Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

XP antivirus 2008 and Malware Protector invested my computer [RESOLVED


  • This topic is locked This topic is locked

#1
nemalbeckham

nemalbeckham

    Member

  • Member
  • PipPip
  • 12 posts
HI. I am having serious trouble getting rid of this problem. first i was attacked by the Antivirus Xp 2008. after that i can no longer see my hard drive and dvdrom on My Computer. I cannot access my Task Manager too as it claims to be have disabled my Task Manager. I can no longer see my Control Panel in my Start Menu also. It also has the VIRUS ALERT sign next to my time and system info. I am using a Windows XP professional on a Dell Laptop. My computer is getting very slow and it crashes from time to time. I am using Symantec Antivirus. I tried scanning my computer. It is detecting a few files at startup which it deletes off. But it reappears again and again. I have also tried using spyhunter Security Suite to clear it but failed. With this i have included a HJt log file from my computer. Can I please have some advice on what to do?? Thanks in advance.

********************************************************************************
************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:23 PM, on 7/13/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\lphctuej0ee5l.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\PalaniswaN\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: nqgpedlr - {80123684-A222-4009-8220-A867294D6DE8} - C:\WINDOWS\nqgpedlr.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [lphctuej0ee5l] C:\WINDOWS\system32\lphctuej0ee5l.exe
O4 - HKLM\..\Run: [SMshcruej0ee5l] C:\Program Files\shcruej0ee5l\shcruej0ee5l.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKLM\..\Run: [a8475d70] rundll32.exe "C:\WINDOWS\system32\ftapwjrn.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190219409312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190233303250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O21 - SSODL: okmdepgb - {74E4764D-E110-4E81-A0DC-62769749A795} - C:\WINDOWS\okmdepgb.dll (file missing)
O21 - SSODL: axrfgvek - {8CFAB24F-AD74-411E-8232-51655E3B6BDB} - C:\WINDOWS\axrfgvek.dll (file missing)
O21 - SSODL: AvpChk - {f840309f-772b-4d44-a13d-206fdfd7acd4} - C:\WINDOWS\Resources\AvpChk.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12341 bytes
  • 0

Advertisements


#2
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Please download Runscanner to your desktop and run it.
  • When the first page comes up select Beginner Mode
  • On the next page select Save a binary .Run file (Recommended) then click Start full scan at the top.
  • At this time Runscanner.exe may request access to the Internet through your firewall please allow it to do so, it will then run for two or three minutes.
  • On completion it will ask for a location to save the file and a name. It will do this for both the .run file and the log file
  • Call the .run file "Mylog" and save it to your desktop. You will see the .run file on your desktop. Upload that file here.
    If the forum doesn't let you upload it then please zip the .run file by right clicking the file and selecting send to Zip file.

To attach a file, do the following:* Click Add Reply
* Under the reply panel is the Attachments Panel
* Browse for the attachment file you want to upload, then click the green Upload button
* Once it has uploaded, click the Manage Current Attachments drop down box
* Click on Posted Image to insert the attachment into your post

  • 0

#3
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Thanks for the quick reply. I have downloaded the scanner, run the scan and have included both the .run and log file in the zip attachment. Once again, thank you very much
Attached File  Mylog.zip   113.96KB   77 downloads
Attached File  Mylog.zip   113.96KB   77 downloads
  • 0

#4
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi,

Are you familiar with BWCINC.ORG?

Download the zipped attachment at the end of this post (this will be your runscanner file fixed by me).
  • Unzip it to your desktop then double click the runscanner icon this will run the program.
  • You will notice several entries in red.
  • Click the button at the top called Fix selected items
  • Accept the warning(s) and repeat until they are all gone.
  • Reboot your PC

Then,


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, dss will open two Notepads main.txt and extra.txt -- please copy (CTRL+A and then CTRL+C) and paste (CTRL+V) the contents of main.txt and extra.txt in your next reply.
Note:These logs may be too large to post in one reply, if so, please post extra.txt in a seperate reply.
  • 0

#5
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Done the both fixing and scanning
This is Main.txt
Deckard's System Scanner v20071014.68
Run by Palaniswan on 2008-07-14 00:20:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-07-13 16:21:07 UTC - RP15 - Deckard's System Scanner Restore Point
1: 2008-07-13 04:43:28 UTC - RP14 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Palaniswan.exe) ------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:23:37 AM, on 7/14/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apntex.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Documents and Settings\PalaniswaN\Application Data\U3\0000060329040501\LaunchPad.exe
C:\Documents and Settings\PalaniswaN\Desktop\dss.exe
C:\DOCUME~1\PALANI~1\Desktop\Palaniswan.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCsPF.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {EC2B4C85-F250-4259-B1B5-2A009148F554} - C:\WINDOWS\system32\nnnnnNhi.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190219409312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190233303250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O20 - Winlogon Notify: iifcCsPF - C:\WINDOWS\SYSTEM32\iifcCsPF.dll
O21 - SSODL: AvpChk - {f840309f-772b-4d44-a13d-206fdfd7acd4} - C:\WINDOWS\Resources\AvpChk.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12533 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 OMCI - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Computer Corporation; OMCI Driver>
R2 agnwifi (AT&T Wi-Fi Support Driver) - c:\windows\system32\drivers\agnwifi.sys <Not Verified; AT&T; AT&T Global Network Client>
R2 s24trans (WLAN Transport) - c:\windows\system32\drivers\s24trans.sys <Not Verified; Intel Corporation; Intel Wireless LAN Packet Driver>
R2 Sentinel - c:\windows\system32\drivers\sentinel.sys <Not Verified; Rainbow Technologies, Inc.; Sentinel System Driver>

S3 ABKTCX (Rockwell Software 1784-KTC(X) Driver) - c:\windows\system32\drivers\abktcx.sys <Not Verified; Rockwell Software Inc.; abktcx Driver>
S3 PcmkWdm (%PcmkWdm.DeviceDesc%) - c:\windows\system32\drivers\pcmkwdm.sys <Not Verified; Rockwell Software, Inc.; PcmkWdm Driver>
S3 RS_SS_NT (RSLinx Classic S-S SD/SD2 Device Driver) - c:\windows\system32\rs_ss_nt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RsiKtControl - c:\windows\system32\rsikt.sys <Not Verified; Rockwell Software, Inc.; RSLinx>
S3 RSSERIAL (RSLinx Classic Serial Driver) - c:\windows\system32\rsserial.sys <Not Verified; Rockwell Software Inc.; Rsserial Driver>
S3 Sntnlusb (Rainbow USB SuperPro) - c:\windows\system32\drivers\sntnlusb.sys <Not Verified; Rainbow Technologies Inc.; Rainbow Technologies USB Security Device Driver>
S3 STAC97 (SigmaTel C-Major Audio) - c:\windows\system32\drivers\stac97.sys <Not Verified; SigmaTel, Inc.; AC'97 Audio Controller with SigmaTel CODEC device driver.>
S3 w29n51 (Intel® PRO/Wireless 2200BG Network Connection Driver for Windows XP) - c:\windows\system32\drivers\w29n51.sys <Not Verified; Intel Corporation; Intel Wireless LAN Adapter>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 RegSrvc (Intel® PROSet/Wireless Registry Service) - c:\program files\intel\wireless\bin\regsrvc.exe <Not Verified; Intel Corporation; Intel® PROSet/Wireless Registry Service>
R2 RNADiagnosticsService (FactoryTalk Diagnostics Local Reader) - "c:\program files\common files\rockwell\rnadiagnosticssrv.exe" <Not Verified; Rockwell Automation; Factory Talk Diagnostics>
R2 RNADirectory (Rockwell Directory Server) - "c:\program files\common files\rockwell\rnadirserver.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R2 Rockwell HMI Diagnostics - "c:\program files\rockwell software\rsview enterprise\hmidiagnosticslstadapt.exe" <Not Verified; Rockwell Software, Inc.; ViewStudio>
R2 RsvcHost (Rockwell Application Services) - "c:\program files\common files\rockwell\rsvchost.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R2 STacSV (SigmaTel Audio Service) - c:\program files\sigmatel\c-major audio\wdm\stacsv.exe <Not Verified; SigmaTel, Inc.; C-Major Audio>
R2 WLANKEEPER (Intel® PROSet/Wireless SSO Service) - c:\program files\intel\wireless\bin\wlkeeper.exe <Not Verified; Intel Corporation; SSO Service>
R3 EventClientMultiplexer (Rockwell Event Multiplexer) - "c:\program files\common files\rockwell\eventclientmultiplexer.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
R3 EventServer (Rockwell Event Server) - "c:\program files\common files\rockwell\eventserver.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>

S3 Cwbrxd (iSeries Access for Windows Remote Command) - c:\windows\cwbrxd.exe <Not Verified; IBM Corporation; IBM® iSeries ™ Access for Windows>
S3 dnWhoDisp - c:\program files\rockwell software\rslinx\dnwhodisp.exe <Not Verified; ; dnWhoDisp Module>
S3 Harmony - "c:\program files\rockwell software\rscommon\rsobserv.exe" <Not Verified; Rockwell Software Inc.; Rockwell Software Harmony services>
S3 OpcEnum - c:\windows\system32\opcenum.exe <Not Verified; OPC Foundation; OPC Server Enumerator 1.10>
S3 RNADiagReceiver (FactoryTalk Diagnostics CE Receiver) - "c:\program files\common files\rockwell\rnadiagreceiver.exe" <Not Verified; ; Rockwell Software FactoryTalk Diagnostics>
S3 RNADirMultiplexor (Rockwell Directory Multiplexer) - "c:\program files\common files\rockwell\rnadirmultiplexor.exe" <Not Verified; Rockwell Software, Inc.; FactoryTalk™>
S3 Rockwell Tag Server - "c:\program files\rockwell software\rsview enterprise\tagsrv.exe" <Not Verified; Rockwell Software, Inc.; HMICore>
S3 RSLinx (RSLinx Classic) - c:\progra~1\rockwe~1\rslinx\rslinx.exe /service <Not Verified; Rockwell Software, Inc.; RSLinx Classic>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\12F4A9C1354FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter #3
PNP Device ID: V1394\NIC1394\12F4A9C1354FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AGN Virtual Network Adapter
Device ID: ROOT\NET\0000
Manufacturer: AT&T
Name: AGN Virtual Network Adapter
PNP Device ID: ROOT\NET\0000
Service: avpnnic


