Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Searches Redirected and Defrag doesnt work


  • This topic is locked This topic is locked
15 replies to this topic

#1 nizman11

nizman11

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 22 April 2009 - 12:09 PM

Hi,

I have run atleast 10 different types of malware, spyware and antivirus, and the problem still persists. I cant download anything from microsoft support center nor can i update virus definitions for any antivirus.
this is my hijackthis log. Some one please help!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:44:53 PM, on 4/22/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\SYSTEM32\UsbConnect.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\WINDOWS\SYSTEM32\usbconsole.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Intuit\QuickBooks\QuickBooks Pro Timer\QBTimer.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230741342328
O17 - HKLM\System\CCS\Services\Tcpip\..\{C37A410A-4C35-4C63-958F-7B92C4D1C749}: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2388D03-8905-4F54-BA9C-2B9CC360F018}: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: EmuLogix 5868 Slot0 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate1c9ad81742fabfc) (gupdate1c9ad81742fabfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: HealthSystemInfo - Schneider Automation SAS - C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\SYSTEM32\UsbConnect.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 21165 bytes

BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 22 April 2009 - 12:24 PM

Hi nizman11,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • To get an idea about the current condition of you computer download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Set the list of files/folders created to 3 Months and click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized).

    Note 1: If you have difficulty finding the logs, the logs are in this folder: C:\rsit

    Note 2: The tool takes not more than one minute to scan the system.
Tell me:
  • If you have changed anything since previous post.
  • If this is the only computer or you have another computer we can eventually use.
  • If you have a Windows installation CD. Not that we need it now, just in case.
You might want to save this page on your favorites, so you can find it again when you return.

#3 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 23 April 2009 - 08:51 AM

Hi,
Thanks for helping me out. I haven't changed anything since the last post. I do have a windows cd and this is the only computer this is happening on.

THANK YOU!!

info.txt logfile of random's system information tool 1.06 2009-04-23 09:48:12

======Uninstall list======

-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Program Files\Nero\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
-->C:\WINDOWS\NuNInst.exe /UNINSTALL
-->C:\WINDOWS\UNNeroBackItUp.exe /UNINSTALL
-->C:\WINDOWS\UNNeroMediaHome.exe /UNINSTALL
-->C:\WINDOWS\UNNeroShowTime.exe /UNINSTALL
-->C:\WINDOWS\UNRecode.exe /UNINSTALL
-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Acrobat.com-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Application Installer.exe -uninstall com.adobe.mauby 4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Acrobat.com-->MsiExec.exe /I{77DCDCE3-2DED-62F3-8154-05E745472D07}
Ad-Aware-->"C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe Acrobat 9 Pro Extended - English, Français, Deutsch-->msiexec /I {AC76BA86-1033-F400-7761-000000000004}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{00203668-8170-44A0-BE44-B632FA4D780F}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.1-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A91000000001}
Advanced Spyware Remover Free Edition-->"C:\Program Files\Advanced Spyware Remover\unins000.exe"
AFPL Ghostscript 7.04-->C:\gs\uninstgs.exe "C:\gs\gs7.04\uninstal.txt"
AFPL Ghostscript Fonts-->C:\gs\uninstgs.exe "C:\gs\fonts\uninstal.txt"
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Autorun Eater v2.3-->"C:\Program Files\Autorun Eater\unins000.exe"
Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE
BitDefender Antivirus 2009-->MsiExec.exe /X{D4B8C119-00F2-4C9D-A669-9AE3EA4A1641}
BitDefender Definitions Update-->MsiExec.exe /X{647CC6E9-7F59-4CFB-8E23-F8FD7908FC30}
Bluetooth Stack for Windows by Toshiba-->MsiExec.exe /X{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
BootP-DHCP Server-->MsiExec.exe /I{7BCFC80E-8D88-4B7C-AF62-A629521B3274}
Broadcom ASF Management Applications-->MsiExec.exe /I{27E25625-DB51-42E6-BEB7-0C8DC878770C}
Broadcom Gigabit Integrated Controller-->MsiExec.exe /X{D3B3B9B2-FE73-44CB-8C0A-F737D92F991B}
Broadcom Management Programs-->MsiExec.exe /X{C99C0593-3B48-41D9-B42F-6E035B320449}
Concept V2.2 XL EN-->C:\WINDOWS\IsUninst.exe -fC:\Con2_2_SR2\CC22XLUI.isu
Concept V2.5 XL EN SR2-->C:\WINDOWS\IsUninst.exe -fC:\Con2_5_SR2\CC25XLUI.isu -cC:\Con2_5_SR2\Uninst.dll -lE
Concept V2.6 XL EN SR3-->C:\WINDOWS\IsUninst.exe -fC:\Con2_6SR3\CC26XLUI.isu -cC:\Con2_6SR3\Uninst.dll -lE
Conexant HDA D330 MDC V.92 Modem-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F\UIU32m.exe -U -Idel000f5.INF
ControlFLASH-->MsiExec.exe /I{2DE5688A-34AE-4BB7-A6B6-993DA43CBCBB}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
Dell ResourceCD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D78653C3-A8FF-415F-92E6-D774E634FF2D}\setup.exe"
Dell Touchpad-->C:\Program Files\DellTPad\Uninstap.exe ADDREMOVE
Dell Wireless WLAN Card Utility-->"C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlu00.exe" verbose /rootkey="Software\Broadcom\802.11\UninstallInfo" /rootdir="C:\Program Files\Dell\Dell Wireless WLAN Card"
DeviceNet Node Commissioning Tool-->MsiExec.exe /I{7FB3F90F-E754-4374-9ABC-EF8F94DA35E2}
Digital Line Detect-->C:\Program Files\InstallShield Installation Information\{E646DCF0-5A68-11D5-B229-002078017FBF}\Setup.exe -runfromtemp -l0x0009 -removeonly
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
FactoryTalk Activation Client 3.02 (CPR 9 SR 2)-->MsiExec.exe /I{4BBDAB71-0634-4E2A-8E50-8860FB6BA220}
FactoryTalk Alarms and Events 2.10.00 (CPR 9)-->MsiExec.exe /I{93279896-AA2E-4BF3-9FAD-77FCE6E316A6}
FactoryTalk Services Platform 2.10 (CPR 9 SR 1)-->MsiExec.exe /I{3DB7C2BB-A717-4093-BA3E-3495E899E2DB}
FactoryTalk® View Site Edition 5.00.00 (CPR 9)-->MsiExec.exe /I{32FF6F27-37C3-46E9-B39E-56CD420415D1}
FileZilla (remove only)-->"C:\Program Files\FileZilla\uninstall.exe"
Free DWG Viewer 6.2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}\setup.exe" -l0x9 -removeonly
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall
Guitar Pro 5.2-->"C:\Program Files\Guitar Pro 5\unins000.exe"
HASP Device Drivers-->C:\WINDOWS\system32\UNWISE.EXE C:\WINDOWS\system32\HDD32.LOG
High Definition Audio Driver Package - KB835221-->C:\WINDOWS\$NtUninstallKB835221WXP$\spuninst\spuninst.exe
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB914440)-->"C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB915865)-->"C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
hott notes 4-->C:\Program Files\hott notes 4\uninst.exe
IntelliSonic Speech Enhancement-->MsiExec.exe /X{D9FCA292-1186-421F-8D93-9A5D272AD5D0}
Logix CPU Security Tool-->MsiExec.exe /I{9AE0E408-37BC-4B89-B768-252DE878CE7A}
Logix5000 Clock Update Tool-->MsiExec.exe /I{C4CF38A1-29FD-439E-B734-08E3CE46FA22}
Logix5000 PLM Sync Utility-->MsiExec.exe /I{80BFD376-A650-4CAA-A8DF-0989D2D2A3C9}
Logix5000 Task Monitor-->MsiExec.exe /I{E477C386-788C-48A4-8150-38990356032E}
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Virtual PC 2007-->MsiExec.exe /X{8A7CAA24-7B23-410B-A7C3-F994B0944160}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Modem Diagnostic Tool-->MsiExec.exe /I{F63A3748-B93D-4360-9AD4-B064481A5C7B}
Mozilla Firefox (3.0.9)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 6 Service Pack 2 (KB954459)-->MsiExec.exe /I{1A528690-6A2D-4BC5-B143-8C4AE8D19D96}
Nero 7 Ultra Edition-->MsiExec.exe /X{CF097717-F174-4144-954A-FBC4BF301033}
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
NetWaiting-->C:\Program Files\InstallShield Installation Information\{3F92ABBB-6BBF-11D5-B229-002078017FBF}\setup.exe -runfromtemp -l0x0009 -removeonly
NVIDIA Drivers-->C:\WINDOWS\system32\nvuninst.exe UninstallGUI
OZ776 SCR Driver V1.1.4.202-->"C:\Program Files\InstallShield Installation Information\{EDC2B89F-3F72-48EA-B63E-985BC51622E4}\setup.exe" -runfromtemp -l0x0409 -removeonly
OZ776 SCR Driver V1.1.4.202-->MsiExec.exe /X{EDC2B89F-3F72-48EA-B63E-985BC51622E4}
Parker Isysnet Analog Module Profiles-->MsiExec.exe /X{C1EFEE0F-87EB-481A-A8F4-903069F12236}
Parker Isysnet ASCII Module Profile-->MsiExec.exe /X{56D614BA-A250-4C3E-8F79-43B3BC611D21}
Parker Isysnet Discrete Module Profiles 2-->MsiExec.exe /X{6B977FCD-28E0-47C6-8056-E5FF477D898E}
Parker Isysnet Discrete Module Profiles 3-->MsiExec.exe /X{927DB57A-2A2A-4DC5-9E07-234C9F285F03}
Parker Isysnet Discrete Module Profiles-->MsiExec.exe /X{893727BF-9C7C-483F-9E69-D8314DB21186}
Ping Scanner Pro-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Digilex\Ping Scanner Pro\DeIsL1.isu" -c"C:\Program Files\Digilex\Ping Scanner Pro\_ISREG32.DLL"
ProGeber 1.4-->MsiExec.exe /X{9DCE7E68-4F1C-46A2-A311-DA0272D3A678}
QuickBooks Pro Timer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6D49994F-2E35-4932-B9ED-D2F4EEBF91A2}\setup.exe" -l0x9
QuickSet-->C:\Program Files\InstallShield Installation Information\{C5074CC4-0E26-4716-A307-960272A90040}\setup.exe -runfromtemp -l0x0009 APPDRVNT4 -removeonly
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Rockwell Automation 1732 Discrete Module Profiles-->MsiExec.exe /X{13C4C1BC-6362-40DE-9CB3-48E1AC8A8CC7}
Rockwell Automation 1734 Analog Module Profiles-->MsiExec.exe /X{0D847E60-13F6-4266-8D66-B5C7ACF2EBE4}
Rockwell Automation 1734 ASCII Module Profiles-->MsiExec.exe /X{248A5B8A-942E-4C67-96AF-ED41BACA800E}
Rockwell Automation 1734 Discrete Module Profiles 2-->MsiExec.exe /X{A6F82CD1-E338-4D47-B6DA-907040B7624A}
Rockwell Automation 1734 Discrete Module Profiles-->MsiExec.exe /X{357187EE-8B25-467D-A567-88C735932174}
Rockwell Automation 1734 Specialty Module Profiles-->MsiExec.exe /X{39363D4F-BF1C-447C-8014-F7966A9975D9}
