.mi...b?1190219409312O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.mi...b?1190233303250O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O20 - Winlogon Notify: iifcCsPF - C:\WINDOWS\SYSTEM32\iifcCsPF.dll
O21 - SSODL: AvpChk - {f840309f-772b-4d44-a13d-206fdfd7acd4} - C:\WINDOWS\Resources\AvpChk.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 12533 bytes
-- File Associations -----------------------------------------------------------
.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 agnwifi (AT&T Wi-Fi Support Driver) - c:\windows\system32\drivers\agnwifi.sys <Not Verified; AT&T; AT&T Global Network Client>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>
S3 ABKTCX (Rockwell Software 1784-KTC(X) Driver) - c:\windows\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 PcmkWdm (%PcmkWdm.DeviceDesc%) - c:\windows\system32\drivers\pcmkwdm.sys <Not Verified; Rockwell Software, Inc.; PcmkWdm Driver>
S3 RS_SS_NT (RSLinx Classic S-S SD/SD2 Device Driver) - c:\windows\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\windows\system32\rsikt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RSSERIAL (RSLinx Classic Serial Driver) - c:\windows\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 STAC97 (SigmaTel C-Major Audio) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>
S3 w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel® Corporation; Intel® Wireless LAN Adapter>
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RNADiagnosticsService (FactoryTalk Diagnostics Local Reader) - "c:\program files\common files\rockwell\rnadiagnosticssrv.exe" <Not Verified; Rockwell Automation; Factory Talk Diagnostics>
R2 RNADirectory (Rockwell Directory Server) - "c:\program files\common files\rockwell\rnadirserver.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R2 Rockwell HMI Diagnostics - "c:\program files\rockwell software\rsview enterprise\hmidiagnosticslstadapt.exe" <Not Verified; Rockwell Software, Inc.; ViewStudio>
R2 RsvcHost (Rockwell Application Services) - "c:\program files\common files\rockwell\rsvchost.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>
R3 EventClientMultiplexer (Rockwell Event Multiplexer) - "c:\program files\common files\rockwell\eventclientmultiplexer.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R3 EventServer (Rockwell Event Server) - "c:\program files\common files\rockwell\eventserver.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries Access for Windows>
S3 dnWhoDisp - c:\program files\rockwell software\rslinx\dnwhodisp.exe <Not Verified; ; dnWhoDisp Module>
S3 Harmony - "c:\program files\rockwell software\rscommon\rsobserv.exe" <Not Verified; Rockwell Software Inc.; Rockwell Software Harmony services>
S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 RNADiagReceiver (FactoryTalk Diagnostics CE Receiver) - "c:\program files\common files\rockwell\rnadiagreceiver.exe" <Not Verified; ; Rockwell Software FactoryTalk Diagnostics>
S3 RNADirMultiplexor (Rockwell Directory Multiplexer) - "c:\program files\common files\rockwell\rnadirmultiplexor.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
S3 Rockwell Tag Server - "c:\program files\rockwell software\rsview enterprise\tagsrv.exe" <Not Verified; Rockwell Software, Inc.; HMICore>
S3 RSLinx (RSLinx Classic) - c:\progra~1\rockwe~1\rslinx\rslinx.exe /service <Not Verified; Rockwell Software, Inc.; RSLinx Classic>
-- Device Manager: Disabled ----------------------------------------------------
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\12F4A9C1354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #3
PNP Device ID: V1394\NIC1394\12F4A9C1354FC000
Service: NIC1394
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic
-- Scheduled Tasks -------------------------------------------------------------
2008-07-13 23:56:00 264 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
-- Files created between 2008-06-14 and 2008-07-14 -----------------------------
2008-07-13 13:44:00 92672 --a------ C:\WINDOWS\system32\roramxwq.dll
2008-07-12 08:54:49 0 d-------- C:\Program Files\Enigma Software Group
2008-07-12 08:54:07 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\U3
2008-07-10 09:35:59 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\shcruej0ee5l
2008-07-10 09:35:53 0 d-------- C:\Program Files\shcruej0ee5l