-- Scheduled Tasks -------------------------------------------------------------

2008-07-13 23:56:00 264 --a------ C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job


-- Files created between 2008-06-14 and 2008-07-14 -----------------------------

2008-07-13 13:44:00 92672 --a------ C:\WINDOWS\system32\roramxwq.dll
2008-07-12 08:54:49 0 d-------- C:\Program Files\Enigma Software Group
2008-07-12 08:54:07 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\U3
2008-07-10 09:35:59 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\shcruej0ee5l
2008-07-10 09:35:53 0 d-------- C:\Program Files\shcruej0ee5l
2008-07-09 16:39:10 0 d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-09 16:39:09 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-08 15:05:37 0 d-------- C:\WINDOWS\system32\778670
2008-07-07 13:07:39 134304 --ahs---- C:\WINDOWS\system32\ihNnnnnn.ini2
2008-07-07 13:07:35 318720 --a------ C:\WINDOWS\system32\nnnnnNhi.dll
2008-07-07 13:02:48 28800 --a------ C:\WINDOWS\system32\opnlLFWQ.dll
2008-07-07 13:02:30 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll
2008-07-07 13:02:11 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\rhcpuej0ee5l
2008-07-07 13:02:02 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\TmpRecentIcons
2008-07-07 13:01:58 0 d-------- C:\Program Files\rhcpuej0ee5l
2008-07-07 13:01:50 200704 --a------ C:\WINDOWS\nqgpedlr.dll
2008-07-07 13:01:50 90112 --a------ C:\WINDOWS\mrvtdpqe.exe
2008-07-07 13:01:50 176128 --a------ C:\WINDOWS\esrp.exe
2008-07-07 13:01:39 109056 --a------ C:\WINDOWS\system32\lphctuej0ee5l.exe
2008-06-29 11:32:03 0 d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-06-27 08:55:46 0 d-------- C:\WINDOWS\pss
2008-06-27 08:49:43 0 d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-27 08:46:39 0 d-------- C:\Program Files\Common Files\Canon
2008-06-24 19:48:03 0 d-------- C:\Program Files\Zune
2008-06-24 18:03:22 0 d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-19 18:51:23 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Yahoo!
2008-06-19 18:51:23 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-19 18:40:24 0 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 18:39:07 0 d-------- C:\Program Files\Yahoo!
2008-06-18 18:09:19 0 d-------- C:\Documents and Settings\PalaniswaN\Contacts
2008-06-18 18:09:08 0 d-------- C:\Program Files\Windows Live Toolbar
2008-06-18 18:09:05 0 d-------- C:\Program Files\Windows Live Favorites
2008-06-18 17:58:34 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 17:58:28 0 d-------- C:\Program Files\Windows Live
2008-06-18 17:58:16 0 d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-18 09:57:18 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Macromedia
2008-06-17 22:19:45 0 d-------- C:\Documents and Settings\PalaniswaN\Phone Browser
2008-06-17 22:19:32 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\ZoomBrowser EX
2008-06-17 22:19:31 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\PC Suite
2008-06-17 22:19:31 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia Multimedia Player
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\MSN6
2008-06-17 22:19:30 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Mozilla
2008-06-17 22:19:29 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Datalayer
2008-06-17 22:17:19 0 d-------- C:\WINDOWS\system32\msmq
2008-06-17 22:17:19 0 d-------- C:\Documents and Settings\PalaniswaN\usrusmt2.tmp
2008-06-17 22:17:06 0 d-------- C:\Program Files\Winamp Remote
2008-06-17 22:16:51 0 d-------- C:\Program Files\Roxio
2008-06-17 22:16:44 0 d-------- C:\Program Files\QuickTime
2008-06-17 22:16:39 0 d-------- C:\Program Files\PIXELA
2008-06-17 22:16:39 0 d-------- C:\Program Files\Panasonic
2008-06-17 22:16:39 0 d-------- C:\Program Files\Nokia
2008-06-17 22:16:38 0 d-------- C:\Program Files\NetWaiting
2008-06-17 22:16:38 0 d-------- C:\Program Files\MSN Messenger
2008-06-17 22:16:35 0 d-------- C:\Program Files\Logitech
2008-06-17 22:16:27 0 d-------- C:\Program Files\Indramat
2008-06-17 22:16:21 0 d-------- C:\Program Files\HP
2008-06-17 22:16:20 0 d-------- C:\Program Files\Creative
2008-06-17 22:16:18 0 d-------- C:\Program Files\Common Files\PCSuite
2008-06-17 22:16:18 0 d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-17 22:16:15 0 d-------- C:\Program Files\Canon
2008-06-17 22:16:15 0 d-------- C:\Program Files\AT&T Global Network Client
2008-06-17 22:15:45 0 d-------- C:\Program Files\ArcSoft
2008-06-17 22:15:39 0 d-------- C:\Games
2008-06-17 22:15:13 0 d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-17 22:15:13 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-17 22:14:57 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-06-17 22:14:50 0 d-------- C:\Program Files\Winamp


-- Find3M Report ---------------------------------------------------------------

2008-07-14 00:19:35 0 d-------- C:\Program Files\Symantec AntiVirus
2008-06-27 08:46:39 0 d-------- C:\Program Files\Common Files
2008-06-18 10:18:57 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Adobe
2008-06-17 22:22:53 0 d-------- C:\Program Files\Windows Media Connect 2
2008-06-17 22:22:19 0 d-------- C:\Program Files\Messenger
2008-06-17 22:22:06 0 d-------- C:\Program Files\Drive
2008-06-17 22:22:06 0 d-------- C:\Program Files\Common Files\Rockwell
2008-06-17 22:16:33 0 d-------- C:\Program Files\Java
2008-06-17 21:33:21 57562 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-13 00:05:57 912 -r-hs---- C:\EVRSI.SYS
2008-06-12 23:52:47 0 d-------- C:\Program Files\AT&TGl~1
2008-06-12 22:45:19 0 d-------- C:\Program Files\ScriptLogic
2008-06-12 22:17:55 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-06-12 22:17:30 0 d-------- C:\Program Files\Symantec
2008-06-11 04:17:33 0 d-------- C:\Program Files\Rockwell Software
2008-06-11 01:18:51 0 d-------- C:\Program Files\Movie Maker
2008-06-11 01:16:25 0 d-------- C:\Program Files\Windows NT
2008-06-11 01:02:06 0 d-------- C:\Program Files\Microsoft Silverlight
2008-06-11 00:53:41 376832 --a------ C:\WINDOWS\system32\AegisI5Installer.exe <Not Verified; ; AegisInstall Application>
2008-06-11 00:52:38 0 d-------- C:\Documents and Settings\PalaniswaN\Application Data\Intel
2008-06-11 00:32:29 0 d-------- C:\Program Files\RSKeyMove
2008-05-08 21:24:57 6504 --a------ C:\Documents and Settings\PalaniswaN\Application Data\PrimoPDFSet.xml
2008-05-08 20:28:48 310 --a------ C:\Documents and Settings\PalaniswaN\Application Data\APUSet.xml
2008-05-01 08:54:42 5902336 --a------ C:\WINDOWS\system32\ToolkitPro1120vc80.dll <Not Verified; Codejock Software; Xtreme Toolkit Pro™ Dynamic Link Library>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
07/07/2008 01:02 PM 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EC2B4C85-F250-4259-B1B5-2A009148F554}]
07/07/2008 01:07 PM 318720 --a------ C:\WINDOWS\system32\nnnnnNhi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [08/13/2004 02:05 PM]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [09/14/2004 12:33 AM]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [05/17/2007 05:50 AM]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [05/17/2007 05:50 AM]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [05/17/2007 05:50 AM]
"SigmatelSysTrayApp"="stsystra.exe" [02/20/2007 03:26 AM C:\WINDOWS\stsystra.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [02/22/2008 06:46 PM]
"NVHotkey"="nvHotkey.dll" [02/22/2008 06:46 PM C:\WINDOWS\system32\nvhotkey.dll]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [02/22/2008 06:46 PM]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [03/05/2008 03:46 AM]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [03/05/2008 03:41 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [07/20/2006 08:26 AM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [09/28/2006 09:33 AM]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [01/23/2008 02:47 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/14/2008 06:42 PM]
"NetSP - restore settings on power failure"="C:\Program Files\AT&TGl~1\NetSP.exe" [05/01/2008 09:25 AM]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.exe" [08/30/2007 05:43 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)
"NoDispBackgroundPage"=1 (0x1)
"NoDispScrSavPage"=1 (0x1)
"DisableRegistryTools"=1 (0x1)
"NoDispCPL"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoToolbarCustomize"=1 (0x1)
"StartMenuLogoff"=1 (0x1)
"NoStartMenuMorePrograms"=1 (0x1)
"NoSetFolders"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= C:\WINDOWS\system32\iifcCsPF.dll [07/07/2008 01:02 PM 28800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"AvpChk"= {f840309f-772b-4d44-a13d-206fdfd7acd4} - C:\WINDOWS\Resources\AvpChk.dll [07/08/2008 02:53 PM 14886]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCsPF]
iifcCsPF.dll 07/07/2008 01:02 PM 28800 C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\nnnnnNhi

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinAmpAgent]
C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
"c:\Program Files\Zune\ZuneLauncher.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cb183d-4f66-11dd-bbeb-001c234ac01a}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-07-14 00:26:37 ------------


Below is extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2045.9 MiB / 1429.39 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3487.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.52 MiB