Rockwell Automation 1738 Analog Module Profiles-->MsiExec.exe /X{78921186-FCF5-4832-8FD1-088339BE6FAE}
Rockwell Automation 1738 ASCII Module Profiles-->MsiExec.exe /X{14F4B291-1684-4AB9-95C3-2B66260E515D}
Rockwell Automation 1738 Discrete Module Profiles 2-->MsiExec.exe /X{57EF8F37-4213-498E-A6D0-79DC2D96CA45}
Rockwell Automation 1738 Discrete Module Profiles 3-->MsiExec.exe /X{60C6C5B8-6D81-4849-800F-0400C7FA1C70}
Rockwell Automation 1738 Discrete Module Profiles-->MsiExec.exe /X{A393179D-478D-40C7-A6A2-90B9F34C2341}
Rockwell Automation 1738 Specialty Module Profiles-->MsiExec.exe /X{FA79AEE5-9FA1-4A6F-B66F-18AF565E1061}
Rockwell Automation 1756 CNet Comms Module Profiles-->MsiExec.exe /X{4866D596-CE65-4F7D-B98C-A28F8E9E13E5}
Rockwell Automation 1756 ENet Comms Module Profiles-->MsiExec.exe /X{AB8E12B5-0B0E-47F9-83A7-89F40B39DBF1}
Rockwell Automation 1756 HART Module Profiles-->MsiExec.exe /X{7D3C6066-4659-4A2E-8D8E-EE93E206FF99}
Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{05FA026B-8010-477D-82A2-4FA8B7900870}
Rockwell Automation 1769 Analog Module Profiles-->MsiExec.exe /X{B9ED7828-4CB8-4873-95F5-64525C9229BE}
Rockwell Automation 1769 ASCII Module Profiles-->MsiExec.exe /X{8372A29B-CE1C-4419-B479-8493027B41AA}
Rockwell Automation 1769 Boolean Module Profiles-->MsiExec.exe /X{80FA8F02-B48D-4208-89F1-AA1100C960B5}
Rockwell Automation 1769 Controller Module Profiles-->MsiExec.exe /X{5977421B-2072-4DA7-9A18-90AF4BB24268}
Rockwell Automation 1769 Discrete Module Profiles-->MsiExec.exe /X{3459512F-9223-4DCA-B555-CF00EDAF1B9C}
Rockwell Automation 1769 Embedded Module Profiles-->MsiExec.exe /X{DE6BBFB2-B81E-4FBD-825F-EAC90F54D311}
Rockwell Automation 1769 Specialty Module Profiles-->MsiExec.exe /X{7CB1A5C6-0EF4-4E6D-92CA-D96ADED5F2A4}
Rockwell Automation 1791DS Discrete Module Profiles-->MsiExec.exe /X{8391EA99-A1EF-4EF3-97EE-BE966DBA3411}
Rockwell Automation Drives PowerFlex 4 Module Profiles-->MsiExec.exe /X{50A9694C-49F5-48E2-9E28-D45AEE88CA31}
Rockwell Automation Drives PowerFlex 7 2 Module Profiles-->MsiExec.exe /X{9CF2221C-5546-47EF-A5BD-39AAB391EFB3}
Rockwell Automation Drives PowerFlex 7 Module Profiles-->MsiExec.exe /X{6B4D6AEB-EA83-47F6-B17A-82DD9CD7F383}
Rockwell Automation Drives SCANport Module Profiles-->MsiExec.exe /X{96FD5AB7-3B09-46C1-87B7-7727E1DC171F}
Rockwell Automation Generic Safety Module Profiles-->MsiExec.exe /X{5B860FC6-C088-4D53-9A1D-10BBE33BE045}
Rockwell Automation USB CIP Driver Package-->MsiExec.exe /I{4E8B84D4-778C-4DE6-8CBC-2586D438D295}
Rockwell Windows Firewall Configuration Utility 1.00.03-->MsiExec.exe /I{36A7B196-8D70-48A5-8FF3-7B836273FD4C}
RSI Utilities-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Rockwell Software\RSUtil\System\DeIsL3.isu"
RSLinx Classic 2.54.00 CPR 9 SR 1-->MsiExec.exe /I{34540622-805E-4CC7-98CF-65A43E99CF4D}
RSLinx Enterprise 5.17.00 (CPR 9 SR 1)-->MsiExec.exe /I{22BD07BC-E8DF-44F7-9B10-7E644ADCE981}
RSLogix 5000 Compare v3-->MsiExec.exe /I{7159B8D9-0527-4C33-875F-E5FBA8FC435D}
RSLogix 5000 DeviceNet Tag Generator-->MsiExec.exe /I{B100A292-14C5-4E41-AE27-0229BFBFDA9F}
RSLogix 5000 Faceplates-->MsiExec.exe /X{4E8B1FF0-BE42-42F0-84C3-030399C548A1}
RSLogix 5000 IEC61131-3 Translation Tool-->MsiExec.exe /I{517AA455-8CC9-4281-87A4-865E71947DC9}
RSLogix 5000 Module Profile Core-->MsiExec.exe /X{08383572-FC4B-4930-B256-AB94229DF10E}
RSLogix 5000 Module Profile Setup Utility-->MsiExec.exe /X{04040DE8-AEC1-4DD2-839B-818DF7038DA2}
RSLogix 5000 Online Books v17.00.00-->MsiExec.exe /I{20010017-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 Start Page Media v17.00.05-->MsiExec.exe /I{10050017-D5FD-11DA-A128-000C29473C90}
RSLogix 5000 System Updates-->MsiExec.exe /X{D02CEF5F-56D4-432C-B4BB-25B8AF6BC1EB}
RSLogix 5000 v13.04-->MsiExec.exe /X{30010413-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v15.02-->MsiExec.exe /X{30010215-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v16.03.00 (CPR 9)-->MsiExec.exe /I{30010316-EC33-11D6-A408-F6139379CBFB}
RSLogix 5000 v17.00.00 (CPR 9 SR 1)-->MsiExec.exe /I{30010017-EC33-11D6-A408-F6139379CBFB}
RSLogix Emulate 5000 17.00.00 (CPR 9 SR 1)-->MsiExec.exe /I{450410E6-0D7D-4796-9614-F00D2AB754F0}
RSLogix5000 Data Preserved Download Tool-->MsiExec.exe /I{D1596264-A65A-42C3-84C7-54D2D446E992}
RSView32 7.40.00 (CPR 9)-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Rockwell Software\RSView\DeIsL1.isu" -c"C:\Program Files\Rockwell Software\RSView\rsvunins.dll
SA Drivers Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{10B15004-CD2A-49BD-ACB7-DFA124F39273}\setup.exe" -l0x9 \ -REMV
SA MODBUS Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{490A0AB2-4AD1-4593-A718-929D36BCD53C}\setup.exe" -l0x9
SA PLC USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{D60D82D1-2C77-4B78-992B-6C2DBADF57B6}\setup.exe" -l0x9
SA UNITELWAY WDM Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BD0F102A-1F7C-46E4-9DF4-3D63E4774D5D}\setup.exe" -l0x9
Safari-->MsiExec.exe /I{582D2A53-F426-4C5E-A2E6-43C1AB36B907}
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB911564)-->"C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 6.4 (KB925398)-->"C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Security Update for Windows Media Player 9 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP9$\spuninst\spuninst.exe"
Security Update for Windows XP (KB890046)-->"C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Security Update for Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Security Update for Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Security Update for Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Security Update for Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Security Update for Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Security Update for Windows XP (KB902400)-->"C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Security Update for Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Security Update for Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Security Update for Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Security Update for Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Security Update for Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Security Update for Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923789)-->C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Security Update for Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Security Update for Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Security Update for Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Security Update for Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Security Update for Windows XP (KB928843)-->"C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Security Update for Windows XP (KB929123)-->"C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Security Update for Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Security Update for Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Security Update for Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Security Update for Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935839)-->"C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Security Update for Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943055)-->"C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Security Update for Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944338-v2)-->"C:\WINDOWS\$NtUninstallKB944338-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Security Update for Windows XP (KB945553)-->"C:\WINDOWS\$NtUninstallKB945553$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946026)-->"C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950749)-->"C:\WINDOWS\$NtUninstallKB950749$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
SigmaTel Audio-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}\setup.exe" -l0x9 -remove -removeonly
SnagIt 7-->C:\Program Files\TechSmith\SnagIt 7\SIUNINST.EXE
Spyware Doctor 6.0-->C:\Program Files\Spyware Doctor\unins000.exe /LOG
Spyware Terminator-->"C:\Program Files\Spyware Terminator\unins000.exe"
Tag Data Monitor Tool-->MsiExec.exe /I{8A8C5496-0460-489E-8CB9-8F62E09F033D}
Tag Upload Download Tool-->MsiExec.exe /I{BA35560D-EE87-40BD-A84B-48F4CD939D38}
ThreatFire-->"C:\Program Files\ThreatFire\unins000.exe"
Timesheet Link for QuickBooks-->C:\WINDOWS\Timesheet Link for QuickBooks Uninstaller.exe
Unity Pro XL 2.2-->MsiExec.exe /I{FB83A518-2283-42E5-9FD2-2FBE0D485E6A}
Update for Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Update for Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Update for Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Update for Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Update for Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Update for Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Update for Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Update for Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Update for Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Update for Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Update for Windows XP (KB930916)-->"C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Update for Windows XP (KB932823-v3)-->"C:\WINDOWS\$NtUninstallKB932823-v3$\spuninst\spuninst.exe"
Update for Windows XP (KB936357)-->"C:\WINDOWS\$NtUninstallKB936357$\spuninst\spuninst.exe"
Update for Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VideoLAN VLC media player 0.8.6i-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Internet Explorer 7-->"C:\WINDOWS\ie7\spuninst\spuninst.exe"
Windows Live installer-->MsiExec.exe /X{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}
Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Sign-in Assistant-->MsiExec.exe /I{9422C8EA-B0C6-4197-B8FC-DC797658CA00}
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP Hotfix - KB885835-->C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Windows XP Hotfix - KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Windows XP Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP Hotfix - KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Windows XP Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: BitDefender Antivirus (outdated)
AV: AntiVir Desktop