2008-07-09 16:39:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-09 16:39:09 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-08 15:05:37 0 d-------- C:\WINDOWS\system32\778670
2008-07-07 13:07:39 134304 --ahs---- C:\WINDOWS\system32\ihNnnnnn.ini2
2008-07-07 13:07:35 318720 --a------ C:\WINDOWS\system32\nnnnnNhi.dll
2008-07-07 13:02:48 28800 --a------ C:\WINDOWS\system32\opnlLFWQ.dll
2008-07-07 13:02:30 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll
2008-07-07 13:02:11 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\rhcpuej0ee5l
2008-07-07 13:02:02 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\TmpRecentIcons
2008-07-07 13:01:58 0 d-------- C:\Program Files\rhcpuej0ee5l
2008-07-07 13:01:50 200704 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-07 13:01:50 90112 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-07 13:01:50 176128 --a------ C:\WINDOWS\esrp.exe
2008-07-07 13:01:39 109056 --a------ C:\WINDOWS\system32\lphctuej0ee5l.exe
2008-06-29 11:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-06-27 08:55:46 0 d-------- C:\WINDOWS\pss
2008-06-27 08:49:43 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-27 08:46:39 0 d-------- C:\Program Files\Common Files\Canon
2008-06-24 19:48:03 0 d-------- C:\Program Files\Zune
2008-06-24 18:03:22 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-19 18:51:23 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Yahoo!
2008-06-19 18:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-19 18:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 18:39:07 0 d-------- C:\Program Files\Yahoo!
2008-06-18 18:09:19 0 d-------- C:\Documents and Settings\PalaniswaN\Contacts
2008-06-18 18:09:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-18 18:09:05 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-18 17:58:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 17:58:28 0 d-------- C:\Program Files\Windows Live
2008-06-18 17:58:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-18 09:57:18 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Macromedia
2008-06-17 22:19:45 0 d-------- C:\Documents and Settings\PalaniswaN\Phone Browser
2008-06-17 22:19:32 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\ZoomBrowser EX
2008-06-17 22:19:31 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\PC Suite
2008-06-17 22:19:31 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia Multimedia Player
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\MSN6
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Mozilla
2008-06-17 22:19:29 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Datalayer
2008-06-17 22:17:19 0 d-------- C:\WINDOWS\system32\msmq
2008-06-17 22:17:19 0 d-------- C:\Documents and Settings\PalaniswaN\usrusmt2.tmp
2008-06-17 22:17:06 0 d-------- C:\Program Files\Winamp Remote
2008-06-17 22:16:51 0 d-------- C:\Program Files\Roxio
2008-06-17 22:16:44 0 d-------- C:\Program Files\QuickTime
2008-06-17 22:16:39 0 d-------- C:\Program Files\PIXELA
2008-06-17 22:16:39 0 d-------- C:\Program Files\Panasonic
2008-06-17 22:16:39 0 d-------- C:\Program Files\Nokia
2008-06-17 22:16:38 0 d-------- C:\Program Files\NetWaiting
2008-06-17 22:16:38 0 d-------- C:\Program Files\MSN Messenger
2008-06-17 22:16:35 0 d-------- C:\Program Files\Logitech
2008-06-17 22:16:27 0 d-------- C:\Program Files\Indramat
2008-06-17 22:16:21 0 d-------- C:\Program Files\HP
2008-06-17 22:16:20 0 d-------- C:\Program Files\Creative
2008-06-17 22:16:18 0 d-------- C:\Program Files\Common Files\PCSuite
2008-06-17 22:16:18 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-17 22:16:15 0 d-------- C:\Program Files\Canon
2008-06-17 22:16:15 0 d-------- C:\Program Files\AT&T Global Network Client
2008-06-17 22:15:45 0 d-------- C:\Program Files\ArcSoft
2008-06-17 22:15:39 0 d-------- C:\Games
2008-06-17 22:15:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-17 22:15:13 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-17 22:14:50 0 d-------- C:\Program Files\Winamp
-- Find3M Report ---------------------------------------------------------------
2008-07-14 00:19:35 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-27 08:46:39 0 d-------- C:\Program Files\Common Files
2008-06-18 10:18:57 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Adobe
2008-06-17 22:22:53 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 22:22:19 0 d-------- C:\Program Files\Messenger
2008-06-17 22:22:06 0 d-------- C:\Program Files\Drive
2008-06-17 22:22:06 0 d-------- C:\Program Files\Common Files\Rockwell
2008-06-17 22:16:33 0 d-------- C:\Program Files\Java
2008-06-17 21:33:21 57562 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-13 00:05:57 912 -r-hs---- C:\EVRSI.SYS
2008-06-12 23:52:47 0 d-------- C:\Program Files\AT&TGl~1
2008-06-12 22:45:19 0 d-------- C:\Program Files\ScriptLogic
2008-06-12 22:17:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-12 22:17:30 0 d-------- C:\Program Files\Symantec
2008-06-11 04:17:33 0 d-------- C:\Program Files\Rockwell Software
2008-06-11 01:18:51 0 d-------- C:\Program Files\Movie Maker
2008-06-11 01:16:25 0 d-------- C:\Program Files\Windows NT
2008-06-11 01:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-11 00:53:41 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-11 00:52:38 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Intel
2008-06-11 00:32:29 0 d-------- C:\Program Files\RSKeyMove
2008-05-08 21:24:57 6504 --a------ C:\Documents and Settings\PalaniswaN\Application Data\PrimoPDFSet.xml
2008-05-08 20:28:48 310 --a------ C:\Documents and Settings\PalaniswaN\Application Data\APUSet.xml
2008-05-01 08:54:42 5902336 --a------ C:\WINDOWS\system32\ToolkitPro1120vc80.dll <Not Verified; Codejock Software; Xtreme Toolkit Pro™ Dynamic Link Library>
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
07/07/2008 01:02 PM 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC2B4C85-F250-4259-B1B5-2A009148F554}]
07/07/2008 01:07 PM 318720 --a------ C:\WINDOWS\system32\nnnnnNhi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 02:05 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/14/2004 12:33 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/17/2007 05:50 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/17/2007 05:50 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/17/2007 05:50 AM]
"SigmatelSysTrayApp"="stsystra.exe" [02/20/2007 03:26 AM C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/22/2008 06:46 PM]
"NVHotkey"="nvHotkey.dll" [02/22/2008 06:46 PM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/22/2008 06:46 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [03/05/2008 03:46 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [03/05/2008 03:41 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/20/2006 08:26 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/28/2006 09:33 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:42 PM]
"NetSP - restore settings on power failure"="C:\Program Files\AT&TGl~1\NetSP.exe" [05/01/2008 09:25 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\iifcCsPF.dll [07/07/2008 01:02 PM 28800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AvpChk"= {f840309f-772b-4d44-a13d-206fdfd7acd4} - C:\WINDOWS\Resources\AvpChk.dll [07/08/2008 02:53 PM 14886]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCsPF]
iifcCsPF.dll 07/07/2008 01:02 PM 28800 C:\WINDOWS\system32\iifcCsPF.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnnNhi
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAmpAgent]
C:\Program Files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cb183d-4f66-11dd-bbeb-001c234ac01a}]
AutoRun\command- E:\LaunchU3.exe
-- End of Deckard's System Scanner: finished at 2008-07-14 00:26:37 ------------
Below is extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------
-- System Information ----------------------------------------------------------
Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English
CPU 0: Intel® Core2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2045.9 MiB / 1429.39 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3487.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.52 MiB
C: is Fixed (NTFS) - 111.72 GiB total, 95.5 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Removable (FAT)
Z: is Network (Unformatted)
\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75UST0 - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:
\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - F:
-- Security Center -------------------------------------------------------------
AUOptions is scheduled to auto-install.