C: is Fixed (NTFS) - 111.72 GiB total, 95.5 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Removable (FAT)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75UST0 - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PalaniswaN\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=G1GPALANISWD630
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PalaniswaN
LOGONSERVER=\\MWUPHIBWC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Rockwell Software\RSCommon;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Rockwell\;C:\Program Files\Rockwell Software\RSView Enterprise\;C:\Program Files\Rockwell Automation\Common\Components
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
USERDNSDOMAIN=BWCINC.ORG
USERDOMAIN=BWCINC
USERNAME=Palaniswan
USERPROFILE=C:\Documents and Settings\PalaniswaN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

helpdesk (new local, admin)
Administrator (admin)
PalaniswaN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL101.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL42.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL43.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL46.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL47.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL48.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL49.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL50.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL51.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL52.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL53.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL54.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL55.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL56.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL8.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /x{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
--> MsiExec.exe /x{BEBD101C-B477-401F-B612-B067B51E6F9C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Global Network Client Managed VPN Edition --> MsiExec.exe /I{349E4164-29AC-4FCD-A051-F5BA57EBDB24}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
CamGen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FAAA0A6-4834-4EF8-8208-9C4F864F2E77}\setup.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
ControlFLASH --> MsiExec.exe /I{F5B20EF6-80AE-4D77-BEBF-AF63CEFA5DD0}
Creative WebCam Live! Pro/Effects Driver (1.02.05.0506) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl
DAQDRIVE --> C:\WINDOWS\IsUninst.exe -fC:\Keithley\Uninst.isu
DocMaker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C836912-C122-4BF7-A188-862C239D2F41}\setup.exe"
Drive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D10BEA98-0452-4A20-9199-B5075150F1F2}\Setup.exe" -l0x9
DriveTop14V03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F50B889-7B48-11D5-99FE-00C04F21FBF0}\setup.exe" UNINSTALL
FactoryTalk Activation Client v2.00.01 (CPR 7) --> MsiExec.exe /I{30E45D79-A117-41C9-81E7-004F2B183249}
FactoryTalk Automation Platform 1.08 (CPR 6) --> MsiExec.exe /I{23B4B90F-2BC2-42CB-BC81-E9429D293AA6}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM iSeries Access for Windows SI28055 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_08 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142080}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Machine Drawing Set 31712 --> MsiExec.exe /I{ADBF893C-4CCB-4CD6-A462-684F5BCC9204}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCS Information Center 1.0.20 --> MsiExec.exe /I{05153469-C76F-496D-A8E6-D493D4A65A49}
MCS Simulator --> MsiExec.exe /I{D11791E7-5209-46FF-9D0C-3400B8C186F6}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motion Perfect 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{911C08C0-87AA-11D3-8B25-00104B4FBFEB}\setup.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MProtector --> "C:\Program Files\shcruej0ee5l\uninstall.exe"
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OZ776 SCR Driver V1.1.3.9 --> C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
Parker Isysnet Analog Module Profiles --> MsiExec.exe /X{2ACA8536-E7A2-4914-9597-DBA635D93492}
Parker Isysnet ASCII Module Profile --> MsiExec.exe /X{56D614BA-A250-4C3E-8F79-43B3BC611D21}
Parker Isysnet Discrete Module Profiles --> MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
PiCPro V13.0 Professional Edition --> C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\UNWISE.EXE C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\INSTALL.LOG
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Rockwell Automation 1734 Analog Module Profiles --> MsiExec.exe /X{FC07B277-E45F-47AF-BE00-09B03B356899}
Rockwell Automation 1734 ASCII Module Profiles --> MsiExec.exe /X{C1981911-CC3E-4E57-9520-CF2E6586472B}
Rockwell Automation 1734 Discrete Module Profiles --> MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
Rockwell Automation 1734 Specialty Module Profiles --> MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
Rockwell Automation 1738 Analog Module Profiles --> MsiExec.exe /X{6AFEDA45-288E-445F-A176-FCD42AFA74FE}
Rockwell Automation 1738 ASCII Module Profiles --> MsiExec.exe /X{9964845D-1604-440E-BEE9-930A29BC5F63}
Rockwell Automation 1738 Discrete Module Profiles --> MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
Rockwell Automation 1738 Specialty Module Profiles --> MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
Rockwell Automation 1756 CNet Comms Module Profiles --> MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
Rockwell Automation 1756 ENet Comms Module Profiles --> MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
Rockwell Automation 1756 HART Module Profiles --> MsiExec.exe /X{7D3C6066-4659-4A2E-8D8E-EE93E206FF99}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{842CDC14-718F-4063-9D48-36E982E12946}
Rockwell Automation 1769 ASCII Module Profiles --> MsiExec.exe /X{8372A29B-CE1C-4419-B479-8493027B41AA}
Rockwell Automation 1769 Boolean Module Profiles --> MsiExec.exe /X{449AD43D-AEF6-439B-B936-B1E239B8944C}
Rockwell Automation 1769 Discrete Module Profiles --> MsiExec.exe /X{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}
Rockwell Automation 1769 Specialty Module Profiles --> MsiExec.exe /X{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}
Rockwell Automation 1791DS Discrete Module Profiles --> MsiExec.exe /X{0FE69AD2-75EB-474B-9314-B662E008D8E6}
Rockwell Automation Drives PowerFlex 4 Module Profiles --> MsiExec.exe /X{7B8ADA90-FD53-4B71-B2F5-EF3953BCF526}
Rockwell Automation Drives PowerFlex 7 Module Profiles --> MsiExec.exe /X{08CE9D4C-C5F3-4352-B2B6-C9F0F36AC0FC}
Rockwell Automation Drives SCANport Module Profiles --> MsiExec.exe /X{DE6AAAC7-6219-4401-903F-268F78821D05}
Rockwell Automation Generic Safety Module Profiles --> MsiExec.exe /X{F699127B-51FB-44DF-AD6A-8AC498BA9684}
Rockwell Software Hardware Maintenance Tool --> C:\Program Files\Rockwell Software\RSCommon\RSHWare.exe
Rockwell Windows Firewall Configuration Utility 1.00.01 --> MsiExec.exe /I{546A6A91-FA45-48BD-A6D6-F4C8D4317A56}
RSLinx Classic --> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
RSLogix 5 English --> MsiExec.exe /I{BEBD101C-B477-401F-B612-B067B51E6F9C}
RSLogix 500 English --> MsiExec.exe /I{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{DA787F2A-4AD5-42C3-89D3-8E698E552792}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{D2B06C02-5880-4E65-BF31-B4F32A630FA9}
RSLogix 5000 Online Books v16.03.00 --> MsiExec.exe /I{20010316-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 Start Page Media v16.00.05 --> MsiExec.exe /I{10050016-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 System Updates --> MsiExec.exe /X{8E10471D-5CBF-4080-972D-2E6451420B7F}
RSLogix 5000 v10.04 --> MsiExec.exe /X{30010410-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v11.13 --> MsiExec.exe /X{30011311-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v12.03 --> MsiExec.exe /X{30010312-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v13.01 --> MsiExec.exe /X{30010113-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v15.00 --> MsiExec.exe /X{30010015-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v16.03.00 (CPR 9) --> MsiExec.exe /I{30010316-EC33-11D6-A408-F6139379CBFB}
RSNetWorx for ControlNet 5.00.00 (Build 81) --> MsiExec.exe /I{2BF0655E-B036-43F6-9230-BB45CB07F004}
RSNetWorx for DeviceNet 5.11.00 (Build 31)(CPR 6) --> MsiExec.exe /I{692179FB-984B-465A-BC4F-3875D2D53F32}
RSView ME Station 3.20.00 (CPR6) --> MsiExec.exe /I{3121829D-CE2C-42E0-8426-DD7B356E1A91}
S600 Drive GUI V4.90 --> "C:\Program Files\S600 Drive GUI\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B
  • 0

#6
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
This is extra.txt
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 3.0
Architecture: X86; Language: English

CPU 0: Intel® Core™2 Duo CPU T7500 @ 2.20GHz
Percentage of Memory in Use: 30%
Physical Memory (total/avail): 2045.9 MiB / 1429.39 MiB
Pagefile Memory (total/avail): 3938.68 MiB / 3487.29 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1905.52 MiB

C: is Fixed (NTFS) - 111.72 GiB total, 95.5 GiB free.
D: is CDROM (No Media)
E: is CDROM (CDFS)
F: is Removable (FAT)
Z: is Network (Unformatted)

\\.\PHYSICALDRIVE0 - WDC WD1200BEVS-75UST0 - 111.79 GiB - 2 partitions
\PARTITION0 - Unknown - 70.57 MiB
\PARTITION1 (bootable) - Installable File System - 111.72 GiB - C:

\\.\PHYSICALDRIVE1 - SanDisk U3 Cruzer Micro USB Device - 972.69 MiB - 1 partition
\PARTITION0 - MS-DOS V4 Huge - 973.43 MiB - F:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\PalaniswaN\Application Data
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=G1GPALANISWD630
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\PalaniswaN
LOGONSERVER=\\MWUPHIBWC01
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\Rockwell Software\RSCommon;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\PROGRA~1\IBM\CLIENT~1;C:\PROGRA~1\IBM\CLIENT~1\Shared;C:\PROGRA~1\IBM\CLIENT~1\Emulator;C:\Program Files\Common Files\Rockwell\;C:\Program Files\Rockwell Software\RSView Enterprise\;C:\Program Files\Rockwell Automation\Common\Components
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 15 Stepping 11, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0f0b
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\PALANI~1\LOCALS~1\Temp
USERDNSDOMAIN=BWCINC.ORG
USERDOMAIN=BWCINC
USERNAME=Palaniswan
USERPROFILE=C:\Documents and Settings\PalaniswaN
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