======System event log======

Computer Name: NIZAM_AHMAD
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 6877
Source Name: Service Control Manager
Time Written: 20090326093453.000000-240
Event Type: error
User:

Computer Name: NIZAM_AHMAD
Event Code: 4226
Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.

Record Number: 6850
Source Name: Tcpip
Time Written: 20090325124642.000000-240
Event Type: warning
User:

Computer Name: NIZAM_AHMAD
Event Code: 7000
Message: The A-B Virtual Backplane service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 6832
Source Name: Service Control Manager
Time Written: 20090325100219.000000-240
Event Type: error
User:

Computer Name: NIZAM_AHMAD
Event Code: 7000
Message: The A-B Virtual Backplane service failed to start due to the following error:
The system cannot find the file specified.


Record Number: 6831
Source Name: Service Control Manager
Time Written: 20090325100219.000000-240
Event Type: error
User:

Computer Name: NIZAM_AHMAD
Event Code: 7000
Message: The Upload Manager service failed to start due to the following error:
The account specified for this service is different from the account specified for other services running in the same process.


Record Number: 6817
Source Name: Service Control Manager
Time Written: 20090325100142.000000-240
Event Type: error
User:

=====Application event log=====

Computer Name: NIZAM_AHMAD
Event Code: 1002
Message: Hanging application VStudio.exe, version 2.10.0.116, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Record Number: 4894
Source Name: Application Hang
Time Written: 20090324134701.000000-240
Event Type: error
User:

Computer Name: NIZAM_AHMAD
Event Code: 12001
Message:
Record Number: 4864
Source Name: usnjsvc
Time Written: 20090324094212.000000-240
Event Type:
User:

Computer Name: NIZAM_AHMAD
Event Code: 1517
Message: Windows saved user NIZAM_AHMAD\Nizam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4839
Source Name: Userenv
Time Written: 20090323165508.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: NIZAM_AHMAD
Event Code: 0
Message:
Record Number: 4836
Source Name: Broadcom ASF IP and SMBIOS Mailbox Monitor
Time Written: 20090323162841.000000-240
Event Type: error
User:

Computer Name: NIZAM_AHMAD
Event Code: 1517
Message: Windows saved user NIZAM_AHMAD\Nizam registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 4811
Source Name: Userenv
Time Written: 20090323162627.000000-240
Event Type: warning
User: NT AUTHORITY\SYSTEM

======Environment variables======

"CHECKDRIVES"=XCA
"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"NUMBER_OF_PROCESSORS"=2
"OS"=Windows_NT
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 10, GenuineIntel
"PROCESSOR_LEVEL"=6
"PROCESSOR_REVISION"=0f0a
"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"windir"=%SystemRoot%
"Path"=C:\Program Files\Schneider Electric\Unity Pro\;C:\Program Files\Schneider Electric\ConfCatalog\;C:\Program Files\Schneider Electric\Security\;C:\Program Files\Common Files\Schneider Electric Shared\SSTA\;C:\Program Files\Common Files\Schneider Electric Shared\SRCSDK\;C:\Program Files\Rockwell Software\RSCommon\;C:\Program Files\Rockwell Software\RSCommon;C:\Program Files\Rockwell Software\RSView;C:\Program Files\Rockwell Software\RDM;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\Common Files\Rockwell\;C:\Program Files\Rockwell Automation\Common\Components;C:\Program Files\Rockwell Software\RSView Enterprise\

-----------------EOF-----------------


Logfile of random's system information tool 1.06 (written by random/random)
Run by Nizam at 2009-04-23 09:48:03
Microsoft Windows XP Professional Service Pack 2
System drive C: has 223 GB (73%) free of 305 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:48:08 AM, on 4/23/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\ThreatFire\TFService.exe
C:\WINDOWS\SYSTEM32\UsbConnect.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\WINDOWS\SYSTEM32\usbconsole.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\KADxMain.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\ThreatFire\TFTray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Rockwell Software\RSView\RSView32.exe
C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe
C:\Program Files\Rockwell Software\RSView\SPTLGSSV32.EXE
C:\Program Files\Rockwell Software\RSView\SPTSETSV32.EXE
C:\Program Files\Rockwell Software\RSView\ICECPRSV32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEMEM32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMESYS32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEDDE32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEDEV32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEOPC32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\RDMBTM32.EXE
C:\WINDOWS\system32\rtdsk40.exe
C:\Program Files\Rockwell Software\RSView\SHDE32.EXE
C:\Program Files\Rockwell Software\RSView\SPTCMDSV32.EXE
C:\PROGRA~1\ROCKWE~1\RSView\sptvbs32.exe
C:\Documents and Settings\Nizam\My Documents\Downloads\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\Nizam.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ThreatFire] C:\Program Files\ThreatFire\TFTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230741342328
O17 - HKLM\System\CCS\Services\Tcpip\..\{C37A410A-4C35-4C63-958F-7B92C4D1C749}: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\..\{E2388D03-8905-4F54-BA9C-2B9CC360F018}: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: EmuLogix 5868 Slot0 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate1c9ad81742fabfc) (gupdate1c9ad81742fabfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: HealthSystemInfo - Schneider Automation SAS - C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: ThreatFire - PC Tools - C:\Program Files\ThreatFire\TFService.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\SYSTEM32\UsbConnect.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 21800 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1482476501-839522115-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
HelperObject Class - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll [2004-10-01 49152]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll [2009-03-25 668656]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - SnagIt - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll [2004-10-01 131072]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2009-02-27 349576]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"=C:\WINDOWS\system32\WLTRAY.exe [2008-10-24 2220032]
"Dell QuickSet"=C:\Program Files\Dell\QuickSet\quickset.exe [2008-02-22 1245184]
"SigmatelSysTrayApp"=C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe [2007-05-10 405504]
"ITSecMng"=C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-08-01 65536]
"Apoint"=C:\Program Files\DellTPad\Apoint.exe [2007-07-02 159744]
"KADxMain"=C:\WINDOWS\system32\KADxMain.exe [2006-11-02 282624]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-02-22 13508608]
"nwiz"=nwiz.exe /installquiet []
"NVHotkey"=nvHotkey.dll,Start []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-02-22 86016]
"BDAgent"=C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe [2009-01-26 741376]
"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe [2008-10-17 69632]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"UsbCipHelper"=C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe [2008-05-27 434176]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2009-02-27 38768]
""= []
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2009-02-27 640376]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2009-03-02 209153]
"ThreatFire"=C:\Program Files\ThreatFire\TFTray.exe [2009-03-03 263440]
"Ad-Watch"=C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe [2009-03-09 515416]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-03 133104]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-03-25 39408]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe

C:\Documents and Settings\Nizam\Start Menu\Programs\Startup
hott notes 4.lnk - C:\Program Files\hott notes 4\hottnotes.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"="acaptuser32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-06 241704]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdauxservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sdcoreservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe"="C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v16\Bin\RS5000.Exe:*:Enabled:Component of the RSLogix 5000 Application"
"C:\Program Files\Rockwell Software\RSView\sptddssv32.exe"="C:\Program Files\Rockwell Software\RSView\sptddssv32.exe:*:Enabled:SPTDDSSV32.exe"
"C:\Program Files\Rockwell Software\RSView\SptFTServer.exe"="C:\Program Files\Rockwell Software\RSView\SptFTServer.exe:*:Enabled:SptFTServer.exe"
"C:\Program Files\Rockwell Software\RSView\sptddeex32.exe"="C:\Program Files\Rockwell Software\RSView\sptddeex32.exe:*:Enabled:sptddeex32.exe"
"C:\Program Files\Rockwell Software\RSView\MonitorRemoteProcesses.exe"="C:\Program Files\Rockwell Software\RSView\MonitorRemoteProcesses.exe:*:Enabled:MonitorRemoteProcesses.exe"
"C:\Program Files\Rockwell Software\RDM\Cmeopc32.exe"="C:\Program Files\Rockwell Software\RDM\Cmeopc32.exe:*:Enabled:CMEOPC32.exe"
"C:\Program Files\Common Files\Rockwell\RSViewLogServer.exe"="C:\Program Files\Common Files\Rockwell\RSViewLogServer.exe:*:Enabled:RSViewLogServer.exe"
"C:\Program Files\Common Files\Rockwell\RSVWHist.exe"="C:\Program Files\Common Files\Rockwell\RSVWHist.exe:*:Enabled:RSVWHist.exe"
"C:\WINDOWS\system32\netdde.exe"="C:\WINDOWS\system32\netdde.exe:*:Enabled:netdde.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Documents and Settings\Nizam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe"="C:\Documents and Settings\Nizam\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe"="C:\Program Files\Rockwell Software\RSLogix 5000\ENU\v17\Bin\RS5000.Exe:*:Enabled:RSLogix 5000 v17.00.00 (CPR 9 SR 1)"
"C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe"="C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe"
"C:\Program Files\Common Files\Rockwell\RsvcHost.exe"="C:\Program Files\Common Files\Rockwell\RsvcHost.exe:*:Enabled:RsvcHost.exe"
"C:\Program Files\Common Files\Rockwell\RdcyHost.exe"="C:\Program Files\Common Files\Rockwell\RdcyHost.exe:*:Enabled:RdcyHost.exe"
"C:\Program Files\Common Files\Rockwell\NmspHost.exe"="C:\Program Files\Common Files\Rockwell\NmspHost.exe:*:Enabled:NmspHost.exe"
"C:\Program Files\Common Files\Rockwell\RnaDirServer.exe"="C:\Program Files\Common Files\Rockwell\RnaDirServer.exe:*:Enabled:RnaDirServer.exe"
"C:\Program Files\Common Files\Rockwell\EventServer.exe"="C:\Program Files\Common Files\Rockwell\EventServer.exe:*:Enabled:EventServer.exe"
"C:\Program Files\Common Files\Rockwell\DaClient.exe"="C:\Program Files\Common Files\Rockwell\DaClient.exe:*:Enabled:DaClient.exe"
"C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe"="C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe"
"C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe"="C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe"
"C:\Program Files\Common Files\Rockwell\VStudio.exe"="C:\Program Files\Common Files\Rockwell\VStudio.exe:*:Enabled:VStudio.exe"
"C:\WINDOWS\system32\OpcEnum.exe"="C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe"
"C:\Program Files\Common Files\Rockwell\countermonitor.exe"="C:\Program Files\Common Files\Rockwell\countermonitor.exe:*:Enabled:CounterMonitor.exe"
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe"="C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe:*:Enabled:RSLinxNG.exe"
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe"="C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe"
"C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE"="C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE:*:Enabled:RSLinx.exe"
"C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe"="C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTest.exe"
"C:\Program Files\BitComet\BitComet.exe"="C:\Program Files\BitComet\BitComet.exe:*:Disabled:BitComet - a BitTorrent Client"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\Rockwell Software\RSView\sptddssv32.exe"="C:\Program Files\Rockwell Software\RSView\sptddssv32.exe:*:Enabled:SPTDDSSV32.exe"
"C:\Program Files\Rockwell Software\RSView\SptFTServer.exe"="C:\Program Files\Rockwell Software\RSView\SptFTServer.exe:*:Enabled:SptFTServer.exe"
"C:\Program Files\Rockwell Software\RSView\sptddeex32.exe"="C:\Program Files\Rockwell Software\RSView\sptddeex32.exe:*:Enabled:sptddeex32.exe"
"C:\Program Files\Rockwell Software\RSView\MonitorRemoteProcesses.exe"="C:\Program Files\Rockwell Software\RSView\MonitorRemoteProcesses.exe:*:Enabled:MonitorRemoteProcesses.exe"
"C:\Program Files\Rockwell Software\RDM\Cmeopc32.exe"="C:\Program Files\Rockwell Software\RDM\Cmeopc32.exe:*:Enabled:CMEOPC32.exe"
"C:\Program Files\Common Files\Rockwell\RSViewLogServer.exe"="C:\Program Files\Common Files\Rockwell\RSViewLogServer.exe:*:Enabled:RSViewLogServer.exe"
"C:\Program Files\Common Files\Rockwell\RSVWHist.exe"="C:\Program Files\Common Files\Rockwell\RSVWHist.exe:*:Enabled:RSVWHist.exe"
"C:\WINDOWS\system32\netdde.exe"="C:\WINDOWS\system32\netdde.exe:*:Enabled:netdde.exe"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe"="C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe:*:Enabled:EventClientMultiplexer.exe"
"C:\Program Files\Common Files\Rockwell\RsvcHost.exe"="C:\Program Files\Common Files\Rockwell\RsvcHost.exe:*:Enabled:RsvcHost.exe"
"C:\Program Files\Common Files\Rockwell\RdcyHost.exe"="C:\Program Files\Common Files\Rockwell\RdcyHost.exe:*:Enabled:RdcyHost.exe"
"C:\Program Files\Common Files\Rockwell\NmspHost.exe"="C:\Program Files\Common Files\Rockwell\NmspHost.exe:*:Enabled:NmspHost.exe"
"C:\Program Files\Common Files\Rockwell\RnaDirServer.exe"="C:\Program Files\Common Files\Rockwell\RnaDirServer.exe:*:Enabled:RnaDirServer.exe"
"C:\Program Files\Common Files\Rockwell\EventServer.exe"="C:\Program Files\Common Files\Rockwell\EventServer.exe:*:Enabled:EventServer.exe"
"C:\Program Files\Common Files\Rockwell\DaClient.exe"="C:\Program Files\Common Files\Rockwell\DaClient.exe:*:Enabled:DaClient.exe"
"C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe"="C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe:*:Enabled:RnaDiagReceiver.exe"
"C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe"="C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe:*:Enabled:RnaDiagnosticsSrv.exe"
"C:\Program Files\Common Files\Rockwell\VStudio.exe"="C:\Program Files\Common Files\Rockwell\VStudio.exe:*:Enabled:VStudio.exe"
"C:\WINDOWS\system32\OpcEnum.exe"="C:\WINDOWS\system32\OpcEnum.exe:*:Enabled:OPCEnum.exe"
"C:\Program Files\Common Files\Rockwell\countermonitor.exe"="C:\Program Files\Common Files\Rockwell\countermonitor.exe:*:Enabled:CounterMonitor.exe"
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe"="C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe:*:Enabled:RSLinxNG.exe"
"C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe"="C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxShortcutAOA.exe:*:Enabled:RSLinxShortcutAOA.exe"
"C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE"="C:\Program Files\Rockwell Software\RSLINX\RSLINX.EXE:*:Enabled:RSLinx.exe"
"C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe"="C:\Program Files\Rockwell Software\OPCTools\OPCTest\opctest.exe:*:Enabled:OPCTest.exe"