-- Environment Variables -------------------------------------------------------
ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PalaniswaN\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=G1GPALANISWD630
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PalaniswaN
LOGONSERVER=\\MWUPHIBWC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Rockwell Software\RSCommon;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Rockwell\;C:\Program Files\Rockwell Software\RSView Enterprise\;C:\Program Files\Rockwell Automation\Common\Components
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
USERDNSDOMAIN=BWCINC.ORG
USERDOMAIN=BWCINC
USERNAME=Palaniswan
USERPROFILE=C:\Documents and Settings\PalaniswaN
windir=C:\WINDOWS
-- User Profiles ---------------------------------------------------------------
helpdesk
(new local, admin)Administrator
(admin)PalaniswaN
(admin)-- Add/Remove Programs ---------------------------------------------------------
--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL101.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL42.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL43.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL46.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL47.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL48.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL49.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL50.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL51.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL52.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL53.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL54.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL55.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL56.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL8.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /x{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
--> MsiExec.exe /x{BEBD101C-B477-401F-B612-B067B51E6F9C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Global Network Client Managed VPN Edition --> MsiExec.exe /I{349E4164-29AC-4FCD-A051-F5BA57EBDB24}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
CamGen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FAAA0A6-4834-4EF8-8208-9C4F864F2E77}\setup.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
ControlFLASH --> MsiExec.exe /I{F5B20EF6-80AE-4D77-BEBF-AF63CEFA5DD0}
Creative WebCam Live! Pro/Effects Driver (1.02.05.0506) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl
DAQDRIVE --> C:\WINDOWS\IsUninst.exe -fC:\Keithley\Uninst.isu
DocMaker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C836912-C122-4BF7-A188-862C239D2F41}\setup.exe"
Drive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D10BEA98-0452-4A20-9199-B5075150F1F2}\Setup.exe" -l0x9
DriveTop14V03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F50B889-7B48-11D5-99FE-00C04F21FBF0}\setup.exe" UNINSTALL
FactoryTalk Activation Client v2.00.01 (CPR 7) --> MsiExec.exe /I{30E45D79-A117-41C9-81E7-004F2B183249}
FactoryTalk Automation Platform 1.08 (CPR 6) --> MsiExec.exe /I{23B4B90F-2BC2-42CB-BC81-E9429D293AA6}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM iSeries Access for Windows SI28055 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_08 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142080}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Machine Drawing Set 31712 --> MsiExec.exe /I{ADBF893C-4CCB-4CD6-A462-684F5BCC9204}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCS Information Center 1.0.20 --> MsiExec.exe /I{05153469-C76F-496D-A8E6-D493D4A65A49}
MCS Simulator --> MsiExec.exe /I{D11791E7-5209-46FF-9D0C-3400B8C186F6}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motion Perfect 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{911C08C0-87AA-11D3-8B25-00104B4FBFEB}\setup.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MProtector --> "C:\Program Files\shcruej0ee5l\uninstall.exe"
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OZ776 SCR Driver V1.1.3.9 --> C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
Parker Isysnet Analog Module Profiles --> MsiExec.exe /X{2ACA8536-E7A2-4914-9597-DBA635D93492}
Parker Isysnet ASCII Module Profile --> MsiExec.exe /X{56D614BA-A250-4C3E-8F79-43B3BC611D21}
Parker Isysnet Discrete Module Profiles --> MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
PiCPro V13.0 Professional Edition --> C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\UNWISE.EXE C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\INSTALL.LOG
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Rockwell Automation 1734 Analog Module Profiles --> MsiExec.exe /X{FC07B277-E45F-47AF-BE00-09B03B356899}
Rockwell Automation 1734 ASCII Module Profiles --> MsiExec.exe /X{C1981911-CC3E-4E57-9520-CF2E6586472B}
Rockwell Automation 1734 Discrete Module Profiles --> MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
Rockwell Automation 1734 Specialty Module Profiles --> MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
Rockwell Automation 1738 Analog Module Profiles --> MsiExec.exe /X{6AFEDA45-288E-445F-A176-FCD42AFA74FE}
Rockwell Automation 1738 ASCII Module Profiles --> MsiExec.exe /X{9964845D-1604-440E-BEE9-930A29BC5F63}
Rockwell Automation 1738 Discrete Module Profiles --> MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
Rockwell Automation 1738 Specialty Module Profiles --> MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
Rockwell Automation 1756 CNet Comms Module Profiles --> MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
Rockwell Automation 1756 ENet Comms Module Profiles --> MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
Rockwell Automation 1756 HART Module Profiles --> MsiExec.exe /X{7D3C6066-4659-4A2E-8D8E-EE93E206FF99}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{842CDC14-718F-4063-9D48-36E982E12946}
Rockwell Automation 1769 ASCII Module Profiles --> MsiExec.exe /X{8372A29B-CE1C-4419-B479-8493027B41AA}
Rockwell Automation 1769 Boolean Module Profiles --> MsiExec.exe /X{449AD43D-AEF6-439B-B936-B1E239B8944C}
Rockwell Automation 1769 Discrete Module Profiles --> MsiExec.exe /X{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}
Rockwell Automation 1769 Specialty Module Profiles --> MsiExec.exe /X{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}
Rockwell Automation 1791DS Discrete Module Profiles --> MsiExec.exe /X{0FE69AD2-75EB-474B-9314-B662E008D8E6}
Rockwell Automation Drives PowerFlex 4 Module Profiles --> MsiExec.exe /X{7B8ADA90-FD53-4B71-B2F5-EF3953BCF526}
Rockwell Automation Drives PowerFlex 7 Module Profiles --> MsiExec.exe /X{08CE9D4C-C5F3-4352-B2B6-C9F0F36AC0FC}
Rockwell Automation Drives SCANport Module Profiles --> MsiExec.exe /X{DE6AAAC7-6219-4401-903F-268F78821D05}
Rockwell Automation Generic Safety Module Profiles --> MsiExec.exe /X{F699127B-51FB-44DF-AD6A-8AC498BA9684}
Rockwell Software Hardware Maintenance Tool --> C:\Program Files\Rockwell Software\RSCommon\RSHWare.exe
Rockwell Windows Firewall Configuration Utility 1.00.01 --> MsiExec.exe /I{546A6A91-FA45-48BD-A6D6-F4C8D4317A56}
RSLinx Classic --> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
RSLogix 5 English --> MsiExec.exe /I{BEBD101C-B477-401F-B612-B067B51E6F9C}
RSLogix 500 English --> MsiExec.exe /I{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{DA787F2A-4AD5-42C3-89D3-8E698E552792}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{D2B06C02-5880-4E65-BF31-B4F32A630FA9}
RSLogix 5000 Online Books v16.03.00 --> MsiExec.exe /I{20010316-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 Start Page Media v16.00.05 --> MsiExec.exe /I{10050016-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 System Updates --> MsiExec.exe /X{8E10471D-5CBF-4080-972D-2E6451420B7F}
RSLogix 5000 v10.04 --> MsiExec.exe /X{30010410-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v11.13 --> MsiExec.exe /X{30011311-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v12.03 --> MsiExec.exe /X{30010312-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v13.01 --> MsiExec.exe /X{30010113-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v15.00 --> MsiExec.exe /X{30010015-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v16.03.00 (CPR 9) --> MsiExec.exe /I{30010316-EC33-11D6-A408-F6139379CBFB}
RSNetWorx for ControlNet 5.00.00 (Build 81) --> MsiExec.exe /I{2BF0655E-B036-43F6-9230-BB45CB07F004}
RSNetWorx for DeviceNet 5.11.00 (Build 31)(CPR 6) --> MsiExec.exe /I{692179FB-984B-465A-BC4F-3875D2D53F32}
RSView ME Station 3.20.00 (CPR6) --> MsiExec.exe /I{3121829D-CE2C-42E0-8426-DD7B356E1A91}
S600 Drive GUI V4.90 --> "C:\Program Files\S600 Drive GUI\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B