helpdesk (new local, admin)
Administrator (admin)
PalaniswaN (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\AFPViewr\DeIsL4.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL10.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL101.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL11.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL15.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL42.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL43.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL46.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL47.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL48.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL49.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL50.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL51.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL52.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL53.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL54.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL55.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\DeIsL56.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL7.isu"
--> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\IBM\Client Access\Emulator\DeIsL8.isu"
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
--> MsiExec.exe /x{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
--> MsiExec.exe /x{BEBD101C-B477-401F-B612-B067B51E6F9C}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742) --> MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Flash Player ActiveX --> C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Reader 8.1.2 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Reader 8.1.2 Security Update 1 (KB403742) -->
ALPS Touch Pad Driver --> C:\Program Files\Apoint\Uninstap.exe ADDREMOVE
AT&T Global Network Client Managed VPN Edition --> MsiExec.exe /I{349E4164-29AC-4FCD-A051-F5BA57EBDB24}
Broadcom Gigabit Integrated Controller --> MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
CamGen --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4FAAA0A6-4834-4EF8-8208-9C4F864F2E77}\setup.exe"
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Conexant D110 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1\HXFSETUP.EXE -U -Idel5422k.inf
Conexant HDA D330 MDC V.92 Modem --> C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\HXFSETUP.EXE -U -Idel000f5.inf
ControlFLASH --> MsiExec.exe /I{F5B20EF6-80AE-4D77-BEBF-AF63CEFA5DD0}
Creative WebCam Live! Pro/Effects Driver (1.02.05.0506) --> C:\WINDOWS\CtDrvIns.exe -uninstall -script VF0080.uns -unsext NT -plugin V0080Pin.dll -pluginres CtCamPin.crl
DAQDRIVE --> C:\WINDOWS\IsUninst.exe -fC:\Keithley\Uninst.isu
DocMaker --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1C836912-C122-4BF7-A188-862C239D2F41}\setup.exe"
Drive --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D10BEA98-0452-4A20-9199-B5075150F1F2}\Setup.exe" -l0x9
DriveTop14V03 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F50B889-7B48-11D5-99FE-00C04F21FBF0}\setup.exe" UNINSTALL
FactoryTalk Activation Client v2.00.01 (CPR 7) --> MsiExec.exe /I{30E45D79-A117-41C9-81E7-004F2B183249}
FactoryTalk Automation Platform 1.08 (CPR 6) --> MsiExec.exe /I{23B4B90F-2BC2-42CB-BC81-E9429D293AA6}
High Definition Audio Driver Package - KB835221 --> C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
Highlight Viewer (Windows Live Toolbar) --> MsiExec.exe /X{A5C4AD72-25FE-4899-B6DF-6D8DF63C93CF}
HighMAT Extension to Microsoft Windows XP CD Writing Wizard --> MsiExec.exe /X{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}
HijackThis 2.0.2 --> "F:\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Format SDK (KB902344) --> "C:\WINDOWS\$NtUninstallKB902344$\spuninst\spuninst.exe"
IBM iSeries Access for Windows --> "C:\Program Files\IBM\Client Access\cwbinarp.exe"
IBM iSeries Access for Windows SI28055 --> "C:\Program Files\IBM\Client Access\cwbunsp.exe"
Intel® Graphics Media Accelerator Driver --> C:\WINDOWS\system32\igxpun.exe -uninstall
Intel® PROSet/Wireless Software --> C:\WINDOWS\Installer\iProInst.exe
Java 2 Runtime Environment, SE v1.4.2_08 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142080}
LiveUpdate 3.1 (Symantec Corporation) --> "C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE" /U
Machine Drawing Set 31712 --> MsiExec.exe /I{ADBF893C-4CCB-4CD6-A462-684F5BCC9204}
Map Button (Windows Live Toolbar) --> MsiExec.exe /X{7745B7A9-F323-4BB9-9811-01BF57A028DA}
mCore --> MsiExec.exe /I{E81667C6-2856-46D6-ABEA-6A2F42166779}
MCS Information Center 1.0.20 --> MsiExec.exe /I{05153469-C76F-496D-A8E6-D493D4A65A49}
MCS Simulator --> MsiExec.exe /I{D11791E7-5209-46FF-9D0C-3400B8C186F6}
mDriver --> MsiExec.exe /I{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}
mDrWiFi --> MsiExec.exe /I{F6090A17-0967-4A8A-B3C3-422A1B514D49}
mHelp --> MsiExec.exe /I{8C6BB412-D3A8-4AAE-A01B-35B681789D68}
Microsoft Base Smart Card Cryptographic Service Provider Package --> "C:\WINDOWS\$NtUninstallbasecsp$\spuninst\spuninst.exe"
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 --> "C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"
Microsoft Office Standard Edition 2003 --> MsiExec.exe /I{90120409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight --> MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Windows Journal Viewer --> MsiExec.exe /X{43DCF766-6838-4F9A-8C91-D92DA586DFA7}
mIWA --> MsiExec.exe /I{3E9D596A-61D4-4239-BD19-2DB984D2A16F}
mLogView --> MsiExec.exe /I{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}
mMHouse --> MsiExec.exe /I{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}
Motion Perfect 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{911C08C0-87AA-11D3-8B25-00104B4FBFEB}\setup.exe"
mPfMgr --> MsiExec.exe /I{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}
mPfWiz --> MsiExec.exe /I{90B0D222-8C21-4B35-9262-53B042F18AF9}
mProSafe --> MsiExec.exe /I{23FB368F-1399-4EAC-817C-4B83ECBE3D83}
MProtector --> "C:\Program Files\shcruej0ee5l\uninstall.exe"
mSCfg --> MsiExec.exe /I{829CD169-E692-48E8-9BDE-A3E8D8B65538}
mSSO --> MsiExec.exe /I{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}
MSXML 6.0 Parser (KB933579) --> MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
mToolkit --> MsiExec.exe /I{CA9BAADB-C262-4E05-B2E2-CEE8CE9809EC}
mWlsSafe --> MsiExec.exe /I{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}
mWMI --> MsiExec.exe /I{63DB9CCD-2B56-4217-9A3D-507AC78320CA}
mZConfig --> MsiExec.exe /I{94658027-9F16-4509-BBD7-A59FE57C3023}
NVIDIA Drivers --> C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OZ776 SCR Driver V1.1.3.9 --> C:\Program Files\InstallShield Installation Information\{343D8DE3-AE1F-431A-830C-B66352E8CA12}\setup.exe -runfromtemp -l0x0409
Parker Isysnet Analog Module Profiles --> MsiExec.exe /X{2ACA8536-E7A2-4914-9597-DBA635D93492}
Parker Isysnet ASCII Module Profile --> MsiExec.exe /X{56D614BA-A250-4C3E-8F79-43B3BC611D21}
Parker Isysnet Discrete Module Profiles --> MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
PiCPro V13.0 Professional Edition --> C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\UNWISE.EXE C:\PROGRA~1\GIDDIN~1\PICPRO~1.0PR\INSTALL.LOG
PowerDVD 5.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
Rockwell Automation 1734 Analog Module Profiles --> MsiExec.exe /X{FC07B277-E45F-47AF-BE00-09B03B356899}
Rockwell Automation 1734 ASCII Module Profiles --> MsiExec.exe /X{C1981911-CC3E-4E57-9520-CF2E6586472B}
Rockwell Automation 1734 Discrete Module Profiles --> MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
Rockwell Automation 1734 Specialty Module Profiles --> MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
Rockwell Automation 1738 Analog Module Profiles --> MsiExec.exe /X{6AFEDA45-288E-445F-A176-FCD42AFA74FE}
Rockwell Automation 1738 ASCII Module Profiles --> MsiExec.exe /X{9964845D-1604-440E-BEE9-930A29BC5F63}
Rockwell Automation 1738 Discrete Module Profiles --> MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
Rockwell Automation 1738 Specialty Module Profiles --> MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
Rockwell Automation 1756 CNet Comms Module Profiles --> MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
Rockwell Automation 1756 ENet Comms Module Profiles --> MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
Rockwell Automation 1756 HART Module Profiles --> MsiExec.exe /X{7D3C6066-4659-4A2E-8D8E-EE93E206FF99}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{2ABE52D6-0F52-48F6-9AB7-A7DDAACD8654}
Rockwell Automation 1769 Analog Module Profiles --> MsiExec.exe /X{842CDC14-718F-4063-9D48-36E982E12946}
Rockwell Automation 1769 ASCII Module Profiles --> MsiExec.exe /X{8372A29B-CE1C-4419-B479-8493027B41AA}
Rockwell Automation 1769 Boolean Module Profiles --> MsiExec.exe /X{449AD43D-AEF6-439B-B936-B1E239B8944C}
Rockwell Automation 1769 Discrete Module Profiles --> MsiExec.exe /X{7033EFFB-90EA-4A54-9807-FB4AACA52A0B}
Rockwell Automation 1769 Specialty Module Profiles --> MsiExec.exe /X{E4355DEE-167C-4BD3-9FD7-0F389EBF3981}
Rockwell Automation 1791DS Discrete Module Profiles --> MsiExec.exe /X{0FE69AD2-75EB-474B-9314-B662E008D8E6}
Rockwell Automation Drives PowerFlex 4 Module Profiles --> MsiExec.exe /X{7B8ADA90-FD53-4B71-B2F5-EF3953BCF526}
Rockwell Automation Drives PowerFlex 7 Module Profiles --> MsiExec.exe /X{08CE9D4C-C5F3-4352-B2B6-C9F0F36AC0FC}
Rockwell Automation Drives SCANport Module Profiles --> MsiExec.exe /X{DE6AAAC7-6219-4401-903F-268F78821D05}
Rockwell Automation Generic Safety Module Profiles --> MsiExec.exe /X{F699127B-51FB-44DF-AD6A-8AC498BA9684}
Rockwell Software Hardware Maintenance Tool --> C:\Program Files\Rockwell Software\RSCommon\RSHWare.exe
Rockwell Windows Firewall Configuration Utility 1.00.01 --> MsiExec.exe /I{546A6A91-FA45-48BD-A6D6-F4C8D4317A56}
RSLinx Classic --> MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
RSLogix 5 English --> MsiExec.exe /I{BEBD101C-B477-401F-B612-B067B51E6F9C}
RSLogix 500 English --> MsiExec.exe /I{685D6CE7-AC5E-4EB3-A5BB-2424891D4ADB}
RSLogix 5000 Module Profile Core --> MsiExec.exe /X{DA787F2A-4AD5-42C3-89D3-8E698E552792}
RSLogix 5000 Module Profile Setup Utility --> MsiExec.exe /X{D2B06C02-5880-4E65-BF31-B4F32A630FA9}
RSLogix 5000 Online Books v16.03.00 --> MsiExec.exe /I{20010316-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 Start Page Media v16.00.05 --> MsiExec.exe /I{10050016-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 System Updates --> MsiExec.exe /X{8E10471D-5CBF-4080-972D-2E6451420B7F}
RSLogix 5000 v10.04 --> MsiExec.exe /X{30010410-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v11.13 --> MsiExec.exe /X{30011311-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v12.03 --> MsiExec.exe /X{30010312-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v13.01 --> MsiExec.exe /X{30010113-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v15.00 --> MsiExec.exe /X{30010015-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v16.03.00 (CPR 9) --> MsiExec.exe /I{30010316-EC33-11D6-A408-F6139379CBFB}
RSNetWorx for ControlNet 5.00.00 (Build 81) --> MsiExec.exe /I{2BF0655E-B036-43F6-9230-BB45CB07F004}
RSNetWorx for DeviceNet 5.11.00 (Build 31)(CPR 6) --> MsiExec.exe /I{692179FB-984B-465A-BC4F-3875D2D53F32}
RSView ME Station 3.20.00 (CPR6) --> MsiExec.exe /I{3121829D-CE2C-42E0-8426-DD7B356E1A91}
S600 Drive GUI V4.90 --> "C:\Program Files\S600 Drive GUI\unins000.exe"
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Sentinel System Driver --> C:\WINDOWS\SYSTEM32\RNBOSENT\SETUPX86.EXE /U /q
SigmaTel Audio --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
Smart Menus (Windows Live Toolbar) --> MsiExec.exe /X{F084395C-40FB-4DB3-981C-B51E74E1E83D}
Sonic DLA --> MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
Sonic RecordNow! Plus --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
SpyHunter --> "C:\Program Files\Enigma Software Group\SpyHunter\Uninstall.exe" "C:\Program Files\Enigma Software Group\SpyHunter\install.log" -u
Symantec AntiVirus --> MsiExec.exe /I{33CFCF98-F8D6-4549-B469-6F4295676D83}
Texas Instruments PCIxx21/x515 drivers. --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{52503B4E-149A-4731-A6FF-495067EABFDC} /l1033
VersaPro 1.10 --> "C:\Program Files\GE Fanuc Automation\VersaPro\Support\setup.exe" "-unin"
VisualMotion7 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7F6D7FDA-AF3B-4C33-9983-A701B9E00055}\setup.exe"
VNC Free Edition 4.1.2 --> "C:\Program Files\RealVNC\VNC4\unins000.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live Favorites for Windows Live Toolbar --> MsiExec.exe /X{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}
Windows Live installer --> MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live Messenger --> MsiExec.exe /X{508CE775-4BA4-4748-82DF-FE28DA9F03B0}
Windows Live Sign-in Assistant --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
Windows Live Toolbar --> "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar --> MsiExec.exe /X{D5A145FC-D00C-4F1A-9119-EB4D9D659750}
Windows Live Toolbar Extension (Windows Live Toolbar) --> MsiExec.exe /X{341201D4-4F61-4ADB-987E-9CCE4D83A58D}
Windows Media Connect --> "C:\WINDOWS\$NtUninstallWMCSetup$\spuninst\spuninst.exe"
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Presentation Foundation --> MsiExec.exe /X{BAF78226-3200-4DB4-BE33-4D922A799840}
Windows XP Service Pack 3 --> "C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinZip --> "C:\Program Files\WinZip\WINZIP32.EXE" /uninstall
WinZip Command Line Support Add-On 1.1 --> C:\Program Files\WinZip\winzip32 /auninstall wzcline
XML Paper Specification Shared Components Pack 1.0 -->
Yahoo! Browser Services --> C:\PROGRA~1\Yahoo!\Common\UNIN_Y~1.EXE /S
Yahoo! Install Manager --> C:\WINDOWS\system32\regsvr32 /u C:\PROGRA~1\Yahoo!\Common\YINSTH~1.DLL
Yahoo! Internet Mail --> C:\WINDOWS\system32\regsvr32 /u /s C:\PROGRA~1\Yahoo!\Common\YMMAPI.dll
Yahoo! Messenger --> C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
Yahoo! 工具列 --> C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
Zune --> c:\Program Files\Zune\ZuneSetup.exe /x
Zune --> MsiExec.exe /X{FF70513F-E3A7-402F-84FB-B7810A064BE2}
Zune Language Pack (ES) --> MsiExec.exe /X{EE4ACABF-531E-419A-9225-B8E0FA4955AF}
Zune Language Pack (FR) --> MsiExec.exe /X{0076E1AC-9E7B-4B9F-A62A-4CC9511AD8E3}