======List of files/folders created in the last 3 months======

2009-04-23 09:48:03 ----D---- C:\rsit
2009-04-22 14:07:43 ----D---- C:\HMI
2009-04-21 13:01:38 ----A---- C:\wlsetup-custom.exe
2009-04-17 15:13:28 ----HDC---- C:\Documents and Settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 15:13:23 ----D---- C:\Program Files\Lavasoft
2009-04-17 15:13:22 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-04-17 14:59:05 ----D---- C:\Program Files\Trend Micro
2009-04-16 10:31:27 ----D---- C:\Program Files\ThreatFire
2009-04-16 10:31:27 ----D---- C:\Documents and Settings\All Users\Application Data\PC Tools
2009-04-16 09:30:14 ----D---- C:\Documents and Settings\Nizam\Application Data\Mozilla
2009-04-16 09:30:04 ----D---- C:\Program Files\Mozilla Firefox
2009-04-07 15:40:36 ----D---- C:\Program Files\Autorun Eater
2009-04-07 15:03:15 ----D---- C:\Program Files\Avira
2009-04-07 15:03:15 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-04-07 14:23:32 ----D---- C:\Documents and Settings\Nizam\Application Data\Spyware Terminator
2009-04-07 14:23:29 ----D---- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2009-04-07 14:23:28 ----D---- C:\Program Files\Spyware Terminator
2009-04-07 14:14:50 ----D---- C:\Program Files\Spyware Doctor
2009-04-07 14:14:50 ----D---- C:\Documents and Settings\Nizam\Application Data\PC Tools
2009-04-07 14:00:58 ----D---- C:\Program Files\Advanced Spyware Remover
2009-04-02 16:29:58 ----A---- C:\WINDOWS\bdagent.INI
2009-04-02 10:03:24 ----A---- C:\WINDOWS\system32\acaptuser32.dll
2009-04-01 09:47:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-04-01 09:47:35 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-31 23:19:27 ----D---- C:\Documents and Settings\Nizam\Application Data\Lavasoft
2009-03-31 14:54:27 ----D---- C:\Program Files\Common Files\OMRON
2009-03-27 10:12:50 ----A---- C:\WINDOWS\SlRegEDS.ini
2009-03-26 13:34:42 ----D---- C:\RSLinx
2009-03-26 12:54:41 ----D---- C:\AB Programs Bak
2009-03-25 15:40:36 ----D---- C:\Documents and Settings\Nizam\Application Data\Google
2009-03-25 15:38:53 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater
2009-03-25 15:38:51 ----D---- C:\Program Files\Google
2009-03-25 13:50:05 ----D---- C:\Documents and Settings\Nizam\Application Data\hott notes 4
2009-03-25 13:50:02 ----D---- C:\Program Files\hott notes 4
2009-03-23 12:55:04 ----A---- C:\WINDOWS\VSLevel2.INI
2009-03-20 10:47:48 ----D---- C:\Program Files\Common Files\Windows Live
2009-03-17 15:53:20 ----D---- C:\Program Files\Windows Live Safety Center
2009-03-16 14:13:08 ----D---- C:\Documents and Settings\All Users\Application Data\FLEXnet
2009-03-16 14:07:25 ----D---- C:\Program Files\Common Files\Macrovision Shared
2009-03-16 14:06:33 ----RA---- C:\WINDOWS\system32\AdobePDFUI.dll
2009-03-16 14:06:33 ----A---- C:\WINDOWS\system32\AdobePDF.dll
2009-03-16 13:55:27 ----D---- C:\temp
2009-03-11 16:40:01 ----HDC---- C:\WINDOWS\$NtUninstallKB960225$
2009-03-11 16:39:51 ----HDC---- C:\WINDOWS\$NtUninstallKB958690$
2009-03-11 16:39:12 ----HDC---- C:\WINDOWS\$NtUninstallKB959772_WM11$
2009-03-10 09:43:48 ----D---- C:\Downloads
2009-03-10 09:43:32 ----D---- C:\Program Files\BitComet
2009-03-02 14:08:43 ----D---- C:\Documents and Settings\Nizam\Application Data\DivX
2009-02-27 10:39:39 ----D---- C:\Documents and Settings\Nizam\Application Data\Conceptworld
2009-02-27 10:39:38 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP
2009-02-27 10:39:30 ----D---- C:\Program Files\Conceptworld
2009-02-27 10:37:17 ----D---- C:\Program Files\NoteGenie
2009-02-27 10:37:14 ----N---- C:\WINDOWS\Setup1.exe
2009-02-27 10:37:12 ----A---- C:\WINDOWS\ST6UNST.EXE
2009-02-26 13:28:28 ----A---- C:\WINDOWS\NeroDigital.ini
2009-02-26 11:49:25 ----D---- C:\Program Files\TechSmith
2009-02-25 11:11:47 ----HDC---- C:\WINDOWS\$NtUninstallKB967715$
2009-02-20 13:57:20 ----D---- C:\old activation
2009-02-20 11:57:14 ----D---- C:\Program Files\ControlFLASH
2009-02-20 11:52:21 ----D---- C:\Documents and Settings\All Users\Application Data\Rockwell Automation
2009-02-18 16:50:43 ----D---- C:\Encoder Program
2009-02-18 16:46:03 ----D---- C:\Program Files\IVO
2009-02-18 15:12:40 ----D---- C:\Documents and Settings\Nizam\Application Data\Rockwell Software
2009-02-18 15:06:18 ----A---- C:\WINDOWS\EVMOVE.INI
2009-02-12 17:30:40 ----HDC---- C:\WINDOWS\$NtUninstallKB885835$
2009-02-12 10:49:53 ----HDC---- C:\WINDOWS\$NtUninstallKB960715$
2009-02-10 12:21:53 ----D---- C:\Program Files\Microsoft Silverlight
2009-02-03 11:48:38 ----D---- C:\Documents and Settings\Nizam\Application Data\Ahead
2009-02-03 10:59:20 ----D---- C:\Documents and Settings\All Users\Application Data\Ahead
2009-02-03 10:57:50 ----D---- C:\Program Files\Nero
2009-02-03 10:57:50 ----D---- C:\Program Files\Common Files\Ahead
2009-02-03 10:57:50 ----D---- C:\Documents and Settings\All Users\Application Data\Nero
2009-02-03 10:55:35 ----A---- C:\WINDOWS\system32\d3dx9_30.dll
2009-02-03 10:55:33 ----A---- C:\WINDOWS\system32\d3dx9_28.dll
2009-02-02 15:21:50 ----A---- C:\WINDOWS\system32\UsbIdLib2.dll
2009-02-02 15:21:49 ----A---- C:\WINDOWS\system32\instuntlW2k.exe
2009-02-02 15:21:37 ----A---- C:\WINDOWS\system32\ftserui2.dll
2009-02-02 15:21:37 ----A---- C:\WINDOWS\system32\FTLang.dll
2009-02-02 15:21:37 ----A---- C:\WINDOWS\system32\FTDIUNIN.exe
2009-02-02 15:21:37 ----A---- C:\WINDOWS\system32\FTDIUN2K.INI
2009-02-02 15:01:43 ----HD---- C:\UnityProTemp
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\UsbRun.exe
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\UsbConsole.exe
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\UsbConnect.exe
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\usbcnx2.dll
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\USB.dll
2009-02-02 14:43:49 ----A---- C:\WINDOWS\system32\DPLCUSBU.dll
2009-02-02 14:43:00 ----A---- C:\WINDOWS\system32\ModbusDrv.exe
2009-02-02 14:43:00 ----A---- C:\WINDOWS\system32\Modbus.dll
2009-02-02 14:43:00 ----A---- C:\WINDOWS\system32\DMODBUSU.dll
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\UNITELW.dll
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\instuntlw98.exe
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\installW2k.exe
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\DUNTLWU.dll
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\DrvCnfRg.dll
2009-02-02 14:41:26 ----A---- C:\WINDOWS\system32\CnfUTW3.exe
2009-02-02 14:41:09 ----A---- C:\WINDOWS\system32\NetAccessLog.txt
2009-02-02 14:41:07 ----A---- C:\WINDOWS\Wnetway2.dll
2009-02-02 14:41:07 ----A---- C:\WINDOWS\WNETWAY.DLL
2009-02-02 14:41:07 ----A---- C:\WINDOWS\WDTGR2.DLL
2009-02-02 14:41:07 ----A---- C:\WINDOWS\WDTGR.DLL
2009-02-02 14:41:07 ----A---- C:\WINDOWS\WCDTGR2.DLL
2009-02-02 14:41:07 ----A---- C:\WINDOWS\WCDTGR.DLL
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\XwayMgrU.dll
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\NA_XWAY.exe
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\NA_Util.dll
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\NA_Service.exe
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\NA_MBP.exe
2009-02-02 14:41:07 ----A---- C:\WINDOWS\system32\NA_Config.exe
2009-02-02 14:41:06 ----A---- C:\WINDOWS\WNETWT32.DLL
2009-02-02 14:41:06 ----A---- C:\WINDOWS\WNETWT16.DLL
2009-02-02 14:38:19 ----D---- C:\WINDOWS\LogPUNIT
2009-02-02 14:32:58 ----D---- C:\Program Files\Common Files\Schneider Electric Shared
2009-02-02 14:32:56 ----D---- C:\Program Files\Schneider Electric
2009-02-02 10:41:19 ----D---- C:\Documents and Settings\Nizam\Application Data\Yahoo!
2009-02-02 10:41:19 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2009-02-02 10:40:23 ----D---- C:\Documents and Settings\All Users\Application Data\Yahoo!
2009-02-02 10:40:19 ----D---- C:\Program Files\Yahoo!
2009-01-27 11:20:06 ----HDC---- C:\WINDOWS\$NtUninstallKB929399$
2009-01-27 11:19:31 ----HDC---- C:\WINDOWS\$NtUninstallKB939683$
2009-01-27 11:18:59 ----HDC---- C:\WINDOWS\$NtUninstallKB954154_WM11$
2009-01-27 11:18:38 ----HDC---- C:\WINDOWS\$NtUninstallKB936782_WMP11$
2009-01-27 09:23:52 ----D---- C:\Documents and Settings\Nizam\Application Data\vlc
2009-01-27 02:41:47 ----D---- C:\Documents and Settings\Nizam\Application Data\dvdcss
2009-01-27 02:41:05 ----D---- C:\Program Files\VideoLAN
2009-01-27 02:33:51 ----HDC---- C:\WINDOWS\$NtUninstallKB926239$
2009-01-27 02:33:17 ----N---- C:\WINDOWS\system32\spmsg.dll
2009-01-27 02:33:16 ----HDC---- C:\WINDOWS\$NtUninstallMSCompPackV1$
2009-01-27 02:32:59 ----D---- C:\Program Files\Windows Media Connect 2
2009-01-27 02:32:47 ----HDC---- C:\WINDOWS\$NtUninstallwmp11$
2009-01-27 02:31:51 ----HDC---- C:\WINDOWS\$NtUninstallWMFDist11$
2009-01-27 02:31:08 ----D---- C:\WINDOWS\system32\LogFiles
2009-01-27 02:31:03 ----HDC---- C:\WINDOWS\$NtUninstallWudf01000$

======List of files/folders modified in the last 3 months======

2009-04-23 09:45:35 ----A---- C:\WINDOWS\ODBC.INI
2009-04-23 09:35:41 ----D---- C:\WINDOWS\system32
2009-04-23 09:35:40 ----D---- C:\WINDOWS\Temp
2009-04-23 09:34:42 ----D---- C:\WINDOWS\system32\drivers
2009-04-23 09:34:41 ----D---- C:\WINDOWS
2009-04-23 09:34:40 ----D---- C:\WINDOWS\system32\CatRoot2
2009-04-23 09:34:26 ----SD---- C:\WINDOWS\Tasks
2009-04-22 18:33:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-04-22 18:31:48 ----HD---- C:\WINDOWS\inf
2009-04-22 17:48:18 ----A---- C:\WINDOWS\CMDBLD.INI
2009-04-22 17:47:58 ----A---- C:\WINDOWS\icedbe.ini
2009-04-22 14:05:53 ----D---- C:\Program Files\Common Files\Rockwell
2009-04-22 11:43:07 ----D---- C:\WINDOWS\Prefetch
2009-04-22 09:25:08 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-04-21 13:12:46 ----SD---- C:\Documents and Settings\Nizam\Application Data\Microsoft
2009-04-21 12:09:16 ----A---- C:\WINDOWS\hpbafd.ini
2009-04-17 15:13:51 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-04-17 15:13:28 ----SHD---- C:\WINDOWS\Installer
2009-04-17 15:13:28 ----SHD---- C:\Config.Msi
2009-04-17 15:13:23 ----RD---- C:\Program Files
2009-04-17 15:06:56 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft
2009-04-16 12:28:05 ----D---- C:\Program Files\BitDefender
2009-04-16 12:12:57 ----SHD---- C:\RECYCLER
2009-04-16 09:24:05 ----D---- C:\WINDOWS\WinSxS
2009-04-16 09:23:19 ----D---- C:\Program Files\Windows Live
2009-04-14 10:45:07 ----D---- C:\Software Done
2009-04-01 13:25:01 ----D---- C:\AB-ACTIVATIONS
2009-03-31 15:53:39 ----A---- C:\WINDOWS\EDS.ini
2009-03-31 15:04:07 ----D---- C:\Program Files\Rockwell Automation
2009-03-31 14:54:36 ----RSD---- C:\WINDOWS\assembly
2009-03-31 14:54:30 ----A---- C:\WINDOWS\rocksoft.ini
2009-03-31 14:54:28 ----D---- C:\Program Files\Rockwell Software
2009-03-31 14:54:27 ----D---- C:\Program Files\Common Files
2009-03-26 13:34:45 ----A---- C:\WINDOWS\RLEIcons.ini
2009-03-16 14:13:20 ----D---- C:\Documents and Settings\Nizam\Application Data\Adobe
2009-03-16 14:07:29 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-03-16 14:07:28 ----D---- C:\Program Files\Common Files\Adobe
2009-03-16 14:01:27 ----RSD---- C:\WINDOWS\Fonts
2009-03-16 14:00:33 ----D---- C:\Program Files\Adobe
2009-03-16 13:15:50 ----D---- C:\WINDOWS\Help
2009-03-11 16:40:03 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-03-11 16:39:58 ----A---- C:\WINDOWS\imsins.BAK
2009-03-11 09:57:17 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 10:37:50 ----A---- C:\WINDOWS\EvMoveW.INI
2009-03-09 13:14:11 ----D---- C:\WINDOWS\Minidump
2009-03-05 18:04:23 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-02-26 15:55:56 ----D---- C:\Documents and Settings\Nizam\Application Data\Help
2009-02-25 12:55:00 ----A---- C:\WINDOWS\system32\MRT.exe
2009-02-23 16:53:39 ----D---- C:\Documents and Settings\All Users\Application Data\WLInstaller
2009-02-19 12:34:16 ----A---- C:\WINDOWS\win.ini
2009-02-12 10:49:32 ----D---- C:\Program Files\Internet Explorer
2009-02-12 10:49:17 ----D---- C:\WINDOWS\ie7updates
2009-02-10 01:33:01 ----D---- C:\Program Files\DivX
2009-02-04 11:00:03 ----A---- C:\WINDOWS\system.ini
2009-02-03 10:55:36 ----D---- C:\WINDOWS\system32\DirectX
2009-02-02 15:28:49 ----D---- C:\WINDOWS\system32\CatRoot
2009-02-02 15:22:58 ----HD---- C:\Program Files\InstallShield Installation Information
2009-01-27 02:36:58 ----D---- C:\WINDOWS\AppPatch
2009-01-27 02:36:58 ----D---- C:\Program Files\Windows Media Player

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 APPDRV;APPDRV; C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS [2005-08-12 16128]
R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2009-02-13 95576]
R1 bdftdif;bdftdif; \??\C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdftdif.sys []
R1 InCDPass;InCDPass; C:\WINDOWS\system32\drivers\InCDPass.sys [2007-06-25 36776]
R1 incdrm;InCD Reader; C:\WINDOWS\system32\drivers\InCDRm.sys [2007-06-25 38440]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-12 36096]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-04 14848]
R1 OMCI;OMCI; C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS [2001-08-22 13632]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-02-13 28376]
R1 Tosrfcom;Bluetooth RFCOMM; C:\WINDOWS\System32\Drivers\tosrfcom.sys [2007-05-24 64000]
R1 VirtualBackplane;A-B Virtual Backplane; \??\C:\WINDOWS\system32\drivers\VirtualBackplane.sys []
R1 vmm;Virtual Machine Monitor; \??\C:\WINDOWS\system32\Drivers\vmm.sys []
R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2004-08-03 8832]
R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2009-02-13 55640]
R2 BASFND;BASFND; \??\C:\Program Files\Broadcom\ASFIPMon\BASFND.sys []
R2 Hardlock;Hardlock; \??\C:\WINDOWS\system32\drivers\hardlock.sys []
R2 Haspnt;Haspnt; \??\C:\WINDOWS\system32\drivers\Haspnt.sys []
R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R3 ApfiltrService;Alps Touch Pad Filter Driver for Windows 2000/XP/Vista; C:\WINDOWS\system32\DRIVERS\Apfiltr.sys [2007-06-25 155136]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-12 60800]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2007-02-16 160256]
R3 BCM43XX;Dell Wireless WLAN Card Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-10-24 1287552]
R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2008-09-18 111112]
R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-01-15 242184]
R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys []
R3 CmBatt;Microsoft AC Adapter Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2004-08-03 14080]
R3 Duntlw;UNTLW device; C:\WINDOWS\System32\Drivers\DuntlwNT.sys [2005-04-13 54208]
R3 DXEC01;DXEC01; C:\WINDOWS\system32\drivers\dxec01.sys [2006-11-02 97536]
R3 guardian2;guardian2; C:\WINDOWS\System32\Drivers\oz776.sys [2007-12-23 68696]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2004-08-12 137728]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2007-08-02 989952]
R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2007-08-02 211200]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-12 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-02-22 6658592]
R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-05-10 1222840]
R3 TfNetMon;TfNetMon; \??\C:\WINDOWS\system32\drivers\TfNetMon.sys []
R3 tosporte;Bluetooth COM Port; C:\WINDOWS\system32\DRIVERS\tosporte.sys [2006-10-10 41600]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-10-25 27264]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys [2007-01-29 59280]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2007-08-02 731136]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDFs.sys [2007-06-25 119080]
S3 IKFileSec;File Security Driver; C:\WINDOWS\system32\drivers\ikfilesec.sys [2008-06-02 42376]
S3 IKSysFlt;System Filter Driver; C:\WINDOWS\system32\drivers\iksysflt.sys [2008-06-02 66952]
S3 IKSysSec;System Security Driver; C:\WINDOWS\system32\drivers\iksyssec.sys [2008-06-10 81288]
S3 pcidnt;pcidnt; C:\WINDOWS\System32\Drivers\pcidnt.sys []
S3 Profos;Profos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys []
S3 RsiKtControl;RsiKtControl; C:\WINDOWS\system32\RSIKT.SYS [2008-07-05 39067]
S3 RSI-PKTX-A;RSI-PKTX-A; C:\WINDOWS\System32\drivers\RSI-PKTX-A.SYS [2002-11-13 16447]
S3 RSLINXNGKtControl;RSLINXNGKtControl; C:\WINDOWS\System32\drivers\RSIKTNG.SYS [2002-04-23 38999]
S3 RSSERIAL;RSLinx Classic Serial Driver; C:\WINDOWS\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
S3 tosrfbd;Bluetooth RFBUS; C:\WINDOWS\system32\DRIVERS\tosrfbd.sys [2007-04-24 113920]
S3 tosrfbnp;Bluetooth RFBNEP; C:\WINDOWS\System32\Drivers\tosrfbnp.sys [2006-11-20 36480]
S3 Tosrfhid;Bluetooth RFHID; C:\WINDOWS\system32\DRIVERS\Tosrfhid.sys [2007-03-01 73728]
S3 tosrfnds;Bluetooth Personal Area Network; C:\WINDOWS\system32\DRIVERS\tosrfnds.sys [2005-01-06 18612]
S3 Tosrfusb;Bluetooth USB Controller; C:\WINDOWS\system32\DRIVERS\tosrfusb.sys [2007-06-11 41856]
S3 Trufos;Trufos; \??\C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys []
S3 UIUSys;Conexant Setup API; C:\WINDOWS\system32\drivers\UIUSys.sys []
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2009-03-05 108289]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2009-03-02 185089]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 FTActivationBoost;FactoryTalk Activation Helper; C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2008-09-29 66848]
R2 FTAE_Archiver;Rockwell Alarm History Archiver; C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe [2007-09-18 61440]
R2 FTAE_HistServ;Rockwell Alarm Historian; C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe [2007-09-18 143360]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2009-03-09 951632]
R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe [2009-02-09 431424]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 NA_Service;NetAccess Service; C:\WINDOWS\system32\NA_Service.exe [2005-09-13 49152]
R2 NICCONFIGSVC;NICCONFIGSVC; C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe [2008-02-22 475136]
R2 NmspHost;Rockwell Namespace Services; C:\Program Files\Common Files\Rockwell\NmspHost.exe [2008-06-25 218408]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-02-22 155716]
R2 RdcyHost;Rockwell Redundancy Services; C:\Program Files\Common Files\Rockwell\RdcyHost.exe [2008-06-25 218408]
R2 RnaAeServer;Rockwell Alarm Server; C:\Program Files\Common Files\Rockwell\RnaAeServer.exe [2007-09-18 270336]
R2 RnaAlarmMux;Rockwell Alarm Multiplexer; C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe [2007-09-21 753664]
R2 RNADiagnosticsService;FactoryTalk Diagnostics Local Reader; C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe [2008-06-25 34088]
R2 RNADirectory;Rockwell Directory Server; C:\Program Files\Common Files\Rockwell\RnaDirServer.exe [2008-06-25 902440]
R2 Rockwell HMI Diagnostics;Rockwell HMI Diagnostics; C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe [2007-09-18 77824]
R2 Rockwell HMI Framework;Rockwell HMI Framework; C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe [2007-09-18 491520]
R2 RSLinx;RSLinx Classic; C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE [2008-07-25 1971768]
R2 RSLinxNG;RSLinx Enterprise; C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe [2008-07-02 192512]
R2 RsvcHost;Rockwell Application Services; C:\Program Files\Common Files\Rockwell\RsvcHost.exe [2008-06-25 218408]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2009-04-07 487424]
R2 STacSV;SigmaTel Audio Service; C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe [2007-05-10 94208]
R2 ThreatFire;ThreatFire; C:\Program Files\ThreatFire\TFService.exe [2009-03-03 70928]
R2 UsbConnect;Usb PLC; C:\WINDOWS\SYSTEM32\UsbConnect.exe [2004-03-27 61440]
R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe [2009-01-15 1581056]
R2 wltrysvc;Dell Wireless WLAN Tray Service; C:\WINDOWS\System32\WLTRYSVC.EXE [2008-10-24 24064]
R3 EventClientMultiplexer;Rockwell Event Multiplexer; C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe [2008-06-25 292136]
R3 EventServer;Rockwell Event Server; C:\Program Files\Common Files\Rockwell\EventServer.exe [2008-06-25 222504]
R3 Harmony;Harmony; C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE [2008-05-24 202024]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2007-06-27 279848]
R3 RNADirMultiplexor;Rockwell Directory Multiplexer; C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe [2008-06-25 996648]
S2 gupdate1c9ad81742fabfc;Google Update Service (gupdate1c9ad81742fabfc); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 183280]
S3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [2008-07-23 106496]
S3 Arrakis3;BitDefender Arrakis Server; C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 dnWhoDisp;dnWhoDisp; C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe [2008-05-27 70952]
S3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
S3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
S3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
S3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-03-16 651720]
S3 HealthSystemInfo;HealthSystemInfo; C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe [2005-10-01 118867]
S3 HP Status Server;HP Status Server; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE [2004-10-16 73728]
S3 LogReceiver;LogReceiver; C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2008-07-02 86016]
S3 NBService;NBService; C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe [2007-06-29 800040]
S3 OpcEnum;OpcEnum; C:\WINDOWS\system32\OpcEnum.exe [2005-11-25 98304]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe [2005-04-29 69632]
S3 RNADiagReceiver;FactoryTalk Diagnostics CE Receiver; C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe [2008-06-25 148776]
S3 Rockwell HMI Activity Logger;Rockwell HMI Activity Logger; C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe [2007-09-18 98304]
S3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger; C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [2007-09-18 77824]
S3 Rockwell Tag Server;Rockwell Tag Server; C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe [2007-09-18 147456]
S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2004-08-12 14336]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files\Spyware Doctor\pctsAuxs.exe [2008-06-13 356920]
S3 sdCoreService;PC Tools Security Service; C:\Program Files\Spyware Doctor\pctsSvc.exe [2008-07-03 1073544]
S3 SimModuleService;1789-SIM Simulator Module; C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [2008-07-23 98304]
S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-12 14336]
S4 InCDsrv;InCD Helper; C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe [2007-06-25 1552680]

-----------------EOF-----------------

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 23 April 2009 - 11:15 AM

The computer is infected with a DNS-Changer trojan which redirects the internet traffic to Ukraine and none of those security applications is spotting it. Later on you may decide to get rid of some of them.
  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    Therefore please go to add/remove in the control panel and remove either BitDefender 2009 or Avira AntiVir Personal.

  • Please download Malwarebytes' Anti-Malware from MajorGeeks
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please copy and paste a fresh Hijackthis log to your reply.
Please include in your next reply:
  • The log of MBAM.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#5 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 23 April 2009 - 11:32 AM

the setup for malware bites just sits there at around 60%. I checked task manager and it doesn't says "running" :S

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 23 April 2009 - 12:57 PM

I'll send you a PM (Private Message).

Edited by farbar, 23 April 2009 - 01:06 PM.


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 23 April 2009 - 05:34 PM

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.ca
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C37A410A-4C35-4C63-958F-7B92C4D1C749}: NameServer = 85.255.112.175,85.255.112.179
    O17 - HKLM\System\CCS\Services\Tcpip\..\{E2388D03-8905-4F54-BA9C-2B9CC360F018}: NameServer = 85.255.112.175,85.255.112.179
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.175,85.255.112.179


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • Start in Safe Mode Using the F8 key:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
    • Use the arrow keys to select the Safe Mode with Networking menu item.
    • Press the Enter key.
    • Log to your usual account.
  • Now install and run MBAM. Additional instruction via PM.


#8 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 24 April 2009 - 10:29 AM

FARBAR

I have finally managed to install and update malwarebytes and run a scan. Now my browser doesn't redirect to random site anymore.
Thanks for all your help


Malwarebytes' Anti-Malware 1.36
Database version: 2036
Windows 5.1.2600 Service Pack 2

4/24/2009 11:08:57 AM
mbam-log-2009-04-24 (11-08-51).txt

Scan type: Quick Scan
Objects scanned: 89690
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\tempo-201390.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-221046.tmp (Trojan.DNSChanger) -> No action taken.
C:\WINDOWS\Temp\tempo-607875.tmp (Trojan.DNSChanger) -> No action taken.

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 24 April 2009 - 12:11 PM

I got your PM. Very well done :thumbup2:

Good news, but I want to make sure all of them are taken out.

C:\WINDOWS\system32\gaopdxcounter (Trojan.Agent) -> No action taken.


This basically means just scanning. Please run MBAM again, when it shows the result make sure that everything is checked, and click Remove Selected. If it needed a reboot to remove the files let it reboot. Make sure you get a clean log. No need to post the log if it is clean.

  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
Please include in your next reply:
  • The Combofix log.
  • A fresh Hijackthis log.
  • Any comment or feedback about how it went.


#10 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 28 April 2009 - 02:40 PM

ComboFix 09-04-25.A3 - Nizam 04/27/2009 11:46.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1485 [GMT -4:00]
Running from: c:\documents and settings\Nizam\My Documents\Downloads\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\gaopdxbjftehkxyotxtlcnkdsbrhxoauevrptk.sys
c:\windows\system32\drivers\gaopdxotaghnejydiepoancldoyeeruldtvvut.sys
c:\windows\system32\drivers\gaopdxtfvyjygmpqrxbqeuqsogofmpbendfoua.sys
c:\windows\system32\drivers\gaopdxtnlmetpglbeuekhrteygjqpbikgjmfrc.sys
c:\windows\system32\drivers\gaopdxyvkqotrqtyxuwnxsiltvdgiyuwpbbfcm.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxyibkvjkgeloawuptnbguuodskaomktar.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-05-27 to 2009-4-27 )))))))))))))))))))))))))))))))
.

2009-04-24 20:27 . 2006-01-10 00:01 33792 ------w c:\windows\system32\mmcperf.exe
2009-04-24 20:27 . 2006-01-09 23:11 106496 ------w c:\windows\system32\mmcfxcommon.dll
2009-04-24 20:27 . 2006-01-09 23:10 184320 ------w c:\windows\system32\microsoft.managementconsole.dll
2009-04-24 20:20 . 2001-08-17 17:28 771581 -c--a-w c:\windows\system32\dllcache\winacisa.sys
2009-04-24 20:19 . 2001-08-17 16:14 249402 -c--a-w c:\windows\system32\dllcache\vinwm.sys
2009-04-24 20:18 . 2001-08-18 02:36 50688 -c--a-w c:\windows\system32\dllcache\umaxscan.dll
2009-04-24 20:17 . 2001-08-17 17:51 4992 -c--a-w c:\windows\system32\dllcache\toside.sys
2009-04-24 20:16 . 2001-08-17 18:07 28384 -c--a-w c:\windows\system32\dllcache\sym_hi.sys
2009-04-24 20:15 . 2001-08-17 18:07 19072 -c--a-w c:\windows\system32\dllcache\sparrow.sys
2009-04-24 20:14 . 2004-08-04 04:56 73796 -c--a-w c:\windows\system32\dllcache\slserv.exe
2009-04-24 20:13 . 2001-08-17 17:48 17664 -c--a-w c:\windows\system32\dllcache\sermouse.sys
2009-04-24 20:12 . 2001-08-17 16:50 166720 -c--a-w c:\windows\system32\dllcache\s3m.sys
2009-04-24 20:11 . 2001-08-17 17:52 49024 -c--a-w c:\windows\system32\dllcache\ql1280.sys
2009-04-24 20:10 . 2001-08-18 02:36 121344 -c--a-w c:\windows\system32\dllcache\phvfwext.dll
2009-04-24 20:09 . 2001-08-18 02:36 39424 -c--a-w c:\windows\system32\dllcache\ovcoms.exe
2009-04-24 20:08 . 2001-08-17 16:12 32840 -c--a-w c:\windows\system32\dllcache\ngrpci.sys
2009-04-24 20:07 . 2004-08-04 02:41 1309184 -c--a-w c:\windows\system32\dllcache\mtlstrm.sys
2009-04-24 20:06 . 2001-08-17 17:58 8320 -c--a-w c:\windows\system32\dllcache\memcard.sys
2009-04-24 20:05 . 2001-08-18 02:36 242176 -c--a-w c:\windows\system32\dllcache\kdsusd.dll
2009-04-24 20:04 . 2001-08-18 02:36 372824 -c--a-w c:\windows\system32\dllcache\iconf32.dll
2009-04-24 20:03 . 2004-08-04 02:41 1041536 -c--a-w c:\windows\system32\dllcache\hsfdpsp2.sys
2009-04-24 20:02 . 2001-08-18 02:36 126976 -c--a-w c:\windows\system32\dllcache\hpgt34tk.dll
2009-04-24 20:01 . 2001-08-17 16:14 441728 -c--a-w c:\windows\system32\dllcache\fpcmbase.sys
2009-04-24 20:00 . 2001-08-17 17:50 114944 -c--a-w c:\windows\system32\dllcache\epstw2k.sys
2009-04-24 19:59 . 2001-08-18 02:36 614429 -c--a-w c:\windows\system32\dllcache\digiview.exe
2009-04-24 19:58 . 2001-08-17 16:11 39936 -c--a-w c:\windows\system32\dllcache\cnxt1803.sys
2009-04-24 19:57 . 2001-08-18 02:36 81408 -c--a-w c:\windows\system32\dllcache\brmfcwia.dll
2009-04-24 19:56 . 2004-08-04 04:56 3967 -c--a-w c:\windows\system32\dllcache\adv02nt5.dll
2009-04-24 19:42 . 2009-04-24 19:42 -------- d-----w c:\windows\system32\Dell
2009-04-24 15:44 . 2009-04-24 15:44 47 ----a-w c:\windows\RSVIEW.INI
2009-04-24 15:40 . 2009-04-27 15:53 -------- d-----w c:\documents and settings\Nizam\Tracing
2009-04-24 15:39 . 2009-04-24 15:39 -------- d-----w c:\program files\Microsoft
2009-04-24 15:39 . 2009-04-24 15:39 -------- d-----w c:\program files\Windows Live SkyDrive
2009-04-24 15:32 . 2009-04-24 15:32 -------- d-----w C:\hotfix
2009-04-24 14:37 . 2009-04-24 14:37 -------- d--h--w c:\windows\PIF
2009-04-24 14:34 . 2009-04-24 14:34 -------- d-----w c:\documents and settings\Nizam\Application Data\Malwarebytes
2009-04-24 14:32 . 2009-04-24 15:08 -------- d-----w C:\nizams wonderland
2009-04-23 13:48 . 2009-04-23 13:48 -------- d-----w C:\rsit
2009-04-22 18:07 . 2009-04-22 18:08 -------- d-----w C:\HMI
2009-04-21 17:01 . 2009-04-21 15:01 1144168 ----a-w C:\wlsetup-custom.exe
2009-04-17 19:13 . 2009-04-24 19:14 64160 ----a-w c:\windows\system32\drivers\Lbd.sys
2009-04-17 19:13 . 2009-04-17 19:13 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-17 19:13 . 2009-04-17 19:13 -------- d-----w c:\program files\Lavasoft
2009-04-17 19:13 . 2009-04-17 19:13 -------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2009-04-17 18:59 . 2009-04-17 18:59 -------- d-----w c:\program files\Trend Micro
2009-04-16 14:31 . 2009-04-16 14:31 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-04-16 13:30 . 2009-04-16 13:30 -------- d-----w c:\documents and settings\Nizam\Local Settings\Application Data\Mozilla
2009-04-07 19:40 . 2009-04-16 14:34 -------- d-----w c:\program files\Autorun Eater
2009-04-07 19:03 . 2009-02-13 15:31 55640 ----a-w c:\windows\system32\drivers\avgntflt.sys
2009-04-07 18:00 . 2009-04-07 18:00 -------- d-----w c:\program files\Advanced Spyware Remover
2009-04-02 20:29 . 2009-04-27 15:42 121 ----a-w c:\windows\bdagent.INI
2009-04-02 14:03 . 2009-02-27 16:55 111992 ----a-w c:\windows\system32\acaptuser32.dll
2009-04-01 13:47 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-01 13:47 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-01 13:47 . 2009-04-24 14:27 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-01 13:47 . 2009-04-01 13:47 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-01 13:45 . 2009-04-01 13:45 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2009-04-01 03:19 . 2009-04-17 19:06 -------- d-----w c:\documents and settings\Nizam\Application Data\Lavasoft
2009-03-31 18:54 . 2009-03-31 18:54 -------- d-----w c:\program files\Common Files\OMRON

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-27 15:50 . 2009-01-15 15:54 81984 ----a-w c:\windows\system32\bdod.bin
2009-04-27 15:21 . 2009-04-24 14:40 6614 ----a-w C:\avenger.txt
2009-04-27 15:10 . 2009-01-02 14:51 55088 ---ha-w c:\windows\system32\mlfcache.dat
2009-04-27 14:05 . 2008-12-31 16:34 244479 ----a-w c:\windows\system32\nvModes.dat
2009-04-27 14:00 . 2009-03-25 19:38 -------- d-----w c:\documents and settings\All Users\Application Data\Google Updater
2009-04-24 15:40 . 2008-12-31 18:12 75872 ----a-w c:\documents and settings\Nizam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 15:39 . 2009-01-03 14:39 -------- d-----w c:\program files\Windows Live
2009-04-24 14:48 . 2009-02-27 14:39 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-04-22 18:05 . 2009-01-07 14:58 -------- d-----w c:\program files\Common Files\Rockwell
2009-04-16 16:28 . 2009-01-01 15:39 -------- d-----w c:\program files\BitDefender
2009-04-16 13:22 . 2009-02-02 14:40 -------- d-----w c:\program files\Yahoo!
2009-04-16 13:22 . 2009-02-02 14:40 -------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-14 15:02 . 2009-03-17 19:53 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-02 16:21 . 2009-03-10 13:43 -------- d-----w c:\program files\BitComet
2009-03-31 19:04 . 2009-01-07 16:26 -------- d-----w c:\program files\Rockwell Automation
2009-03-31 18:54 . 2009-01-07 15:00 -------- d-----w c:\program files\Rockwell Software
2009-03-25 19:40 . 2009-03-25 19:38 -------- d-----w c:\program files\Google
2009-03-25 17:50 . 2009-03-25 17:50 -------- d-----w c:\documents and settings\Nizam\Application Data\hott notes 4
2009-03-25 17:50 . 2009-03-25 17:50 -------- d-----w c:\program files\hott notes 4
2009-03-23 20:54 . 2009-03-23 20:54 244 ---ha-w C:\sqmnoopt00.sqm
2009-03-23 20:54 . 2009-03-23 20:54 232 ---ha-w C:\sqmdata00.sqm
2009-03-20 14:47 . 2009-03-20 14:47 -------- d-----w c:\program files\Common Files\Windows Live
2009-03-16 18:13 . 2009-03-16 18:13 -------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-03-16 18:07 . 2008-12-31 17:56 -------- d-----w c:\program files\Common Files\Adobe
2009-03-16 18:07 . 2009-03-16 18:07 -------- d-----w c:\program files\Common Files\Macrovision Shared
2009-03-10 14:23 . 2009-02-25 16:46 320 --sh--r C:\EVRSI.SYS
2009-03-10 14:23 . 2009-02-25 16:46 260 --sha-r C:\386SWAP.PAR
2009-03-06 14:44 . 2004-08-12 13:26 283648 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-12 13:33 826368 ----a-w c:\windows\system32\wininet.dll
2009-03-02 18:12 . 2009-02-03 15:48 -------- d-----w c:\documents and settings\Nizam\Application Data\Ahead
2009-03-02 18:08 . 2009-03-02 18:08 -------- d-----w c:\documents and settings\Nizam\Application Data\DivX
2009-02-27 14:39 . 2009-02-27 14:39 -------- d-----w c:\documents and settings\Nizam\Application Data\Conceptworld
2009-02-27 14:39 . 2009-02-27 14:39 -------- d-----w c:\program files\Conceptworld
2009-02-27 14:39 . 2009-02-27 14:37 -------- d-----w c:\program files\NoteGenie
2009-02-27 14:37 . 2009-02-27 14:37 249856 ------w c:\windows\Setup1.exe
2009-02-27 14:37 . 2009-02-27 14:37 73216 ----a-w c:\windows\ST6UNST.EXE
2009-02-27 14:20 . 2009-02-10 16:21 -------- d-----w c:\program files\Microsoft Silverlight
2009-02-20 18:09 . 2004-08-12 13:19 78336 ----a-w c:\windows\system32\ieencode.dll
2009-02-09 10:20 . 2008-12-31 16:55 723456 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 10:20 . 2004-08-12 13:27 399360 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 10:20 . 2008-12-31 16:55 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 10:20 . 2008-12-31 16:55 616960 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 10:19 . 2008-12-31 16:55 1846272 ----a-w c:\windows\system32\win32k.sys
2009-02-06 22:52 . 2009-02-06 22:52 49504 ----a-w c:\windows\system32\sirenacm.dll
2009-02-06 17:22 . 2008-12-31 16:55 2136064 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 17:14 . 2008-12-31 16:55 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 16:54 . 2004-08-12 13:27 35328 ----a-w c:\windows\system32\sc.exe
2009-02-06 16:49 . 2008-12-31 16:55 2015744 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:08 . 2004-08-12 13:28 55808 ----a-w c:\windows\system32\secur32.dll
2009-02-02 19:15 . 2009-02-02 18:33 63220 ----a-w C:\xerror.log
2009-01-20 19:20 . 2009-01-07 15:01 128 ----a-w c:\documents and settings\Nizam\Local Settings\Application Data\fusioncache.dat
2009-01-07 15:43 . 2009-01-07 15:43 23 ----a-w c:\documents and settings\Nizam\autoexec.bat
2009-04-24 15:2009-04-16 14:23 02:24 . c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-04 133104]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-25 39408]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-25 2220032]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"ITSecMng"="c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2007-08-01 65536]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-07-02 159744]
"KADxMain"="c:\windows\system32\KADxMain.exe" [2006-11-02 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-22 13508608]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-22 86016]
"BDAgent"="c:\program files\BitDefender\BitDefender 2009\bdagent.exe" [2009-04-24 778240]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2009\IEShow.exe" [2009-04-24 69632]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"UsbCipHelper"="c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe" [2008-05-27 434176]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2009-02-27 38768]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2009-02-27 640376]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-04-24 516440]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-02-22 1626112]
"NVHotkey"="nvHotkey.dll" - c:\windows\system32\nvhotkey.dll [2008-02-22 86016]

c:\documents and settings\Nizam\Start Menu\Programs\Startup\
hott notes 4.lnk - c:\program files\hott notes 4\hottnotes.exe [2007-5-15 1249280]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-7-31 2158592]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-12-31 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=acaptuser32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v16\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Rockwell Software\\RSView\\sptddssv32.exe"=
"c:\\Program Files\\Rockwell Software\\RSView\\SptFTServer.exe"=
"c:\\Program Files\\Rockwell Software\\RSView\\sptddeex32.exe"=
"c:\\Program Files\\Rockwell Software\\RSView\\MonitorRemoteProcesses.exe"=
"c:\\Program Files\\Rockwell Software\\RDM\\Cmeopc32.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RSViewLogServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RSVWHist.exe"=
"c:\\WINDOWS\\system32\\netdde.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Nizam\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\Rockwell Software\\RSLogix 5000\\ENU\\v17\\Bin\\RS5000.Exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventClientMultiplexer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RsvcHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RdcyHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\NmspHost.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RnaDirServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\EventServer.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\DaClient.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagReceiver.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\RNADiagnosticsSrv.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\VStudio.exe"=
"c:\\WINDOWS\\system32\\OpcEnum.exe"=
"c:\\Program Files\\Common Files\\Rockwell\\countermonitor.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxNG.exe"=
"c:\\Program Files\\Rockwell Software\\RSLinx Enterprise\\RSLinxShortcutAOA.exe"=
"c:\\Program Files\\Rockwell Software\\RSLINX\\RSLINX.EXE"=
"c:\\Program Files\\Rockwell Software\\OPCTools\\OPCTest\\opctest.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:Port 135 TCP
"24277:TCP"= 24277:TCP:*:Disabled:BitComet 24277 TCP
"24277:UDP"= 24277:UDP:*:Disabled:BitComet 24277 UDP

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R2 gupdate1c9ad81742fabfc;Google Update Service (gupdate1c9ad81742fabfc);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 133104]
R3 1784-PCIDS DeviceNet;1784-PCIDS DeviceNet;c:\program files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe [2008-07-23 106496]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe [2008-07-17 118784]
R3 EmuLogix 5868 Slot0;EmuLogix 5868 Slot0;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot1;EmuLogix 5868 Slot1;c:\program files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
R3 EmuLogix 5868 Slot10;EmuLogix 5868 Slot10;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot11;EmuLogix 5868 Slot11;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot12;EmuLogix 5868 Slot12;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot13;EmuLogix 5868 Slot13;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot14;EmuLogix 5868 Slot14;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot15;EmuLogix 5868 Slot15;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot16;EmuLogix 5868 Slot16;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot2;EmuLogix 5868 Slot2;c:\program files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
R3 EmuLogix 5868 Slot3;EmuLogix 5868 Slot3;c:\program files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe [2008-07-23 2068480]
R3 EmuLogix 5868 Slot4;EmuLogix 5868 Slot4;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot5;EmuLogix 5868 Slot5;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot6;EmuLogix 5868 Slot6;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot7;EmuLogix 5868 Slot7;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot8;EmuLogix 5868 Slot8;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 EmuLogix 5868 Slot9;EmuLogix 5868 Slot9;c:\program files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe [2005-07-08 1425408]
R3 HealthSystemInfo;HealthSystemInfo;c:\program files\Schneider Electric\Unity Pro\HealthSystemInfo.exe [2005-10-01 118867]
R3 LogReceiver;LogReceiver;c:\program files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe [2008-07-02 86016]
R3 pcidnt;pcidnt; [x]
R3 Rockwell HMI Alarm Logger;Rockwell HMI Alarm Logger;c:\program files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe [2007-09-19 77824]
R3 RSI-PKTX-A;RSI-PKTX-A;c:\windows\System32\drivers\RSI-PKTX-A.SYS [2002-11-13 16447]
R3 RsiKtControl;RsiKtControl;c:\windows\system32\RSIKT.SYS [2008-07-05 39067]
R3 RSLINXNGKtControl;RSLINXNGKtControl;c:\windows\System32\drivers\RSIKTNG.SYS [2002-04-23 38999]
R3 RSSERIAL;RSLinx Classic Serial Driver;c:\windows\SYSTEM32\RSSERIAL.SYS [2008-07-05 155440]
R3 SimModuleService;1789-SIM Simulator Module;c:\program files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe [2008-07-23 98304]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-24 64160]
S1 VirtualBackplane;A-B Virtual Backplane;c:\windows\system32\drivers\VirtualBackplane.sys [2008-07-23 63544]
S2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [2006-12-19 79432]
S2 FTActivationBoost;FactoryTalk Activation Helper;c:\program files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe [2008-09-29 66848]
S2 FTAE_Archiver;Rockwell Alarm History Archiver;c:\program files\Common Files\Rockwell\FTAEArchiver.exe [2007-09-18 61440]
S2 FTAE_HistServ;Rockwell Alarm Historian;c:\program files\Common Files\Rockwell\FTAE_HistServ.exe [2007-09-18 143360]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-04-24 953168]
S2 NA_Service;NetAccess Service;c:\windows\system32\NA_Service.exe [2005-09-13 49152]
S2 NmspHost;Rockwell Namespace Services;c:\program files\Common Files\Rockwell\NmspHost.exe [2008-06-25 218408]
S2 RdcyHost;Rockwell Redundancy Services;c:\program files\Common Files\Rockwell\RdcyHost.exe [2008-06-25 218408]
S2 RnaAeServer;Rockwell Alarm Server;c:\program files\Common Files\Rockwell\RnaAeServer.exe [2007-09-18 270336]
S2 RnaAlarmMux;Rockwell Alarm Multiplexer;c:\program files\Common Files\Rockwell\RnaAlarmMux.exe [2007-09-21 753664]
S2 Rockwell HMI Framework;Rockwell HMI Framework;c:\program files\Rockwell Software\RSView Enterprise\ServerFramework.exe [2007-09-19 491520]
S2 UsbConnect;Usb PLC;c:\windows\SYSTEM32\UsbConnect.exe [2004-03-27 61440]
S3 bdfm;bdfm;c:\windows\system32\drivers\bdfm.sys [2008-09-18 111112]
S3 Duntlw;UNTLW device;c:\windows\system32\Drivers\DuntlwNT.sys [2005-04-13 54208]
S3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [2006-11-02 97536]
S3 EventServer;Rockwell Event Server;c:\program files\Common Files\Rockwell\EventServer.exe [2008-06-25 222504]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
.
Contents of the 'Scheduled Tasks' folder

2009-04-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:13]

2009-02-13 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-04-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-25 19:38]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-25 19:39]

2009-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-1482476501-839522115-1003.job
- c:\documents and settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-04 03:10]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
Notify-dimsntfy - (no file)


.
------- Supplementary Scan -------
.
mStart Page = www.google.ca
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
TCP: {C37A410A-4C35-4C63-958F-7B92C4D1C749} = 198.235.216.134,198.235.216.135
FF - ProfilePath - c:\documents and settings\Nizam\Application Data\Mozilla\Firefox\Profiles\2o0bjbnz.default\
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - plugin: c:\documents and settings\Nizam\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-27 11:53
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
UsbCipHelper = c:\program files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe????????????j?w??????@???D????? ??|P?E????|????????????1??|????P?E?????????????????????????????>?@?????????<??????|?????????????$???? ???D??????>@????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1268)
c:\windows\System32\BCMLogon.dll

- - - - - - - > 'explorer.exe'(3828)
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2009\vsserv.exe
c:\windows\system32\WLTRYSVC.EXE
c:\windows\system32\BCMWLTRY.EXE
c:\windows\system32\scardsvr.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Rockwell Software\RSCommon\RSOBSERV.EXE
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\ModbusDrv.exe
c:\program files\Dell\QuickSet\NicConfigSvc.exe
c:\windows\system32\NA_XWAY.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Rockwell\RNADiagnosticsSrv.exe
c:\program files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
c:\progra~1\ROCKWE~1\RSLINX\RSLINX.EXE
c:\program files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
c:\program files\Common Files\Rockwell\RsvcHost.exe
c:\program files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\stacsv.exe
c:\program files\Common Files\Rockwell\EventClientMultiplexer.exe
c:\windows\system32\UsbConsole.exe
c:\program files\Common Files\Rockwell\RnaDirServer.exe
c:\program files\Common Files\Rockwell\RNADirMultiplexor.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\ApMsgFwd.exe
c:\windows\system32\rundll32.exe
c:\program files\DellTPad\hidfind.exe
c:\program files\DellTPad\ApntEx.exe
c:\program files\BitDefender\BitDefender 2009\seccenter.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
.
**************************************************************************
.
Completion time: 2009-04-27 11:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-04-27 15:58

Pre-Run: 234,538,209,280 bytes free
Post-Run: 236,815,196,160 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

373 --- E O F --- 2009-04-27 13:45

#11 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 28 April 2009 - 02:41 PM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:41:30 PM, on 4/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\NA_Service.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\WINDOWS\SYSTEM32\UsbConnect.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\WINDOWS\SYSTEM32\usbconsole.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Rockwell Software\RSView\RSView32.exe
C:\Program Files\Rockwell Software\RSView\SPTLGSSV32.EXE
C:\Program Files\Rockwell Software\RSView\SPTSETSV32.EXE
C:\Program Files\Rockwell Software\RSView\ICECPRSV32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEMEM32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMESYS32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEDDE32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEDEV32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\CMEOPC32.EXE
C:\PROGRA~1\ROCKWE~1\RDM\RDMBTM32.EXE
C:\WINDOWS\system32\rtdsk40.exe
C:\Program Files\Rockwell Software\RSView\SHDE32.EXE
C:\Program Files\Rockwell Software\RSView\SPTCMDSV32.EXE
C:\PROGRA~1\ROCKWE~1\RSView\sptvbs32.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230741342328
O17 - HKLM\System\CCS\Services\Tcpip\..\{C37A410A-4C35-4C63-958F-7B92C4D1C749}: NameServer = 198.235.216.134,198.235.216.135
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: EmuLogix 5868 Slot0 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate1c9ad81742fabfc) (gupdate1c9ad81742fabfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: HealthSystemInfo - Schneider Automation SAS - C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\SYSTEM32\UsbConnect.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 20896 bytes

#12 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 28 April 2009 - 02:43 PM

what was combofix?

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 28 April 2009 - 03:53 PM

  • Please open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below (if present):

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ca
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)


    Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

  • I see many instances of some applications running, it is unusual unless you have run Hijackthis while many applications were open and running. Please reboot, don't open any other application except Hijackthis, make a fresh log and post the content for a final review.


#14 nizman11

nizman11
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 01 May 2009 - 09:05 AM

Sorry for the delay.. here is the log you asked for..


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:04:20 AM, on 5/1/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Rockwell\EventServer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
C:\WINDOWS\system32\KADxMain.exe
C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\NA_Service.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\MODBUSDRV.exe
C:\WINDOWS\system32\NA_XWAY.exe
C:\Program Files\Common Files\Rockwell\NmspHost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RdcyHost.exe
C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\hott notes 4\hottnotes.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
C:\Program Files\Common Files\Rockwell\RsvcHost.exe
C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\SYSTEM32\UsbConnect.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
C:\WINDOWS\SYSTEM32\usbconsole.exe
C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [KADxMain] C:\WINDOWS\system32\KADxMain.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [UsbCipHelper] C:\Program Files\Rockwell Automation\Rockwell Automation USB CIP Driver Package\UsbCipHelper\UsbCipHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Nizam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Startup: hott notes 4.lnk = C:\Program Files\hott notes 4\hottnotes.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1230741342328
O17 - HKLM\System\CCS\Services\Tcpip\..\{C37A410A-4C35-4C63-958F-7B92C4D1C749}: NameServer = 198.235.216.134,198.235.216.135
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: 1784-PCIDS DeviceNet - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\PcidsService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dnWhoDisp - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLINX\dnwhodisp.exe
O23 - Service: EmuLogix 5868 Slot0 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot1 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot10 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot11 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot12 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot13 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot14 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot15 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot16 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot2 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot3 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\\V17\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot4 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot5 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot6 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot7 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot8 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: EmuLogix 5868 Slot9 - Rockwell Automation - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\V15\EmuLogix5868.exe
O23 - Service: Rockwell Event Multiplexer (EventClientMultiplexer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventClientMultiplexer.exe
O23 - Service: Rockwell Event Server (EventServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\EventServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FactoryTalk Activation Helper (FTActivationBoost) - Rockwell Automation Inc. - C:\Program Files\Rockwell Software\FactoryTalk Activation\Tools\FTActivationBoost.exe
O23 - Service: Rockwell Alarm History Archiver (FTAE_Archiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAEArchiver.exe
O23 - Service: Rockwell Alarm Historian (FTAE_HistServ) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\FTAE_HistServ.exe
O23 - Service: Google Update Service (gupdate1c9ad81742fabfc) (gupdate1c9ad81742fabfc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Harmony - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSCommon\RSOBSERV.EXE
O23 - Service: HealthSystemInfo - Schneider Automation SAS - C:\Program Files\Schneider Electric\Unity Pro\HealthSystemInfo.exe
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: LogReceiver - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\LogReceiver.exe
O23 - Service: NetAccess Service (NA_Service) - Schneider Automation SAS - C:\WINDOWS\system32\NA_Service.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rockwell Namespace Services (NmspHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\NmspHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
O23 - Service: Rockwell Redundancy Services (RdcyHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RdcyHost.exe
O23 - Service: Rockwell Alarm Server (RnaAeServer) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAeServer.exe
O23 - Service: Rockwell Alarm Multiplexer (RnaAlarmMux) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaAlarmMux.exe
O23 - Service: FactoryTalk Diagnostics Local Reader (RNADiagnosticsService) - Rockwell Automation Inc. - C:\Program Files\Common Files\Rockwell\RNADiagnosticsSrv.exe
O23 - Service: FactoryTalk Diagnostics CE Receiver (RNADiagReceiver) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
O23 - Service: Rockwell Directory Server (RNADirectory) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RnaDirServer.exe
O23 - Service: Rockwell Directory Multiplexer (RNADirMultiplexor) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RNADirMultiplexor.exe
O23 - Service: Rockwell HMI Activity Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
O23 - Service: Rockwell HMI Alarm Logger - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\RsAlarmLogServ.exe
O23 - Service: Rockwell HMI Diagnostics - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\HMIDIAGNOSTICSLSTADAPT.exe
O23 - Service: Rockwell HMI Framework - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\ServerFramework.exe
O23 - Service: Rockwell Tag Server - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSView Enterprise\TagSrv.exe
O23 - Service: RSLinx Classic (RSLinx) - Rockwell Automation, Inc. - C:\PROGRA~1\ROCKWE~1\RSLinx\RSLINX.EXE
O23 - Service: RSLinx Enterprise (RSLinxNG) - Rockwell Automation, Inc. - C:\Program Files\Rockwell Software\RSLinx Enterprise\RSLinxNG.exe
O23 - Service: Rockwell Application Services (RsvcHost) - Rockwell Automation, Inc. - C:\Program Files\Common Files\Rockwell\RsvcHost.exe
O23 - Service: 1789-SIM Simulator Module (SimModuleService) - Unknown owner - C:\Program Files\Rockwell Software\RSLogix Emulate 5000\SimModuleService.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\DellXPM_5515v131\WDM\StacSV.exe
O23 - Service: Usb PLC (UsbConnect) - Schneider Automation - C:\WINDOWS\SYSTEM32\UsbConnect.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 18431 bytes

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:05:38 PM

Posted 01 May 2009 - 01:50 PM

Everything looks good. :thumbup2:

Go to start > run and copy and paste or type next command in the field then hit enter:

ComboFix /u

Note: There's a space between Combofix and /

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It also makes a clean Restore Point and flashes all the old restore points in order to prevent possible reinfection from an old one through system restore.

The first reboot might be a little slow, the next one will be faster.


Optional Recommendations:
  • Your log looks clean. But your computer is still very much susceptible in particular to hacking and intrusion from outside. If you are not behind a router I strongly advise you to install a firewall before surfing. The windows firewall is not good enough. The Windows firewall provides protection from outside threats as long as the malware is not on your system. When the malware gets to your computer Windows firewall is no more effective. You find more information on firewalls below.
    Click for more information on:Understanding and Using Firewalls

    There are several good free programs available like:

    Sunbelt-Kerio
    (Note: You install the Sunbelt trial version but after the trial period it will revert back to free version.)

    Online Armor Free edition


  • Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office.
    Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC. Windows XP Service Pack 2 is now outdated. Microsoft has released Service Pack 3 which has more features and is more secure than Service Pack 2.

    In order to update Windows go to Start -> All Programs -> Windows Update wait the page to be loaded, then press Custom button. Windows searches your computer and gives you possible updates.

    Prior to installing SP3 it is better to disable your antivirus and enable it after SP3 is installed.

  • I recommend using Site Advisor for safe surfing. It is a free extension both for Internet Explorer and Firefox. When you search a site it gives you an indication of how safe a site is.

  • I recommend installing this small application for safe surfing: Javacools© SpywareBlaster
    SpywareBlaster will add a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. Update it manually (if you use the free version) once in 2-3 weeks and enable the restriction.
Please let me know Combofix uninstalled properly.

Happy surfing!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users