-- Application Event Log -------------------------------------------------------

Event Record #/Type3394 / Error
Event Submitted/Written: 07/14/2008 00:20:07 AM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Allocation Memory
Action Taken: Blocked
Actor Process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (PID 268)
Time: Monday, July 14, 2008 12:20:07 AM

Event Record #/Type3393 / Error
Event Submitted/Written: 07/14/2008 00:20:07 AM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\VPTray.exe
Event Info: Allocation Memory
Action Taken: Blocked
Actor Process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (PID 268)
Time: Monday, July 14, 2008 12:20:07 AM

Event Record #/Type3392 / Error
Event Submitted/Written: 07/14/2008 00:20:07 AM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Allocation Memory
Action Taken: Blocked
Actor Process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (PID 268)
Time: Monday, July 14, 2008 12:20:07 AM

Event Record #/Type3391 / Error
Event Submitted/Written: 07/14/2008 00:20:07 AM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Event Info: Allocation Memory
Action Taken: Blocked
Actor Process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (PID 268)
Time: Monday, July 14, 2008 12:20:07 AM

Event Record #/Type3390 / Error
Event Submitted/Written: 07/14/2008 00:20:07 AM
Event ID/Source: 45 / Symantec AntiVirus
Event Description:
SYMANTEC TAMPER PROTECTION ALERT

Target: C:\Program Files\Symantec AntiVirus\Rtvscan.exe
Event Info: Allocation Memory
Action Taken: Blocked
Actor Process: C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe (PID 268)
Time: Monday, July 14, 2008 12:20:07 AM



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type4400 / Error
Event Submitted/Written: 07/13/2008 11:56:00 PM
Event ID/Source: 10005 / DCOM
Event Description:
DCOM got error "%%1058" attempting to start the service wuauserv with arguments ""
in order to run the server:
{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Event Record #/Type4399 / Error
Event Submitted/Written: 07/13/2008 11:45:55 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 59 minutes.
NtpClient has no source of accurate time.

Event Record #/Type4398 / Warning
Event Submitted/Written: 07/13/2008 11:45:55 PM
Event ID/Source: 14 / W32Time
Event Description:
The time provider NtpClient was unable to find a domain controller to use as a time
source. NtpClient will try again in 60 minutes.

Event Record #/Type4397 / Warning
Event Submitted/Written: 07/13/2008 11:16:22 PM
Event ID/Source: 11165 / DnsApi
Event Description:
The system failed to register host (A) resource records (RRs) for
network adapter
with settings:


Adapter Name : {4E66DA81-C2A6-4973-ABE0-72E65BBEAEC7}

Host Name : G1GPalaniswD630

Primary Domain Suffix : BWCINC.ORG

DNS server list :

192.168.0.1, 192.168.2.1

Sent update to server : <?>

IP Address(es) :

192.168.2.2


The reason the system could not register these RRs was because the
DNS server contacted refused the update request. The reasons for this
might be (a) you are not allowed to update the specified DNS domain name,
or (b) because the DNS server authoritative for this name does not support
the DNS dynamic update protocol.


To register the DNS host (A) resource records using the specific DNS
domain name and IP addresses for this adapter, contact your DNS server
or network systems administrator.

Event Record #/Type4396 / Error
Event Submitted/Written: 07/13/2008 11:15:57 PM
Event ID/Source: 29 / W32Time
Event Description:
The time provider NtpClient is configured to acquire time from one or more
time sources, however none of the sources are currently accessible.
No attempt to contact a source will be made for 29 minutes.
NtpClient has no source of accurate time.



-- End of Deckard's System Scanner: finished at 2008-07-14 00:26:37 ------------
  • 0

#7
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

A few files I asked you to fix are still present, are you sure you fixed it? Just interesting that they reappeared...

Please go here to install the recovery console and for a guide on using combofix.
Please note: Installing the Recovery Console plays a vital part in making this process of cleaning your computer safe, don't overlook this!

Now please download combofix from here or here. It is important that you save this file to your desktop.

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a Hijack This log in your next reply.

A quick heads up, if you click on combofix's window when it's running, you may cause it to stall.
  • 0

#8
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
also about my question please answer it:

Are you familiar with BWCINC.ORG?


  • 0

#9
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Combofix.txt
ComboFix 08-07-13.3 - Palaniswan 2008-07-14 3:39:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT 8:00]
Running from: C:\Documents and Settings\PalaniswaN\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\PalaniswaN\Application Data\rhcpuej0ee5l
C:\Documents and Settings\PalaniswaN\Application Data\shcruej0ee5l
C:\Program Files\rhcpuej0ee5l
C:\Program Files\shcruej0ee5l
C:\WINDOWS\cookies.ini
C:\WINDOWS\esrp.exe
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\nqgpedlr.dll
C:\WINDOWS\resources\AvpChk.dll
C:\WINDOWS\system32\778670
C:\WINDOWS\system32\778670\778670.dll
C:\WINDOWS\system32\gcubwcfv.ini
C:\WINDOWS\system32\ihNnnnnn.ini
C:\WINDOWS\system32\ihNnnnnn.ini2
C:\WINDOWS\system32\lphctuej0ee5l.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnnNhi.dll
C:\WINDOWS\system32\nrjwpatf.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\qdpqsfkf.ini
C:\WINDOWS\system32\qgxcfkpo.ini
C:\WINDOWS\system32\qwxmaror.ini
C:\WINDOWS\system32\roramxwq.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-14 00:20 . 2008-07-14 00:20 <DIR> d-------- C:\Deckard
2008-07-12 08:54 . 2008-07-12 08:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-12 08:54 . 2008-07-14 02:45 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\U3
2008-07-09 16:39 . 2008-07-09 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-07 13:22 . 2008-07-07 13:22 0 --a------ C:\WINDOWS\vpc32.INI
2008-07-07 13:02 . 2008-07-07 13:02 28,800 --a------ C:\WINDOWS\system32\opnlLFWQ.dll
2008-07-07 13:02 . 2008-07-07 13:02 28,800 --a------ C:\WINDOWS\system32\iifcCsPF.dll
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-06-29 11:32 . 2008-06-29 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-06-27 08:49 . 2008-06-27 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-27 08:46 . 2008-06-27 08:46 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-06-24 19:48 . 2008-06-24 19:49 <DIR> d-------- C:\Program Files\Zune
2008-06-24 19:48 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-24 18:03 . 2008-06-24 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-19 18:51 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Yahoo!
2008-06-19 18:51 . 2008-06-19 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-19 18:40 . 2008-06-19 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 18:39 . 2008-06-19 18:40 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Contacts
2008-06-18 17:58 . 2008-06-18 18:07 <DIR> d-------- C:\Program Files\Windows Live
2008-06-18 17:58 . 2008-06-18 18:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 17:58 . 2008-06-18 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Phone Browser
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\ZoomBrowser EX
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\PC Suite
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia Multimedia Player
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\MSN6
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Datalayer
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Documents and Settings\PalaniswaN\usrusmt2.tmp
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Roxio
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\QuickTime
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\PIXELA
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Panasonic
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Nokia
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\NetWaiting
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Logitech
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Indramat
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\HP
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Creative
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-17 22:16 . 2008-06-27 08:50 <DIR> d-------- C:\Program Files\Canon
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\AT&T Global Network Client
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Games
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-17 22:15 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 22:14 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\Winamp
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 22:14 . 2008-06-17 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-13 00:05 . 2008-06-13 00:05 912 -r-hs---- C:\EVRSI.SYS
2008-06-13 00:05 . 2008-06-13 00:05 260 -rahs---- C:\386SWAP.PAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 18:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-18 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 14:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 14:22 --------- d-----w C:\Program Files\Drive
2008-06-17 14:22 --------- d-----w C:\Program Files\Common Files\Rockwell
2008-06-17 14:16 --------- d-----w C:\Program Files\Java
2008-06-12 15:52 --------- d-----w C:\Program Files\AT&TGl~1
2008-06-12 14:45 --------- d-----w C:\Program Files\ScriptLogic
2008-06-12 14:17 --------- d-----w C:\Program Files\Symantec
2008-06-12 14:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-10 20:17 --------- d-----w C:\Program Files\Rockwell Software
2008-06-10 17:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-10 16:53 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\PalaniswaN\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-10 16:32 --------- d-----w C:\Program Files\RSKeyMove
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 00:54 5,902,336 ----a-w C:\WINDOWS\system32\ToolkitPro1120vc80.dll
2008-04-29 11:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 11:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 11:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 11:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 11:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 11:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 11:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-14 10:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 10:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 10:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 10:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 10:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 10:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 10:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 10:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 10:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 06:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 05:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-14 05:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-14 05:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-14 05:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-14 04:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 04:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-14 04:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-14 04:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-14 04:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-14 04:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-14 03:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 03:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-14 03:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-14 03:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-14 03:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-14 03:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-14 03:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 03:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 03:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 03:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 03:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-14 02:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-14 02:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-13 21:42 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-13 21:42 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-04-13 21:41 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-04-13 21:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2000-06-21 16:50 57,744 ----a-r C:\WINDOWS\inf\PcmkWdm.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
2008-07-07 13:02 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:42 15360]
"NetSP - restore settings on power failure"="C:\Program Files\AT&TGl~1\NetSP.exe" [2008-05-01 09:25 66840]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 14:05 122939]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 00:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-17 05:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-17 05:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-17 05:50 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 18:46 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 18:46 86016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-05 03:46 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-05 03:41 1101824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 08:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-28 09:33 125168]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-20 03:26 303104 C:\WINDOWS\stsystra.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 18:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= "C:\WINDOWS\system32\iifcCsPF.dll" [2008-07-07 13:02 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCsPF]
2008-07-07 13:02 28800 C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-12 11:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-19 00:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-04-29 19:56 158624 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\AT&TGl~1\\NetClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-30 06:19]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2008-04-05 02:18]
R3 EventServer;Rockwell Event Server;C:\Program Files\Common Files\Rockwell\EventServer.exe [2004-08-25 06:01]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2004-06-03 17:08]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2007-07-21 05:18]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 05:26]
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys [2000-06-22 00:50]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [2004-01-13 01:07]
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2004-01-13 01:07]
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [2004-01-13 01:07]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 15:11]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cb183d-4f66-11dd-bbeb-001c234ac01a}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 18:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4D5C8C2A-D075-11D0-B416-00C04FB90376} - %SystemRoot%\System32\browseui.dll
MSConfigStartUp-WinAmpAgent - C:\Program Files\Winamp\winampa.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 03:43:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifcCsPF.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-07-14 3:45:09
ComboFix-quarantined-files.txt 2008-07-13 19:45:04

Pre-Run: 102,978,482,176 bytes free
Post-Run: 102,957,002,752 bytes free

299 --- E O F --- 2008-06-11 13:25:38


HJT.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47, on 2008-07-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PalaniswaN\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCsPF.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190219409312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190233303250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O20 - Winlogon Notify: iifcCsPF - C:\WINDOWS\SYSTEM32\iifcCsPF.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12247 bytes
  • 0

#10
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Combofix.txt
ComboFix 08-07-13.3 - Palaniswan 2008-07-14 3:39:25.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1364 [GMT 8:00]
Running from: C:\Documents and Settings\PalaniswaN\Desktop\ComboFix.exe
.
The following files were disabled during the run:
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\License Agreement.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Malware Protector 2008\Uninstall.lnk
C:\Documents and Settings\PalaniswaN\Application Data\rhcpuej0ee5l
C:\Documents and Settings\PalaniswaN\Application Data\shcruej0ee5l
C:\Program Files\rhcpuej0ee5l
C:\Program Files\shcruej0ee5l
C:\WINDOWS\cookies.ini
C:\WINDOWS\esrp.exe
C:\WINDOWS\mrvtdpqe.exe
C:\WINDOWS\nqgpedlr.dll
C:\WINDOWS\resources\AvpChk.dll
C:\WINDOWS\system32\778670
C:\WINDOWS\system32\778670\778670.dll
C:\WINDOWS\system32\gcubwcfv.ini
C:\WINDOWS\system32\ihNnnnnn.ini
C:\WINDOWS\system32\ihNnnnnn.ini2
C:\WINDOWS\system32\lphctuej0ee5l.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nnnnnNhi.dll
C:\WINDOWS\system32\nrjwpatf.ini
C:\WINDOWS\system32\oeminfo.ini
C:\WINDOWS\system32\qdpqsfkf.ini
C:\WINDOWS\system32\qgxcfkpo.ini
C:\WINDOWS\system32\qwxmaror.ini
C:\WINDOWS\system32\roramxwq.dll

.
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
.

2008-07-14 00:20 . 2008-07-14 00:20 <DIR> d-------- C:\Deckard
2008-07-12 08:54 . 2008-07-12 08:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-12 08:54 . 2008-07-14 02:45 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\U3
2008-07-09 16:39 . 2008-07-09 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-07-07 13:22 . 2008-07-07 13:22 0 --a------ C:\WINDOWS\vpc32.INI
2008-07-07 13:02 . 2008-07-07 13:02 28,800 --a------ C:\WINDOWS\system32\opnlLFWQ.dll
2008-07-07 13:02 . 2008-07-07 13:02 28,800 --a------ C:\WINDOWS\system32\iifcCsPF.dll
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-06-29 11:32 . 2008-06-29 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-06-27 08:49 . 2008-06-27 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-27 08:46 . 2008-06-27 08:46 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-06-24 19:48 . 2008-06-24 19:49 <DIR> d-------- C:\Program Files\Zune
2008-06-24 19:48 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-24 18:03 . 2008-06-24 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-19 18:51 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Yahoo!
2008-06-19 18:51 . 2008-06-19 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-19 18:40 . 2008-06-19 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 18:39 . 2008-06-19 18:40 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Contacts
2008-06-18 17:58 . 2008-06-18 18:07 <DIR> d-------- C:\Program Files\Windows Live
2008-06-18 17:58 . 2008-06-18 18:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 17:58 . 2008-06-18 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Phone Browser
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\ZoomBrowser EX
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\PC Suite
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia Multimedia Player
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\MSN6
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Datalayer
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Documents and Settings\PalaniswaN\usrusmt2.tmp
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Roxio
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\QuickTime
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\PIXELA
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Panasonic
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Nokia
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\NetWaiting
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Logitech
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Indramat
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\HP
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Creative
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-17 22:16 . 2008-06-27 08:50 <DIR> d-------- C:\Program Files\Canon
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\AT&T Global Network Client
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Games
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-17 22:15 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 22:14 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\Winamp
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 22:14 . 2008-06-17 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks
2008-06-13 00:05 . 2008-06-13 00:05 912 -r-hs---- C:\EVRSI.SYS
2008-06-13 00:05 . 2008-06-13 00:05 260 -rahs---- C:\386SWAP.PAR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 18:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-18 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 14:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 14:22 --------- d-----w C:\Program Files\Drive
2008-06-17 14:22 --------- d-----w C:\Program Files\Common Files\Rockwell
2008-06-17 14:16 --------- d-----w C:\Program Files\Java
2008-06-12 15:52 --------- d-----w C:\Program Files\AT&TGl~1
2008-06-12 14:45 --------- d-----w C:\Program Files\ScriptLogic
2008-06-12 14:17 --------- d-----w C:\Program Files\Symantec
2008-06-12 14:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-10 20:17 --------- d-----w C:\Program Files\Rockwell Software
2008-06-10 17:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-10 16:53 376,832 ----a-w C:\WINDOWS\system32\AegisI5Installer.exe
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\PalaniswaN\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-10 16:32 --------- d-----w C:\Program Files\RSKeyMove
2008-05-07 05:12 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-01 00:54 5,902,336 ----a-w C:\WINDOWS\system32\ToolkitPro1120vc80.dll
2008-04-29 11:56 61,856 ----a-w C:\WINDOWS\system32\ZuneBusEnum.exe
2008-04-29 11:56 245,664 ----a-w C:\WINDOWS\system32\ZuneWlanCfgSvc.exe
2008-04-29 11:39 70,144 ----a-w C:\WINDOWS\system32\ZuneIpTransport.dll
2008-04-29 11:39 62,464 ----a-w C:\WINDOWS\system32\ZuneUsbTransport.dll
2008-04-29 11:39 35,328 ----a-w C:\WINDOWS\system32\ZuneUsbCOnnection.dll
2008-04-29 11:39 145,408 ----a-w C:\WINDOWS\system32\ZuneMTPZ.dll
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-04-17 11:11 1,112,288 ----a-w C:\WINDOWS\system32\WdfCoInstaller01007.dll
2008-04-14 10:55 1,804 ----a-w C:\WINDOWS\system32\dcache.bin
2008-04-14 10:46 329,728 ----a-w C:\WINDOWS\system32\netsetup.exe
2008-04-14 10:43 92,424 ----a-w C:\WINDOWS\system32\rdpdd.dll
2008-04-14 10:43 87,176 ----a-w C:\WINDOWS\system32\rdpwsx.dll
2008-04-14 10:43 12,168 ----a-w C:\WINDOWS\system32\tsddd.dll
2008-04-14 10:41 98,304 ----a-w C:\WINDOWS\system32\actxprxy.dll
2008-04-14 10:40 53,279 ----a-w C:\WINDOWS\system32\odbcji32.dll
2008-04-14 10:40 4,126 ----a-w C:\WINDOWS\system32\msdxmlc.dll
2008-04-14 10:40 3,584 ----a-w C:\WINDOWS\system32\msafd.dll
2008-04-14 06:00 1,845,632 ----a-w C:\WINDOWS\system32\win32k.sys
2008-04-14 05:54 2,145,280 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
2008-04-14 05:15 17,664 ----a-w C:\WINDOWS\system32\watchdog.sys
2008-04-14 05:13 9,728 ----a-w C:\WINDOWS\system32\comsdupd.exe
2008-04-14 05:13 12,800 ----a-w C:\WINDOWS\system32\spiisupd.exe
2008-04-14 05:01 7,424 ----a-w C:\WINDOWS\system32\kd1394.dll
2008-04-14 05:01 2,023,936 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
2008-04-14 05:00 61,440 ----a-w C:\WINDOWS\system32\msvcrt40.dll
2008-04-14 04:45 76,800 ----a-w C:\WINDOWS\system32\msshavmsg.dll
2008-04-14 04:09 438,784 ----a-w C:\WINDOWS\system32\xpob2res.dll
2008-04-14 04:09 2,897,920 ----a-w C:\WINDOWS\system32\xpsp2res.dll
2008-04-14 04:09 187,392 ----a-w C:\WINDOWS\system32\xpsp1res.dll
2008-04-14 04:07 208,384 ----a-w C:\WINDOWS\system32\rsaenh.dll
2008-04-14 04:07 138,752 ----a-w C:\WINDOWS\system32\dssenh.dll
2008-04-14 03:57 79,872 ----a-w C:\WINDOWS\system32\msxml6r.dll
2008-04-14 03:56 94,208 ----a-w C:\WINDOWS\system32\odbcint.dll
2008-04-14 03:56 12,288 ----a-w C:\WINDOWS\system32\odbcp32r.dll
2008-04-14 03:56 12,288 ----a-w C:\WINDOWS\system32\mscpx32r.dll
2008-04-14 03:54 20,480 ----a-w C:\WINDOWS\system32\msorc32r.dll
2008-04-14 03:51 733,696 ----a-w C:\WINDOWS\system32\qedwipes.dll
2008-04-14 03:39 4,096 ----a-w C:\WINDOWS\system32\dsprpres.dll
2008-04-14 03:33 63,488 ----a-w C:\WINDOWS\system32\browselc.dll
2008-04-14 03:33 549,376 ----a-w C:\WINDOWS\system32\shdoclc.dll
2008-04-14 03:18 1,647,616 ----a-w C:\WINDOWS\system32\winbrand.dll
2008-04-14 03:15 216,064 ----a-w C:\WINDOWS\system32\moricons.dll
2008-04-14 02:53 48,128 ----a-w C:\WINDOWS\system32\msprivs.dll
2008-04-14 02:52 48,128 ----a-w C:\WINDOWS\system32\inetres.dll
2008-04-14 02:09 884,736 ----a-w C:\WINDOWS\system32\msimsg.dll
2008-04-13 21:42 294,912 ----a-w C:\WINDOWS\system32\msh263.drv
2008-04-13 21:42 16,896 ----a-w C:\WINDOWS\system32\msyuv.dll
2008-04-13 21:41 47,616 ----a-w C:\WINDOWS\system32\iyuv_32.dll
2008-04-13 21:41 4,096 ----a-w C:\WINDOWS\system32\ksuser.dll
2000-06-21 16:50 57,744 ----a-r C:\WINDOWS\inf\PcmkWdm.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
2008-07-07 13:02 28800 --a------ C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:42 15360]
"NetSP - restore settings on power failure"="C:\Program Files\AT&TGl~1\NetSP.exe" [2008-05-01 09:25 66840]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 14:05 122939]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 00:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-17 05:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-17 05:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-17 05:50 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 18:46 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 18:46 86016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-05 03:46 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-05 03:41 1101824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 08:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-28 09:33 125168]
"SpyHunter Security Suite"="C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2008-01-23 14:47 847872]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-20 03:26 303104 C:\WINDOWS\stsystra.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 18:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"= "C:\WINDOWS\system32\iifcCsPF.dll" [2008-07-07 13:02 28800]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCsPF]
2008-07-07 13:02 28800 C:\WINDOWS\system32\iifcCsPF.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-12 11:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-19 00:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-04-29 19:56 158624 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\AT&TGl~1\\NetClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-30 06:19]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2008-04-05 02:18]
R3 EventServer;Rockwell Event Server;C:\Program Files\Common Files\Rockwell\EventServer.exe [2004-08-25 06:01]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2004-06-03 17:08]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2007-07-21 05:18]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 05:26]
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys [2000-06-22 00:50]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [2004-01-13 01:07]
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2004-01-13 01:07]
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [2004-01-13 01:07]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 15:11]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cb183d-4f66-11dd-bbeb-001c234ac01a}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
Contents of the 'Scheduled Tasks' folder
"2008-07-13 18:56:00 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{4D5C8C2A-D075-11D0-B416-00C04FB90376} - %SystemRoot%\System32\browseui.dll
MSConfigStartUp-WinAmpAgent - C:\Program Files\Winamp\winampa.exe


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 03:43:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\iifcCsPF.dll
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\Enigma Software Group\SpyHunter\SpyHunterMonitor.dll
.
Completion time: 2008-07-14 3:45:09
ComboFix-quarantined-files.txt 2008-07-13 19:45:04

Pre-Run: 102,978,482,176 bytes free
Post-Run: 102,957,002,752 bytes free

299 --- E O F --- 2008-06-11 13:25:38


HJT.txt
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:47, on 2008-07-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\PalaniswaN\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3BA3028F-FD37-46BF-AD27-733734684F06} - C:\WINDOWS\system32\iifcCsPF.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190219409312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190233303250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O20 - Winlogon Notify: iifcCsPF - C:\WINDOWS\SYSTEM32\iifcCsPF.dll
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 12247 bytes

BTw, sorry i forgot to answer the question. BWCINC is the domain that is used to log on to my computer that is infected. It is set by my company.
  • 0

Advertisements


#11
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

please disable SpyHunter before doing the following. We will re-enable it later.

Please click Start then Run, in the window appears type in Notepad.exe.
Highlight the entire content of the codebox below. Copy (Control + C) and Paste (Control + V) the content into the notepad window:
http://www.geekstogo.com/forum/XP-antivirus-2008-Malware-Protector-invested-computer-t204920.html

Collect::
C:\WINDOWS\system32\opnlLFWQ.dll
C:\WINDOWS\system32\iifcCsPF.dll

File::
C:\WINDOWS\vpc32.INI

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3BA3028F-FD37-46BF-AD27-733734684F06}]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=-
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{3BA3028F-FD37-46BF-AD27-733734684F06}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcCsPF]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{05cb183d-4f66-11dd-bbeb-001c234ac01a}]
Now in Notepad, go to File and in the menu that drops down click on Save As...
Save the file as CFScript.txt

Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.
Posted Image

After that please reboot your computer if it asks you to and post ComboFix.txt (the report the ComboFix will generate) in your next reply.

Then,

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Edited by Mike, 13 July 2008 - 03:02 PM.

  • 0

#12
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
HI again.
I have done both the things that u have asked. But after the combofix was done, it created a zip file which it asked me to upload to bleeping computer.com for further analysis. I did so, and I will include the zip file here too. By the way, the quick scan came out clean without any infection.

Combofix.txt
ComboFix 08-07-13.3 - Palaniswan 2008-07-14 17:49:55.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1421 [GMT 8:00]
Running from: C:\Documents and Settings\PalaniswaN\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\PalaniswaN\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\vpc32.INI
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\fccdbXPI.dll
C:\WINDOWS\system32\iifcCsPF.dll
C:\WINDOWS\system32\IPXbdccf.ini
C:\WINDOWS\system32\IPXbdccf.ini2
C:\WINDOWS\system32\opnlLFWQ.dll
C:\WINDOWS\system32\xwmcxhxy.dll
C:\WINDOWS\system32\yxhxcmwx.ini
C:\WINDOWS\vpc32.INI

.
((((((((((((((((((((((((( Files Created from 2008-06-14 to 2008-07-14 )))))))))))))))))))))))))))))))
.

2008-07-14 00:20 . 2008-07-14 00:20 <DIR> d-------- C:\Deckard
2008-07-12 08:54 . 2008-07-12 08:54 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-12 08:54 . 2008-07-14 02:45 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\U3
2008-07-09 16:39 . 2008-07-09 16:39 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Yahoo!
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a------ C:\WINDOWS\system32\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 91,136 --a--c--- C:\WINDOWS\system32\dllcache\kswdmcap.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a------ C:\WINDOWS\system32\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 61,952 --a--c--- C:\WINDOWS\system32\dllcache\kstvtune.ax
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 53,760 --a--c--- C:\WINDOWS\system32\dllcache\vfwwdm32.dll
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a------ C:\WINDOWS\system32\ksxbar.ax
2008-06-29 20:52 . 2008-04-14 05:42 43,008 --a--c--- C:\WINDOWS\system32\dllcache\ksxbar.ax
2008-06-29 11:32 . 2008-06-29 11:32 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SolidDocuments
2008-06-27 08:49 . 2008-06-27 08:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-27 08:46 . 2008-06-27 08:46 <DIR> d-------- C:\Program Files\Common Files\Canon
2008-06-24 19:48 . 2008-06-24 19:49 <DIR> d-------- C:\Program Files\Zune
2008-06-24 19:48 . 2008-03-21 13:57 14,640 --a------ C:\WINDOWS\system32\spmsgXP_2k3.dll
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2008-06-24 19:48 . 2008-06-24 19:48 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2008-06-24 18:03 . 2008-06-24 18:03 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
2008-06-19 18:51 . 2008-06-25 20:14 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Yahoo!
2008-06-19 18:51 . 2008-06-19 18:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-06-19 18:40 . 2008-06-19 18:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-06-19 18:39 . 2008-06-19 18:40 <DIR> d-------- C:\Program Files\Yahoo!
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-06-18 18:09 . 2008-06-18 18:09 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Contacts
2008-06-18 17:58 . 2008-06-18 18:07 <DIR> d-------- C:\Program Files\Windows Live
2008-06-18 17:58 . 2008-06-18 18:06 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-06-18 17:58 . 2008-06-18 17:58 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Phone Browser
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\ZoomBrowser EX
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\PC Suite
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia Multimedia Player
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Nokia
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\MSN6
2008-06-17 22:19 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\PalaniswaN\Application Data\Datalayer
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\WINDOWS\system32\msmq
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Program Files\Winamp Remote
2008-06-17 22:17 . 2008-06-17 22:17 <DIR> d-------- C:\Documents and Settings\PalaniswaN\usrusmt2.tmp
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Roxio
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\QuickTime
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\PIXELA
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Panasonic
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Nokia
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\NetWaiting
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\MSN Messenger
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Logitech
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Indramat
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\HP
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Creative
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2008-06-17 22:16 . 2008-06-17 22:16 <DIR> d-------- C:\Program Files\Common Files\Adaptec Shared
2008-06-17 22:16 . 2008-06-27 08:50 <DIR> d-------- C:\Program Files\Canon
2008-06-17 22:16 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\AT&T Global Network Client
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Program Files\ArcSoft
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Games
2008-06-17 22:15 . 2008-06-17 22:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-06-17 22:15 . 2008-06-17 22:19 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2008-06-17 22:14 . 2008-06-17 22:22 <DIR> d-------- C:\Program Files\Winamp
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Skype
2008-06-17 22:14 . 2008-06-17 22:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2008-06-17 22:14 . 2008-06-17 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\OrbNetworks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-14 09:57 --------- d-----w C:\Program Files\Symantec AntiVirus
2008-06-18 02:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-06-17 14:22 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-06-17 14:22 --------- d-----w C:\Program Files\Drive
2008-06-17 14:22 --------- d-----w C:\Program Files\Common Files\Rockwell
2008-06-17 14:16 --------- d-----w C:\Program Files\Java
2008-06-12 16:05 912 --sh--r C:\EVRSI.SYS
2008-06-12 15:52 --------- d-----w C:\Program Files\AT&TGl~1
2008-06-12 14:45 --------- d-----w C:\Program Files\ScriptLogic
2008-06-12 14:17 --------- d-----w C:\Program Files\Symantec
2008-06-12 14:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-12 14:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-06-10 20:17 --------- d-----w C:\Program Files\Rockwell Software
2008-06-10 17:02 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\system32\drivers\AegisP.sys
2008-06-10 16:53 21,361 ----a-w C:\WINDOWS\AegisP.sys
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\PalaniswaN\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\NetworkService\Application Data\Intel
2008-06-10 16:52 --------- d-----w C:\Documents and Settings\LocalService\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intel
2008-06-10 16:51 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Intel
2008-06-10 16:32 --------- d-----w C:\Program Files\RSKeyMove
2008-04-14 10:42 69,120 ----a-w C:\WINDOWS\notepad.exe
2008-04-14 10:42 50,688 ----a-w C:\WINDOWS\twain_32.dll
2008-04-14 10:42 32,866 ------w C:\WINDOWS\slrundll.exe
2008-04-14 10:42 283,648 ----a-w C:\WINDOWS\winhlp32.exe
2008-04-14 10:42 146,432 ----a-w C:\WINDOWS\regedit.exe
2008-04-14 10:42 10,752 ----a-w C:\WINDOWS\hh.exe
2008-04-14 10:42 1,033,728 ----a-w C:\WINDOWS\explorer.exe
2008-04-14 10:41 451,072 ----a-w C:\WINDOWS\AppPatch\aclayers.dll
2008-04-14 10:41 39,424 ----a-w C:\WINDOWS\AppPatch\acadproc.dll
2008-04-14 10:41 245,248 ----a-w C:\WINDOWS\AppPatch\acspecfc.dll
2008-04-14 10:41 141,312 ----a-w C:\WINDOWS\AppPatch\aclua.dll
2008-04-14 10:41 116,224 ----a-w C:\WINDOWS\AppPatch\acxtrnal.dll
2008-04-14 10:41 1,852,928 ----a-w C:\WINDOWS\AppPatch\acgenral.dll
.

((((((((((((((((((((((((((((( [email protected]_ 3.44.33.26 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-07-13 18:57:09 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-07-14 09:56:38 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-07-13 19:01:40 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-07-14 09:51:17 72,554 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-07-13 19:01:40 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-07-14 09:51:17 445,096 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NetSP - restore settings on power failure"="C:\Program Files\AT&TGl~1\NetSP.exe" [2008-05-01 09:25 66840]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 18:42 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 14:05 122939]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2004-09-14 00:33 155648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-05-17 05:50 138008]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-05-17 05:50 162584]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-05-17 05:50 138008]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-02-22 18:46 13508608]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-02-22 18:46 86016]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2008-03-05 03:46 999424]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2008-03-05 03:41 1101824]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 08:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2006-09-28 09:33 125168]
"SigmatelSysTrayApp"="stsystra.exe" [2007-02-20 03:26 303104 C:\WINDOWS\stsystra.exe]
"NVHotkey"="nvHotkey.dll" [2008-02-22 18:46 86016 C:\WINDOWS\system32\nvhotkey.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"SENTINEL"= snti386.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-12 11:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-10-19 00:34 5724184 C:\Program Files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
--a------ 2008-04-29 19:56 158624 c:\Program Files\Zune\ZuneLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\AT&TGl~1\\NetClient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-30 06:19]
R2 zumbus;Zune Bus Enumerator Driver;C:\WINDOWS\system32\DRIVERS\zumbus.sys [2008-04-29 19:39]
R2 ZuneBusEnum;Zune Bus Enumerator;c:\WINDOWS\system32\ZuneBusEnum.exe [2008-04-29 19:56]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2008-04-05 02:18]
R3 EventServer;Rockwell Event Server;C:\Program Files\Common Files\Rockwell\EventServer.exe [2004-08-25 06:01]
S3 ABKTCX;Rockwell Software 1784-KTC(X) Driver;C:\WINDOWS\system32\Drivers\ABKTCX.sys [2004-06-03 17:08]
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2007-07-21 05:18]
S3 GTIPCI21;GTIPCI21;C:\WINDOWS\system32\DRIVERS\gtipci21.sys [2004-05-04 05:26]
S3 PcmkWdm;%PcmkWdm.DeviceDesc%;C:\WINDOWS\system32\DRIVERS\PcmkWdm.sys [2000-06-22 00:50]
S3 RS_SS_NT;RSLinx Classic S-S SD/SD2 Device Driver;C:\WINDOWS\system32\RS_SS_NT.SYS [2004-01-13 01:07]
S3 RsiKtControl;RsiKtControl;C:\WINDOWS\system32\RSIKT.SYS [2004-01-13 01:07]
S3 RSSERIAL;RSLinx Classic Serial Driver;C:\WINDOWS\system32\RSSERIAL.SYS [2004-01-13 01:07]
S3 V0080Dev;Creative Camera VF0080 Driver;C:\WINDOWS\system32\DRIVERS\V0080Dev.sys [2005-05-06 15:11]
S3 ZuneWlanCfgSvc;Zune Wireless Configuration Service;c:\WINDOWS\system32\ZuneWlanCfgSvc.exe [2008-04-29 19:56]

.
Contents of the 'Scheduled Tasks' folder
"2008-07-14 06:56:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-a8475d70 - C:\WINDOWS\system32\xwmcxhxy.dll


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-14 17:57:48
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stacsv.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Apoint\ApntEx.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-07-14 18:01:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-14 10:01:43
ComboFix2.txt 2008-07-13 19:45:11

Pre-Run: 103,010,697,216 bytes free
Post-Run: 102,983,970,816 bytes free

257 --- E O F --- 2008-06-11 13:25:38

MBAM log
Malwarebytes' Anti-Malware 1.20
Database version: 948
Windows 5.1.2600 Service Pack 3

18:14:52 2008-07-14
mbam-log-7-14-2008 (18-14-52).txt

Scan type: Quick Scan
Objects scanned: 13209
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

REMOVED attachment

Edited by Mike, 14 July 2008 - 04:57 AM.

  • 0

#13
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Thanks for the file - I removed the attachment though since it includes live malware and I don't want anyone to get infected.

If you could do me a favor and upload that zipped folder to here http://www.bleepingc...e.php?channel=4

For the topic link use this: http://www.geekstogo...ml#entry1283736

You can leave the comments blank.

Now your logs are looking good, let's get one more scan and weed out any stragglers.

To make the scan run faster do this please:
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

and,

Download the latest version of Java Runtime Environment (JRE) 6 Update 7. Once done, uninstall any older versions of Java through add or remove programs.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

Post back with the results + a new hijack this log, how is your PC running?
  • 0

#14
nemalbeckham

nemalbeckham

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Hi again there....
I cant run the online scanner. Everytime i try to get the download, the download process crashes
I have already upload the zip file to the website u told me too.
This is the HJT log file
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:10, on 2008-07-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
c:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\PalaniswaN\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&TGl~1\NetSP.exe" -show
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1190219409312
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190233303250
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\Software\..\Telephony: DomainName = BWCINC.ORG
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = BWCINC.ORG
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iSeries Access for Windows Remote Command (Cwbrxd) - IBM Corporation - C:\WINDOWS\CWBRXD.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: dnWhoDisp - Unknown owner - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Harmony - Rockwell Software Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Network Configuration Service (netcfgsvr) - AT&T - C:\PROGRA~1\AT&TGl~1\netcfgsvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Unknown owner - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell Tag Server - Rockwell Software, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Software, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Software, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 11746 bytes

Is there anything else i can do ??
  • 0

#15
Mike

Mike

    Malware Monger

  • Retired Staff
  • 2,745 posts
Hi there,

Try this link http://www.kaspersky...kavwebscan.html

If that doesn't work

Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction Here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply.

Also do this for me:

Open notepad by going to START > RUN and type notepad.exe in the box that appears. In the window that pops up please copy and paste the following

@ECHO off
TYPE "%windir%\system32\drivers\etc\hosts"> looksee.txt
start notepad looksee.txt
del fix.bat
exit


In Notepad click on the "File" menu > Save As... Under "File name" type fix.bat and Change "Save as type" to All Files, save it to a place you will remember.

Posted Image

Double click on fix.bat.

A notepad will open, post the contents of that here - if it is very long attach it please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP