PDA

View Full Version : SCPROT4.EXE Malware Trojan/ Worm infection



anand_am01
2010-01-04, 07:07
Hello Experts,
Following your instructions, I have created a backup with ERUNT and the HJT log is enclosed.
Await further instructions, and thank you for your time & consideration.
Sincerely,
Anand Murthy

=================================================
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:43:48 PM, on 03/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\CardScan\CardScan\CardScanAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
C:\WINDOWS\system32\msfeedssync.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\RunOnce: [OEMSAVHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec AntiVirus\"
O4 - HKLM\..\RunOnce: [OEMCommonHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Common Files\Symantec Shared\OEM\"
O4 - HKLM\..\RunOnce: [OEMSCFHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec Client Firewall"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.sap.com
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/default/popcaploader_v6.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O20 - Winlogon Notify: winqxl32 - winqxl32.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 19966 bytes

peku006
2010-01-07, 15:07
Hello and :welcome: to Safer Networking

My name is peku006 and I will be helping you to remove any infection(s) that you may have.
I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

Please observe these rules while we work:


If you don't know or understand something please don't hesitate to ask
Please DO NOT run any other tools or scans whilst I am helping you.
It is important that you reply to this thread. Do not start a new topic.
Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Absence of symptoms does not mean that everything is clear.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

Thanks peku006

anand_am01
2010-01-10, 09:03
Hi peku006!
Thank you for picking up the case.
Here is the log from combofix as directed.
Sincerely,
Anand Murthy

=======================================

ComboFix 10-01-04.01 - Anand 10/01/2010 0:44.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.246 [GMT -5:00]
Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\kmd.exe
c:\windows\Downloaded Program Files\poPCaploader.dll
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\unins000.dat
c:\windows\unins000.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PASSWORD


((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
.

2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
2010-01-04 04:22 . 2010-01-10 06:00 -------- dc----w- c:\windows\Internet Logs
2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
2009-12-25 04:22 . 2009-12-25 04:22 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
2010-01-10 04:57 . 2010-01-04 05:31 46188061 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
2010-01-05 19:21 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
2010-01-04 06:16 . 2010-01-04 06:16 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
2010-01-04 06:07 . 2010-01-04 06:07 152576 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-04 06:06 . 2010-01-04 06:06 79488 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
2010-01-03 21:07 . 2010-01-03 21:07 388096 -c--a-r- c:\documents and settings\Anand\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-03 07:25 . 2009-11-24 12:18 4639 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-01-03 07:24 . 2010-01-03 07:33 816456 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch2.exe
2010-01-03 07:24 . 2010-01-03 07:33 75280 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch.exe
2010-01-03 07:22 . 2010-01-03 07:33 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcr71.dll
2010-01-03 07:22 . 2010-01-03 07:33 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcp71.dll
2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
2009-12-22 14:33 . 2009-12-12 14:42 2066200 -c--a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
2009-12-04 15:03 . 2009-12-04 15:03 251376 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
2009-11-20 11:08 . 2010-01-04 06:40 38784 -c--a-w- c:\documents and settings\Anand\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-19 16:48 . 2009-12-01 21:56 872960 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-01 21:56 43008 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-01 21:56 340480 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-01 21:56 346624 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
2009-11-16 13:04 . 2009-11-11 22:32 -------- dc----w- c:\documents and settings\All Users\Application Data\RingCentral
2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 22:36 . 2009-11-11 22:32 -------- dc----w- c:\program files\RingCentral
2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
backup=c:\windows\pss\Juice.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
c:\program files\SecCenter\scprot4.e [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SymSecurePort"=2 (0x2)
"Symantec AntiVirus"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"iPod Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Simply Accounting Database Connection Manager"=3 (0x3)
"wuauserv"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c942bc34c5debc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
S3 HLIXMZGQPRS;HLIXMZGQPRS;c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe --> c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe [?]
S3 IZE;IZE;c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe --> c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe [?]
S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-10 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = proxy.toronto.ca:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
Trusted Zone: live.com\login
Trusted Zone: sap.com
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
FF - prefs.js: network.proxy.http - 192.168.0.2
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 4
FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
BHO-{29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
BHO-{C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
Notify-winqxl32 - winqxl32.dll
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-10 01:01
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\wuauclt.exe.wusetup.378546.bak 51224 bytes executable
c:\windows\system32\wuaueng.dll.wusetup.392765.bak 1809944 bytes executable

scan completed successfully
hidden files: 2

**************************************************************************
"ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1400)
c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1456)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(7292)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\windows\system32\fxssvc.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\windows\system32\igfxsrvc.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2010-01-10 01:12:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-10 06:12
ComboFix2.txt 2008-02-18 05:30

Pre-Run: 7,934,054,400 bytes free
Post-Run: 7,841,267,712 bytes free

- - End Of File - - AB3ED4C40F8DB6CE9F3ADCE53BE7365C

peku006
2010-01-11, 16:49
Hi Anand Murthy

1 - Download and Run Malwarebytes' Anti-Malware

Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
Please download Malwarebytes Anti-Malware (http://www.malwarebytes.org/mbam-download.php) and save it to your desktop. If needed...Tutorial w/screenshots (http://thespykiller.co.uk/index.php/topic,5946.0.html)
Alternate download sites available here (http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html) or here (http://www.besttechie.net/tools/mbam-setup.exe).
Make sure you are connected to the Internet.
Double-click on mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.MBAM will automatically start and you will be asked to update the program before performing a scan.
If an update is found, the program will automatically update itself.
Press the OK button to close that box and continue.
Problems downloading the updates? Manually download them from here (http://malwarebytes.gt500.org/mbam-rules.exe) and double-click on "mbam-rules.exe" to install.
On the Scanner tab:
Make sure the "Perform full scan" option is selected.
Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
Click on the Show Results button to see a list of any malware that was found.
Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
We will take care of the System Volume Information items later.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

2 - Status Check
Please reply with

1. the Malwarebytes' Anti-Malware Log

Thanks peku006

anand_am01
2010-01-12, 14:32
Hi Peku006,
Thank you for the instructions.
Here is the MBAM Log.
Thanks & regards,
Anand Murthy

==================================
Malwarebytes' Anti-Malware 1.44
Database version: 3545
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

12/01/2010 6:22:26 AM
mbam-log-2010-01-12 (06-22-26).txt

Scan type: Full Scan (C:\|D:\|E:\|R:\|)
Objects scanned: 323896
Time elapsed: 2 hour(s), 41 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winqxl32 (Trojan.Dialer) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir (Adware.PopCap) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0027291.sys (Malware.Trace) -> Not selected for removal.
C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0027433.sys (Malware.Trace) -> Not selected for removal.
C:\WINDOWS\system32\ (Trojan.Dialer) -> Quarantined and deleted successfully.

peku006
2010-01-12, 17:28
Hi Anand Murthy

1 - Clean temp files


Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
If prompted, click Yes to reboot.


NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

2 - Eset online scannner

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.


Please go here (http://www.eset.com/onlinescan/) then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS1.gif
Select the option YES, I accept the Terms of Use then click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS2.gif
When prompted allow the Add-On/Active X to install.
Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
Now click on Advanced Settings and select the following:

Scan for potentially unwanted applications
Scan for potentially unsafe applications
Enable Anti-Stealth Technology
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS3.gif
The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
When completed the Online Scan will begin automatically.
Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
Now click on: http://i280.photobucket.com/albums/kk173/Dakeyras_album2/EOLS4.gif
Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
Copy and paste that log as a reply to this topic.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with

1. the Eset online scannner report
2. a fresh HijackThis log

Thanks peku006

anand_am01
2010-01-15, 14:55
Hi peku006,
Thanks for the instructions.
Here are the items requested on status check
Thanks & regards,
/Anand Murthy

=====================
ESET

ESET Log
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=767877f625a19848bf3321c6a1b6d3f5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-01-15 12:31:11
# local_time=2010-01-15 07:31:11 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1024 16777175 100 0 36913954 36913954 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# compatibility_mode=9217 16777214 75 70 19999 4513273 0 0
# scanned=209330
# found=4
# cleaned=0
# scan_time=41210
C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe Win32/PrcView application 00000000000000000000000000000000 I
C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\AM_H01 - Inbox.dbx Win32/VB.NEI worm 00000000000000000000000000000000 I
C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\SME_H00 - OldInbox.dbx Win32/VB.NEI worm 00000000000000000000000000000000 I


ESET - List of infections found

C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip probably unknown NewHeur_PE virus
C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe Win32/PrcView application
C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\AM_H01 - Inbox.dbx Win32/VB.NEI worm
C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\SME_H00 - OldInbox.dbx Win32/VB.NEI worm



=====================
HJT Log

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 7:48:39 AM, on 15/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.sap.com
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - Invalid registry found
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 19740 bytes

peku006
2010-01-15, 15:31
Hi Anand Murthy

Please delete these files :
C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip
C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe

You have some items in your Microsoft\Outlook Express that are infected.
Clear all your saved emails, and any other emails you may have read but haven't deleted.''' especially any with attachments.

Please re-run ComboFix

Please reply with

the ComboFix log(C:\ComboFix.txt)

Thanks peku006

anand_am01
2010-01-15, 20:11
Hi peku006,
Thanks for your prompt response.
I have done as instructed.
The log files are encl.

Just out of curiosity, I wanted your opinion on something that I noticed in the HJT log & was wondering what your experience was ...
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)

========================
Here's the full HJT log (combofix log follows below)
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:18:37 PM, on 15/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Windows Live\Mail\wlmail.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.sap.com
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - Invalid registry found
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 19710 bytes

==========================
Combofix log

ComboFix 10-01-15.01 - Anand 15/01/2010 12:29:29.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.175 [GMT -5:00]
Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
.

2010-01-15 00:46 . 2010-01-15 00:46 -------- dc----w- c:\program files\ESET
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\Anand\Application Data\Malwarebytes
2010-01-12 04:58 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 04:58 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
2010-01-04 06:40 . 2009-11-20 11:08 38784 -c--a-w- c:\documents and settings\Anand\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
2010-01-04 06:16 . 2010-01-04 06:16 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
2010-01-04 06:07 . 2010-01-04 06:07 152576 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-01-04 06:06 . 2010-01-04 06:06 79488 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
2010-01-04 04:22 . 2010-01-15 17:26 -------- dc----w- c:\windows\Internet Logs
2010-01-03 21:07 . 2010-01-03 21:07 388096 -c--a-r- c:\documents and settings\Anand\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
2010-01-03 07:33 . 2010-01-03 07:24 816456 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch2.exe
2010-01-03 07:33 . 2010-01-03 07:24 75280 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch.exe
2010-01-03 07:33 . 2010-01-03 07:22 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcr71.dll
2010-01-03 07:33 . 2010-01-03 07:22 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcp71.dll
2009-12-25 04:22 . 2010-01-11 14:08 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5
2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
2010-01-15 12:44 . 2010-01-04 05:31 23169289 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-14 18:55 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
2010-01-12 11:53 . 2009-05-16 04:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 11:50 . 2009-05-16 05:03 -------- dc----w- c:\program files\Microsoft Works
2010-01-11 10:54 . 2008-11-03 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-03 07:25 . 2009-11-24 12:18 4639 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
2009-12-22 14:33 . 2009-12-12 14:42 2066200 -c--a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
2009-12-04 15:03 . 2009-12-04 15:03 251376 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
2009-11-19 16:48 . 2009-12-01 21:56 872960 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-12-01 21:56 43008 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-12-01 21:56 340480 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-12-01 21:56 346624 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
backup=c:\windows\pss\Juice.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
c:\program files\SecCenter\scprot4.e [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SymSecurePort"=2 (0x2)
"Symantec AntiVirus"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"iPod Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Simply Accounting Database Connection Manager"=3 (0x3)
"wuauserv"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c942bc34c5debc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
S3 HLIXMZGQPRS;HLIXMZGQPRS;c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe --> c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe [?]
S3 IZE;IZE;c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe --> c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe [?]
S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - SYSMONLOG

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-15 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = proxy.toronto.ca:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
Trusted Zone: live.com\login
Trusted Zone: sap.com
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

BHO-{1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
BHO-{29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
BHO-{C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-15 12:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

? [46748]
? [46368]
? [45420]
? [46088]
? [46000]
? [48892]
? [20996]
? [42432]
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll

- - - - - - - > 'lsass.exe'(1456)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(107968)
c:\windows\system32\WININET.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-01-15 12:51:31
ComboFix-quarantined-files.txt 2010-01-15 17:51
ComboFix2.txt 2010-01-10 06:12
ComboFix3.txt 2008-02-18 05:30

Pre-Run: 6,887,653,376 bytes free
Post-Run: 6,859,452,416 bytes free

- - End Of File - - 481C937BDADF4B3D288676BBD54C8D51


=====================

Thanks & regards,
/anand_am01

peku006
2010-01-16, 11:59
Hi Anand Murthy


Just out of curiosity, I wanted your opinion on something that I noticed in the HJT log & was wondering what your experience was ...
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
it is an "empty registry entry",we have removed the file

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]

1 - Remove bad HijackThis entries

Run HijackThis
Click on the Scan button
Put a check beside all of the items listed below (if present):


O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)


Close all open windows and browsers/email, etc...
Click on the "Fix Checked" button
When completed, close the application.

2 - Run CFScript

Open Notepad and copy/paste the text in the box into the window:


Folder::
c:\program files\SecCenter

Driver::
HLIXMZGQPRS
IZE

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]




Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

3 - Run Hijackthis
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

4 - Status Check
Please reply with


1. the ComboFix log(C:\ComboFix.txt)
2. a fresh HijackThis log
description of any problems you are having with your PC

Thanks peku006

anand_am01
2010-01-17, 09:06
Hello peku006,
Here're the logs that you'd requested.

Combofix
===============================
ComboFix 10-01-16.03 - Anand 17/01/2010 1:06.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.369 [GMT -5:00]
Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Anand\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_HLIXMZGQPRS
-------\Legacy_IZE
-------\Service_HLIXMZGQPRS
-------\Service_IZE


((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
.

2010-01-15 23:39 . 2010-01-15 23:37 98136 -c--a-w- c:\windows\gzip.exe
2010-01-15 00:46 . 2010-01-15 00:46 -------- dc----w- c:\program files\ESET
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\Anand\Application Data\Malwarebytes
2010-01-12 04:58 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-12 04:58 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
2010-01-04 04:22 . 2010-01-17 06:30 -------- dc----w- c:\windows\Internet Logs
2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
2009-12-25 04:22 . 2010-01-11 14:08 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
2010-01-17 06:00 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
2010-01-17 05:48 . 2010-01-04 05:31 3141363 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-01-16 00:15 . 2010-01-16 00:15 2232 -c--a-w- c:\windows\java\Packages\Data\37VNV1NH.DAT
2010-01-16 00:15 . 2010-01-16 00:15 155995 -c--a-w- c:\windows\java\Packages\C2DBVRRR.ZIP
2010-01-16 00:14 . 2010-01-16 00:14 2678 -c--a-w- c:\windows\java\Packages\Data\YYP3F7RJ.DAT
2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\DZBRTB5B.DAT
2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\Q1BJ3Z9R.DAT
2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\AUK8U79B.DAT
2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\JFNTF7XJ.DAT
2010-01-15 23:37 . 2008-03-30 21:44 -------- dc----w- c:\program files\Intuit
2010-01-12 11:53 . 2009-05-16 04:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-01-12 11:50 . 2009-05-16 05:03 -------- dc----w- c:\program files\Microsoft Works
2010-01-11 10:54 . 2008-11-03 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools
2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
"RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
"TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
"PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
"PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-17 30192]
"TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
"ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
"ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"configmsi"="rmdir" [X]
"supportdir"="rmdir" [X]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
backup=c:\windows\pss\Windows Search.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
backup=c:\windows\pss\Juice.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=2 (0x2)
"SymSecurePort"=2 (0x2)
"Symantec AntiVirus"=3 (0x3)
"SQLSERVERAGENT"=3 (0x3)
"SPBBCSvc"=3 (0x3)
"SNDSrvc"=3 (0x3)
"Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
"MSSQLServerADHelper"=3 (0x3)
"MSSQLSERVER"=2 (0x2)
"iPod Service"=3 (0x3)
"FileZilla Server"=3 (0x3)
"DefWatch"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccPwdSvc"=3 (0x3)
"ccProxy"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"Simply Accounting Database Connection Manager"=3 (0x3)
"wuauserv"=2 (0x2)
"Pml Driver HPZ12"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c942bc34c5debc"=2 (0x2)
"LVSrvLauncher"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
"HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
"c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
"c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
"c:\\Program Files\\CallWave\\IAM.exe"=
"c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

2010-01-17 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = proxy.toronto.ca:8080
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
Trusted Zone: live.com\login
Trusted Zone: sap.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 01:33
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
"ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1408)
c:\windows\system32\psqlpwd.dll
c:\program files\ThinkVantage Fingerprint Software\infra.dll
c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
c:\windows\system32\biologon.dll
c:\program files\ThinkVantage Fingerprint Software\homepass.dll
c:\program files\ThinkVantage Fingerprint Software\bio.dll
c:\program files\ThinkVantage Fingerprint Software\remote.dll
c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
c:\windows\system32\tphklock.dll
c:\program files\ThinkVantage Fingerprint Software\crypto.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1464)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(7796)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
c:\windows\system32\PROCHLP.DLL
c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
c:\windows\system32\IPSSVC.EXE
c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\lenovo\system update\suservice.exe
c:\windows\System32\TPHDEXLG.EXE
c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
c:\windows\wanmpsvc.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\fxssvc.exe
c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
.
**************************************************************************
.
Completion time: 2010-01-17 01:46:53 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-17 06:46
ComboFix2.txt 2010-01-15 17:51
ComboFix3.txt 2010-01-10 06:12
ComboFix4.txt 2008-02-18 05:30

Pre-Run: 6,996,602,880 bytes free
Post-Run: 7,048,966,144 bytes free

- - End Of File - - 78076544F90E620E11EB6610D15A8DE6


HJT Log
=====================================
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 1:50:20 AM, on 17/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
C:\WINDOWS\system32\taskswitch.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Live\Toolbar\wltuser.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.sap.com
O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338
O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345
O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340
O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438
O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341
O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ACNotify - Invalid registry found
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 18416 bytes


Thank you!
/anand_am01

peku006
2010-01-17, 11:49
Hi Anand Murthy

Download OTS (http://oldtimer.geekstogo.com/OTS.exe) by Oldtimer to your Desktop and double-click on it to extract the files.

NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

Close ALL OTHER PROGRAMS.
Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
Click the Scan All Users checkbox on the toolbar.
Do not change any other settings.
Now click the Run Scan button on the toolbar.
Let it run unhindered until it finishes.
When the scan is complete Notepad will open with the report file loaded in it.
Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Close Notepad (saving the change if necessry).


Thanks peku006

anand_am01
2010-01-18, 09:08
Hello peku006,
Thanks for the instructions.
Here is the scan report for OTS
Regards,
anand_am01

=====================================
[code]
OTS logfile created on: 17/01/2010 10:00:42 PM - Run 1
OTS by OldTimer - Version 3.1.19.1 Folder = C:\Documents and Settings\Anand\Desktop\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

1,014.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 24.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 88.95 Gb Total Space | 4.82 Gb Free Space | 5.42% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 988.00 Mb Total Space | 436.98 Mb Free Space | 44.23% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive R: | 99.72 Mb Total Space | 99.69 Mb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: MURTHYCIAN
Current User Name: Anand
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\Anand\Desktop\Downloads\OTS.exe -> [2010/01/17 21:34:43 | 00,632,320 | ---- | M] (OldTimer Tools)
googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 01:13:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/12/12 09:40:56 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD)
zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD)
googlecrashhandler.exe -> C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe -> [2009/10/31 03:08:27 | 00,136,176 | ---- | M] (Google Inc.)
iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies)
forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2009/10/14 08:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies)
avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/26 09:00:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/26 09:00:07 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/26 08:59:24 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
rcui.exe -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
rchotkey.exe -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe -> [2009/05/04 14:15:16 | 00,032,768 | ---- | M] (RingCentral, Inc.)
iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
wltuser.exe -> C:\Program Files\Windows Live\Toolbar\wltuser.exe -> [2009/02/06 17:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
googleupdate.exe -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2008/11/09 17:40:14 | 00,133,104 | ---- | M] (Google Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
hpswp_clipbook.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe -> [2008/03/27 22:51:18 | 00,116,032 | ---- | M] (Hewlett-Packard Co.)
lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.)
lvcomser.exe -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.)
googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/07/08 09:41:30 | 00,068,856 | ---- | M] (Google Inc.)
hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> [2007/01/13 09:47:04 | 00,163,840 | ---- | M] (Intel Corporation)
igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> [2007/01/13 09:46:36 | 00,135,168 | ---- | M] (Intel Corporation)
igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> [2007/01/13 09:46:24 | 00,241,664 | ---- | M] (Intel Corporation)
suservice.exe -> c:\Program Files\Lenovo\System Update\SUService.exe -> [2006/07/11 18:04:42 | 00,015,872 | ---- | M] ( )
tphkmgr.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe -> [2006/05/10 17:03:44 | 00,094,208 | ---- | M] ()
svcguihlpr.exe -> C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> [2006/04/17 15:13:00 | 00,094,208 | ---- | M] (Lenovo)
acsvc.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -> [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo)
acprfmgrsvc.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [2006/04/17 15:12:26 | 00,040,960 | ---- | M] ()
acmurochlpr.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe -> [2006/04/17 15:12:20 | 00,163,840 | ---- | M] ()
actray.exe -> C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe -> [2006/04/17 15:09:10 | 00,409,600 | ---- | M] (Lenovo)
acwlicon.exe -> C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe -> [2006/04/17 14:59:10 | 00,098,304 | ---- | M] (Lenovo)
scheduler_proxy.exe -> C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe -> [2006/03/28 05:01:06 | 00,503,808 | ---- | M] (Lenovo Group Limited)
tvtsched.exe -> C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -> [2006/03/28 05:00:56 | 00,946,176 | ---- | M] (Lenovo Group Limited)
lpmgr.exe -> C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE -> [2006/01/25 03:03:00 | 00,106,496 | ---- | M] (Lenovo Group Limited)
rrservice.exe -> C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [2005/12/21 18:20:56 | 01,384,448 | ---- | M] ()
pwmgr.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe -> [2005/12/21 18:13:20 | 02,369,072 | ---- | M] (Lenovo Group Limited)
cssauth.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe -> [2005/12/21 18:08:02 | 01,996,336 | ---- | M] (Lenovo Group Limited)
ipssvc.exe -> C:\WINDOWS\system32\IPSSVC.EXE -> [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited)
pdservice.exe -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe -> [2005/11/15 13:13:24 | 00,049,152 | ---- | M] (Utimaco Safeware AG)
tpscrex.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> [2005/10/26 02:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited)
dkservice.exe -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2005/09/28 01:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation)
ezejmnap.exe -> C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE -> [2005/08/10 04:20:00 | 00,237,568 | ---- | M] (Lenovo Group Limited)
ibmtcsd.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> [2005/08/02 20:17:30 | 00,722,480 | ---- | M] (IBM)
syntplpr.exe -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> [2005/08/01 12:48:56 | 00,110,592 | ---- | M] (Synaptics, Inc.)
syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2005/08/01 12:48:28 | 00,512,000 | ---- | M] (Synaptics, Inc.)
s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/07/23 04:43:20 | 00,372,809 | ---- | M] (Intel Corporation )
1xconfig.exe -> C:\Program Files\Intel\Wireless\Bin\1XConfig.exe -> [2005/07/23 04:42:24 | 00,245,760 | ---- | M] (Intel)
evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/07/23 04:41:22 | 00,086,016 | ---- | M] (Intel Corporation)
regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/07/23 04:40:08 | 00,139,264 | ---- | M] (Intel Corporation)
tponscr.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe -> [2005/07/05 16:57:12 | 00,077,824 | ---- | M] ()
tphdexlg.exe -> C:\WINDOWS\system32\TPHDEXLG.exe -> [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.)
smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.)
tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> [2005/05/19 07:33:00 | 00,127,037 | ---- | M] (Sonic Solutions)
dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software)
acrotray.exe -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 21:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
taskswitch.exe -> C:\WINDOWS\system32\TaskSwitch.exe -> [2002/03/19 17:30:00 | 00,045,632 | ---- | M] ()
wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/11/26 03:54:02 | 00,065,536 | ---- | M] (America Online, Inc.)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\Anand\Desktop\Downloads\OTS.exe -> [2010/01/17 21:34:43 | 00,632,320 | ---- | M] (OldTimer Tools)
iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2009/10/14 08:30:36 | 00,628,080 | ---- | M] (Check Point Software Technologies)
rchotkeyhook.dll -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll -> [2009/05/04 14:13:30 | 00,073,728 | ---- | M] (RingCentral, Inc.)
msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll -> [2007/12/04 01:56:56 | 00,635,904 | ---- | M] (Microsoft Corporation)
msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll -> [2007/12/04 01:56:54 | 00,558,080 | ---- | M] (Microsoft Corporation)
lvprcinj.dll -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll -> [2007/10/19 13:19:10 | 00,109,080 | ---- | M] (Logitech Inc.)
prochlp.dll -> C:\WINDOWS\system32\PROCHLP.DLL -> [2005/12/01 03:09:00 | 00,086,016 | ---- | M] (Lenovo Group Limited)
syntpfcs.dll -> C:\WINDOWS\system32\SynTPFcs.dll -> [2005/08/01 12:48:50 | 00,065,536 | ---- | M] (Synaptics, Inc.)

[Win32 Services - Safe List]
(TpKmpSVC) IBM KCU Service [Auto | Stopped] -> -> File not found
(IBMPMSVC) ThinkPad PM Service [Auto | Stopped] -> -> File not found
(GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
(JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 01:13:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
(getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/12/17 16:36:24 | 00,067,360 | ---- | M] (NOS Microsystems Ltd.)
(vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD)
(IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies)
(avg8wd) AVG Free8 WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/26 08:59:24 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
(ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/06/02 09:10:08 | 00,637,952 | ---- | M] (Nokia.)
(SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
(gusvc) Google Software Updater [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/05/07 12:46:37 | 00,182,768 | ---- | M] (Google)
(FileZilla Server) FileZilla Server FTP server [Disabled | Stopped] -> C:\Program Files\FileZilla Server\FileZilla Server.exe -> [2009/03/03 05:19:28 | 00,691,200 | ---- | M] (FileZilla Project)
(Remasoft Canada Inc.: Rema update permissions manager. 19151.) Remasoft Canada Inc.: Rema update permissions manager. 19151. [Disabled | Stopped] -> C:\Program Files\Rema\RemaUpd.exe -> [2009/02/20 11:33:30 | 00,643,072 | ---- | M] ()
(MSSQLSERVER) MSSQLSERVER [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -> [2008/12/18 09:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation)
(gupdate1c942bc34c5debc) Google Update Service (gupdate1c942bc34c5debc) [Disabled | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2008/11/09 17:40:14 | 00,133,104 | ---- | M] (Google Inc.)
(odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
(QBCFMonitorService) QBCFMonitorService [Disabled | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -> [2008/09/10 02:33:38 | 00,020,480 | ---- | M] (Intuit)
(Simply Accounting Database Connection Manager) Simply Accounting Database Connection Manager [Disabled | Stopped] -> C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -> [2008/06/09 23:00:00 | 00,024,576 | ---- | M] (Sage Software)
(Irmon) Infrared Monitor [Auto | Running] -> C:\WINDOWS\system32\irmon.dll -> [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation)
(hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
(hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard)
(Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard)
(LVSrvLauncher) LVSrvLauncher [Disabled | Stopped] -> C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -> [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.)
(LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.)
(LVCOMSer) LVCOMSer [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.)
(iPod Service) iPod Service [Disabled | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2006/10/30 11:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.)
(ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
(QBFCService) Intuit QuickBooks FCS [On_Demand | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> [2006/10/09 21:01:00 | 00,071,184 | ---- | M] (Intuit Inc.)
(SUService) System Update [Auto | Running] -> c:\Program Files\Lenovo\System Update\SUService.exe -> [2006/07/11 18:04:42 | 00,015,872 | ---- | M] ( )
(PsaSrv) IBM PSA Access Driver Control [On_Demand | Stopped] -> C:\WINDOWS\system32\psasrv.exe -> [2006/07/11 17:52:52 | 00,023,552 | ---- | M] ()
(AcSvc) Access Connections Main Service [Auto | Running] -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -> [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo)
(AcPrfMgrSvc) Ac Profile Manager Service [Auto | Running] -> C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [2006/04/17 15:12:26 | 00,040,960 | ---- | M] ()
(TVT Scheduler) TVT Scheduler [Auto | Running] -> C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -> [2006/03/28 05:00:56 | 00,946,176 | ---- | M] (Lenovo Group Limited)
(TVT Backup Service) TVT Backup Service [Auto | Running] -> C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [2005/12/21 18:20:56 | 01,384,448 | ---- | M] ()
(IPSSVC) IPS Core Service [Auto | Running] -> C:\WINDOWS\system32\IPSSVC.EXE -> [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited)
(IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
(Diskeeper) Diskeeper [Auto | Running] -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2005/09/28 01:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation)
(TSSCoreService) TSS Core Service [Auto | Running] -> C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> [2005/08/02 20:17:30 | 00,722,480 | ---- | M] (IBM)
(S24EventMonitor) Spectrum24 Event Monitor [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/07/23 04:43:20 | 00,372,809 | ---- | M] (Intel Corporation )
(EvtEng) EvtEng [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/07/23 04:41:22 | 00,086,016 | ---- | M] (Intel Corporation)
(RegSrvc) RegSrvc [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/07/23 04:40:08 | 00,139,264 | ---- | M] (Intel Corporation)
(TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Auto | Running] -> C:\WINDOWS\system32\TPHDEXLG.exe -> [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.)
(SQLSERVERAGENT) SQLSERVERAGENT [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -> [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation)
(IPSECMON) SafeNet Monitor Service [Disabled | Stopped] -> C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> [2004/08/11 14:22:46 | 00,057,398 | ---- | M] (SafeNet)
(IreIKE) SafeNet IKE Service [Disabled | Stopped] -> C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> [2004/08/11 14:22:44 | 00,319,538 | ---- | M] (SafeNet)
(WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/11/26 03:54:02 | 00,065,536 | ---- | M] (America Online, Inc.)

[Driver Services - Safe List]
(catchme) catchme [Kernel | On_Demand | Running] -> -> File not found
(vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2009/11/22 15:42:54 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD)
(ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2009/10/14 08:30:02 | 00,025,208 | ---- | M] (Check Point Software Technologies)
(AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/08/26 09:00:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/08/26 09:00:23 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
(AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/08 09:09:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
(pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia)
(USB_RNDIS) Thomson ST Remote NDIS Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
(NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nscirda.sys -> [2008/04/13 13:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
(amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
(sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
(Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
(HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/01/24 16:22:08 | 00,021,568 | R--- | M] (HP)
(HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/01/24 16:22:07 | 00,016,496 | R--- | M] (HP)
(HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/01/24 16:22:06 | 00,049,920 | R--- | M] (HP)
(LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Lvckap.sys -> [2007/10/19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.)
(LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2007/10/11 18:59:24 | 00,025,624 | ---- | M] ()
(LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVMVdrv.sys -> [2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.)
(tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2007/08/01 16:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.)
(MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdc8021x.sys -> [2007/05/17 08:13:03 | 00,015,781 | ---- | M] (Meetinghouse Data Communications)
(ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/01/13 09:33:18 | 05,672,032 | ---- | M] (Intel Corporation)
(PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2006/09/27 16:53:22 | 00,036,560 | ---- | M] (Sonic Solutions)
(GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 17:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
(AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aeaudio.sys -> [2006/08/07 07:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation)
(EGATHDRV) IBM eGatherer [Kernel | Auto | Running] -> C:\WINDOWS\system32\EGATHDRV.SYS -> [2006/08/02 21:27:51 | 00,011,712 | ---- | M] (IBM Corporation)
(psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psadd.sys -> [2006/07/11 17:52:50 | 00,017,536 | ---- | M] (Lenovo)
(ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2006/06/20 11:56:48 | 00,178,688 | ---- | M] (Analog Devices, Inc.)
(AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2006/05/24 08:29:58 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
(TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2006/04/25 21:13:20 | 00,028,800 | ---- | M] (UPEK Inc.)
(SmiHlp) SMI helper driver [Kernel | Auto | Running] -> C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -> [2006/04/25 21:00:00 | 00,003,456 | ---- | M] (UPEK Inc.)
(IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\IBMBLDID.sys -> [2006/01/13 02:33:22 | 00,006,016 | ---- | M] ()
(ibmfilter) ibmfilter [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ibmfilter.sys -> [2005/12/21 17:14:58 | 00,012,544 | ---- | M] (IBM)
(HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsx_dpv.sys -> [2005/12/06 13:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.)
(HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsxhwazl.sys -> [2005/12/06 13:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
(winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsx_cnxt.sys -> [2005/12/06 13:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.)
(PROCDD) IPS Helper Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PROCDD.SYS -> [2005/12/01 03:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited)
(Shockprf) Shockprf [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\shockprf.sys -> [2005/11/30 17:58:00 | 00,085,760 | ---- | M] (Lenovo)
(PrivateDisk) PrivateDisk [Kernel | Auto | Running] -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -> [2005/11/15 13:11:28 | 00,046,142 | R--- | M] (Utimaco Safeware AG)
(ANC) ANC [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ANC.sys -> [2005/11/08 11:27:20 | 00,011,520 | ---- | M] (IBM Corp.)
(mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant)
(IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ibmpmdrv.sys -> [2005/09/30 03:32:00 | 00,013,456 | ---- | M] (Lenovo.)
(Smapint) Smapint [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SMAPINT.SYS -> [2005/08/10 03:50:00 | 00,014,848 | ---- | M] (Microsoft Corporation)
(TDSMAPI) TDSMAPI [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TDSMAPI.SYS -> [2005/08/10 03:50:00 | 00,009,340 | ---- | M] ()
(TPPWRIF) TPPWRIF [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPPWRIF.SYS -> [2005/08/10 03:10:00 | 00,004,442 | ---- | M] ()
(TSMAPIP) TSMAPIP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TSMAPIP.SYS -> [2005/08/08 04:40:00 | 00,007,168 | ---- | M] ()
(smi2) smi2 [Kernel | Auto | Running] -> C:\Program Files\SMI2\smi2.sys -> [2005/08/02 19:47:20 | 00,003,968 | ---- | M] (IBM Corp.)
(SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2005/08/01 12:43:46 | 00,177,664 | ---- | M] (Synaptics, Inc.)
(s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2005/07/23 01:02:44 | 00,011,354 | ---- | M] (Intel Corporation)
(w29n51) Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\w29n51.sys -> [2005/07/19 23:14:02 | 03,289,088 | ---- | M] (Intel® Corporation)
(risdptsk) risdptsk [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\risdptsk.sys -> [2005/07/14 14:14:34 | 00,027,904 | ---- | M] (REDC)
(rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2005/07/12 21:00:30 | 00,051,328 | ---- | M] (REDC)
(TPHKDRV) TPHKDRV [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPHKDRV.sys -> [2005/07/05 16:57:06 | 00,017,699 | ---- | M] (IBM Corporation)
(ShockMgr) ShockMgr [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ShockMgr.sys -> [2005/06/20 14:18:00 | 00,004,736 | ---- | M] (Lenovo.)
(tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudfa.sys -> [2005/05/19 07:33:00 | 00,100,605 | ---- | M] (Sonic Solutions)
(tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudf.sys -> [2005/05/19 07:33:00 | 00,098,716 | ---- | M] (Sonic Solutions)
(tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnifs.sys -> [2005/05/19 07:33:00 | 00,086,940 | ---- | M] (Sonic Solutions)
(tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsncofs.sys -> [2005/05/19 07:33:00 | 00,034,845 | ---- | M] (Sonic Solutions)
(tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnboio.sys -> [2005/05/19 07:33:00 | 00,025,725 | ---- | M] (Sonic Solutions)
(tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnopio.sys -> [2005/05/19 07:33:00 | 00,014,909 | ---- | M] (Sonic Solutions)
(tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnpool.sys -> [2005/05/19 07:33:00 | 00,006,365 | ---- | M] (Sonic Solutions)
(tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndrct.sys -> [2005/05/19 07:33:00 | 00,004,125 | ---- | M] (Sonic Solutions)
(tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndres.sys -> [2005/05/19 07:33:00 | 00,002,241 | ---- | M] (Sonic Solutions)
(atmeltpm) atmeltpm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\atmeltpm.sys -> [2005/05/17 12:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.)
(drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2005/03/24 05:22:00 | 00,088,352 | ---- | M] (Sonic Solutions)
(drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\drvnddm.sys -> [2005/03/24 04:56:00 | 00,040,544 | ---- | M] (Sonic Solutions)
(b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2005/03/17 18:30:10 | 00,132,608 | ---- | M] (Broadcom Corporation)
(PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -> [2005/02/01 19:00:42 | 00,012,416 | ---- | M] (Windows (R) 2000 DDK provider)
(sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\sscdbhk5.sys -> [2004/12/02 13:04:20 | 00,005,627 | ---- | M] (Sonic Solutions)
(ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\system32\drivers\ssrtln.sys -> [2004/12/02 13:04:10 | 00,023,545 | ---- | M] (Sonic Solutions)
(AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AFS2K.SYS -> [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
(IPSECDRV) SafeNet IPSec Plugin [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\IpSecDrv.sys -> [2004/08/11 13:01:40 | 00,119,864 | ---- | M] (SafeNet)
(Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
(nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
(Crypto) Crypto [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Crypto.sig -> [2004/07/30 14:20:44 | 00,000,136 | ---- | M] ()
(Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\iviaspi.sys -> [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.)
(DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dne2000.sys -> [2003/09/05 15:35:02 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.)
(DniVap) SafeNet WAN Miniport (VA) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\vap.sys -> [2001/12/14 17:26:06 | 00,036,188 | ---- | M] (Deterministic Networks Inc.)
(wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/26 18:58:20 | 00,028,396 | ---- | M] (America Online, Inc.)
(Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
(sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
(sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
(symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
(symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
(ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
(ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
(ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
(ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
(dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
(mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
(asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
(asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
(AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
(CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
(ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ac97intc.sys -> [2001/08/17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation)
(E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e100b325.sys -> [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
(pmem) pmem [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PMEMNT.SYS -> [2000/05/31 22:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_LOCAL_MACHINE\: Search\\"Search Bar" -> http://search.msn.com/spbasic.htm ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
HKEY_USERS\.DEFAULT\: "ProxyServer" -> proxy.toronto.ca:8080 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-18\: "ProxyServer" -> proxy.toronto.ca:8080 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Main\\"Start Page" -> http://www.google.com/ ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: "ProxyServer" -> proxy.toronto.ca:8080 ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Anand\Application Data\Mozilla\FireFox\Profiles\p5pyhhaj.default\prefs.js ->
browser.search.defaultenginename -> "Google" ->
browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
browser.search.selectedEngine -> "Google" ->
browser.startup.homepage -> "http://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng" ->
extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 ->
extensions.enabledItems -> firebug@software.joehewitt.com:1.4.5 ->
extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07061050 ->
extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 ->
extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 ->
extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 ->
extensions.enabledItems -> jqs@sun.com:1.0 ->
extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 ->
extensions.enabledItems -> {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.6 ->
extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
extensions.enabledItems -> foxyproxy@eric.h.jung:2.16.1 ->
extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 ->
extensions.enabledItems -> {5C46D283-ABDE-4dce-B83C-08881401921C}:1.8.5 ->
extensions.enabledItems -> {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501 ->
extensions.enabledItems -> wisestamp@wisestamp.com:1.3.3 ->
extensions.enabledItems -> tineye@ideeinc.com:0.7.1 ->
extensions.enabledItems -> SkipScreen@SkipScreen:0.3.20091214_AMO ->
extensions.enabledItems -> {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.2 ->
network.proxy.autoconfig_url -> "http://localhost:9100/proxy.pac" ->
network.proxy.http -> "192.168.0.2" ->
network.proxy.http_port -> 8080 ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\Anand\Application Data\Mozilla\FireFox\Profiles\p5pyhhaj.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\eMusic Download Manager\Extensions -> ->
HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components -> C:\Program Files\eMusic Download Manager\xulrunner\components [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\COMPONENTS] -> [2009/07/13 12:42:39 | 00,000,000 | ---D | M]
HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins -> C:\Program Files\eMusic Download Manager\xulrunner\plugins [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\PLUGINS] -> [2010/01/04 01:30:47 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions -> ->
HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG8\Firefox [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/12/22 09:41:01 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com -> C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2009/07/17 17:03:52 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/08/04 16:08:36 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8} -> C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\] -> [2009/11/03 23:19:57 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/01/14 07:18:24 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 5\COMPONENTS] -> [2010/01/17 00:39:47 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 5\PLUGINS] -> [2010/01/11 09:07:44 | 00,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox2.0.0.\Extensions -> ->
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Extensions -> [2009/07/30 09:07:23 | 00,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} -> [2009/07/30 09:07:23 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions -> [2010/01/16 08:14:53 | 00,000,000 | ---D | M]
Session Manager -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2010/01/04 13:17:11 | 00,000,000 | ---D | M]
Integrated Gmail -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460} -> [2010/01/12 06:44:23 | 00,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} -> [2010/01/11 16:10:41 | 00,000,000 | ---D | M]
Stylish -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2010/01/11 16:11:48 | 00,000,000 | ---D | M]
Google Shortcuts -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C} -> [2010/01/11 16:10:43 | 00,000,000 | ---D | M]
Yahoo! Toolbar -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/01/04 13:17:13 | 00,000,000 | ---D | M]
DownloadHelper -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/11 16:10:52 | 00,000,000 | ---D | M]
Download Statusbar -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2010/01/11 16:11:26 | 00,000,000 | ---D | M]
No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2010/01/11 16:10:23 | 00,000,000 | ---D | M]
Download Manager Tweak -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} -> [2010/01/11 16:11:32 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\firebug@software.joehewitt.com -> [2009/11/10 11:54:20 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\foxyproxy@eric.h.jung -> [2010/01/11 16:11:06 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com -> [2007/08/13 20:55:56 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\notebook@google.com -> [2008/10/05 08:22:40 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\SkipScreen@SkipScreen -> [2010/01/11 16:10:24 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\tineye@ideeinc.com -> [2010/01/11 16:10:25 | 00,000,000 | ---D | M]
-> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\wisestamp@wisestamp.com -> [2010/01/11 16:10:37 | 00,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
linkedin.xml -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\searchplugins\linkedin.xml -> [2010/01/15 14:34:45 | 00,005,216 | ---- | M] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/03 12:43:13 | 00,000,000 | ---D | M]
< HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/03/27 22:51:18 | 00,322,880 | ---- | M] (Hewlett-Packard Co.)
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 13:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/12 09:41:10 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
{5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2005/05/19 07:33:00 | 00,118,844 | ---- | M] (Sonic Solutions)
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 10:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar Registrar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
{AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/29 19:40:29 | 00,764,912 | ---- | M] (Google Inc.)
{DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/04 01:13:37 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Google Gears Helper] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/04 01:13:40 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/27 22:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
ShellBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"ACTray" -> C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] -> [2006/04/17 15:09:10 | 00,409,600 | ---- | M] (Lenovo)
"ACWLIcon" -> C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe] -> [2006/04/17 14:59:10 | 00,098,304 | ---- | M] (Lenovo)
"Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/09/04 12:08:30 | 00,935,288 | R--- | M] (Adobe Systems Incorporated)
"Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
"AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/12/12 09:40:56 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
"CoolSwitch" -> C:\WINDOWS\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [2002/03/19 17:30:00 | 00,045,632 | ---- | M] ()
"cssauth" -> C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe ["C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent] -> [2005/12/21 18:08:02 | 01,996,336 | ---- | M] (Lenovo Group Limited)
"dla" -> C:\WINDOWS\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2005/05/19 07:33:00 | 00,127,037 | ---- | M] (Sonic Solutions)
"EZEJMNAP" -> C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] -> [2005/08/10 04:20:00 | 00,237,568 | ---- | M] (Lenovo Group Limited)
"Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
"HotKeysCmds" -> C:\WINDOWS\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2007/01/13 09:47:04 | 00,163,840 | ---- | M] (Intel Corporation)
"IgfxTray" -> C:\WINDOWS\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2007/01/13 08:47:04 | 00,131,072 | ---- | M] (Intel Corporation)
"ISUSPM Startup" -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 18:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
"ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2009/10/14 08:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies)
"LPManager" -> C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe] -> [2006/01/25 03:03:00 | 00,106,496 | ---- | M] (Lenovo Group Limited)
"PDService.exe" -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe ["C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"] -> [2005/11/15 13:13:24 | 00,049,152 | ---- | M] (Utimaco Safeware AG)
"Persistence" -> C:\WINDOWS\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2007/01/13 09:46:36 | 00,135,168 | ---- | M] (Intel Corporation)
"PrinTray" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe] -> [2002/09/18 17:52:52 | 00,036,864 | ---- | M] (Lexmark)
"PSQLLauncher" -> C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe ["C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup] -> [2006/04/25 21:03:42 | 00,031,232 | ---- | M] (UPEK Inc.)
"SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.)
"SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2005/08/01 12:48:28 | 00,512,000 | ---- | M] (Synaptics, Inc.)
"SynTPLpr" -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> [2005/08/01 12:48:56 | 00,110,592 | ---- | M] (Synaptics, Inc.)
"TPHOTKEY" -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe] -> [2006/05/10 17:03:44 | 00,094,208 | ---- | M] ()
"TPKMAPHELPER" -> C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper] -> [2005/10/28 21:04:44 | 00,864,256 | ---- | M] (Lenovo)
"TVT Scheduler Proxy" -> C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> [2006/03/28 05:01:06 | 00,503,808 | ---- | M] (Lenovo Group Limited)
"ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD)
< RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"configmsi" -> C:\WINDOWS\System32\cmd.exe [cmd /c "rmdir /q C:\config.msi"] -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
"supportdir" -> [cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""] -> File not found
< RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
"configmsi" -> C:\WINDOWS\System32\cmd.exe [cmd /c "rmdir /q C:\config.msi"] -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
"supportdir" -> [cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""] -> File not found
< Run [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"RCHotKey" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe ["C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"] -> [2009/05/04 14:15:16 | 00,032,768 | ---- | M] (RingCentral, Inc.)
"RCUI" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe ["C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"] -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
"swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/07/08 09:41:30 | 00,068,856 | ---- | M] (Google Inc.)
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 21:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [2000/01/21 03:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation)
< Anand Startup Folder > -> C:\Documents and Settings\Anand\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
< Heeru Startup Folder > -> C:\Documents and Settings\Heeru\Start Menu\Programs\Startup ->
< Jolly Startup Folder > -> C:\Documents and Settings\Jolly\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Policies\Microsoft\Internet Explorer ->
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

====== End of Part 1=====

anand_am01
2010-01-18, 09:11
Here's Part 2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoCDBurning" -> [0] -> File not found
\\"HonorAutoRunSetting" -> [1] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\\"NoDriveTypeAutoRun" -> [323] -> File not found
\\"NoDriveAutoRun" -> [67108863] -> File not found
\\"NoDrives" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\MenuExt\ ->
Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> [2009/11/29 19:37:17 | 00,648,192 | ---- | M] (Google Inc.)
Open in new background tab -> C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de] -> [2006/10/10 22:25:34 | 00,112,640 | ---- | M] (Microsoft Corporation)
Open in new foreground tab -> C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de] -> [2006/10/10 22:25:34 | 00,112,640 | ---- | M] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Menu: &Gears Settings] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}:Exec [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Button: Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
{DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2008/03/27 22:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\\"{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}" [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [&Gears Settings] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
CmdMapping\\"{5DCA74AE-D95E-425E-8F00-269575536490}" [HKLM] -> [Reg Error: Key error.] -> File not found
CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> http://
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
59 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
58 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
32 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7998 domain(s) found. ->
login_live.com [https] -> Trusted sites ->
localhost .[http] -> Local intranet ->
sap.com . -> Trusted sites ->
66 domain(s) and sub-domain(s) not assigned to a zone.
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
GD [:Range = 127.0.0.1] -> http = Local intranet | ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
{2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} [HKLM] -> https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338 [F5 Networks CacheCleaner] ->
{45B69029-F3AB-4204-92DE-D5140C3E8E74} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345 [F5 Networks Auto Update] ->
{57C76689-F052-487B-A19F-855AFDDF28EE} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340 [F5 Networks Policy Agent Host Class] ->
{6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202 [F5 Networks SSLTunnel] ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438 [MUWebControl Class] ->
{74FFE28D-2378-11D5-990C-006094235084} [HKLM] -> http://www-307.ibm.com/pc/support/IbmEgath.cab [IBM Access Support] ->
{7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
{7584c670-2274-4efb-b00b-d6aaba6d3850} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0 [Microsoft RDP Client Control (redist)] ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab [ZoneIntro Class] ->
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab [Java Plug-in 1.4.2] ->
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
{CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} [HKLM] -> https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341 [F5 Networks SuperHost Class] ->
{CF25C291-E91C-11D3-873F-0000B4A2973D} [HKLM] -> https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab [RingCentral Message Player Control] ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
{D27CDB6E-AE6D-11CF-96B8-445453540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Reg Error: Key error.] ->
{E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> [GpcContainer Class] ->
{E0FF21FA-B857-45C5-8621-F120A0C17FF2} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205 [F5 Networks Host Control] ->
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [get_atlcom Class] ->
{E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} [HKLM] -> https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348 [F5 Networks OS Policy Agent] ->
Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 64.71.255.198 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{81A6560B-5A15-441B-9070-9B147E54D1AB}\\DhcpNameServer -> 64.71.255.198 (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
*MultiFile Done* -> ->
< Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
ACNotify -> Reg Error: Value error. -> File not found
avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/26 09:00:26 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/01/13 09:46:04 | 00,204,800 | ---- | M] (Intel Corporation)
NavLogon -> Reg Error: Value error. -> File not found
psfus -> C:\WINDOWS\System32\psqlpwd.dll -> [2006/04/25 21:20:38 | 00,040,448 | ---- | M] (UPEK Inc.)
tpfnf2 -> C:\WINDOWS\System32\notifyf2.dll -> [2005/07/06 01:45:08 | 00,028,672 | ---- | M] ()
tphotkey -> C:\WINDOWS\System32\tphklock.dll -> [2005/11/30 22:16:02 | 00,024,576 | ---- | M] ()
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/14 19:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 11:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 08:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/20 09:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2006/04/20 06:20:58 | 00,188,416 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 06:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/11 23:04:04 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/20 09:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 20:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2008/03/26 01:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 01:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 11:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/18 14:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/16 09:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/20 09:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2002/10/07 01:22:34 | 00,454,656 | ---- | M] ()
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin] -> [2009/12/04 09:57:54 | 03,409,392 | ---- | M] (Google)
"C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2009/12/04 09:47:54 | 00,083,440 | ---- | M] (Google)
"C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/26 09:00:07 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/12 09:38:20 | 01,143,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
"C:\Program Files\CallWave\IAM.exe" -> C:\Program Files\CallWave\IAM.exe [C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave] -> [2007/05/27 09:09:32 | 01,940,544 | ---- | M] (CallWave, Inc.)
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" -> C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process ] -> [2009/06/29 09:01:36 | 00,372,736 | ---- | M] (Nokia Corporation)
"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop] -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/14 19:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 11:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 08:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/20 09:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2006/04/20 06:20:58 | 00,188,416 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 06:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/11 23:04:04 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/20 09:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 20:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2008/03/26 01:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 01:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 11:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/18 14:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/16 09:19:34 | 00,192,512 | ---- | M] ()
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/20 09:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2002/10/07 01:22:34 | 00,454,656 | ---- | M] ()
"C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager] -> [2008/09/10 04:57:44 | 00,128,280 | ---- | M] (iAnywhere Solutions, Inc.)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006/10/30 11:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.)
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" -> C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe [C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater] -> [2009/07/09 12:00:10 | 01,955,064 | ---- | M] (Nokia Corporation)
"C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe [C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe:*:Enabled:RingCentral Call Controller] -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
"C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe" -> C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe [C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:Enabled:SAP Logon for Windows] -> [2005/01/19 05:02:54 | 00,475,136 | ---- | M] (SAP AG, Walldorf)
"C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2007/05/07 09:32:22 | 23,395,368 | R--- | M] (Skype Technologies S.A.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
"C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe" -> C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe [C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt.exe 5.0.38] -> [2007/05/17 23:00:00 | 04,583,424 | ---- | M] ()
"C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe" -> C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe [C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager.exe] -> [2008/06/09 23:00:00 | 00,024,576 | ---- | M] (Sage Software)
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->
"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/31 16:33:41 | 00,000,000 | -H-- | M] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->


[Files/Folders - Created Within 30 Days]
jit.dll -> C:\WINDOWS\System32\jit.dll -> [2010/01/15 19:13:59 | 00,171,280 | ---- | C] (Microsoft Corporation)
setdebug.exe -> C:\WINDOWS\setdebug.exe -> [2010/01/15 19:13:59 | 00,046,352 | ---- | C] (Microsoft Corporation)
dx3j.dll -> C:\WINDOWS\System32\dx3j.dll -> [2010/01/15 19:13:58 | 00,313,856 | ---- | C] (Microsoft Corporation)
javaee.dll -> C:\WINDOWS\System32\javaee.dll -> [2010/01/15 19:13:58 | 00,139,536 | ---- | C] (Microsoft Corporation)
vmhelper.dll -> C:\WINDOWS\System32\vmhelper.dll -> [2010/01/15 19:13:32 | 00,286,992 | ---- | C] (Microsoft Corporation)
wjview.exe -> C:\WINDOWS\System32\wjview.exe -> [2010/01/15 19:13:32 | 00,171,792 | ---- | C] (Microsoft Corporation)
msjdbc10.dll -> C:\WINDOWS\System32\msjdbc10.dll -> [2010/01/15 19:13:32 | 00,021,264 | ---- | C] (Microsoft Corporation)
jview.exe -> C:\WINDOWS\System32\jview.exe -> [2010/01/15 19:13:31 | 00,172,304 | ---- | C] (Microsoft Corporation)
msawt.dll -> C:\WINDOWS\System32\msawt.dll -> [2010/01/15 19:13:31 | 00,154,384 | ---- | C] (Microsoft Corporation)
javart.dll -> C:\WINDOWS\System32\javart.dll -> [2010/01/15 19:13:30 | 00,404,752 | ---- | C] (Microsoft Corporation)
javaprxy.dll -> C:\WINDOWS\System32\javaprxy.dll -> [2010/01/15 19:13:30 | 00,063,248 | ---- | C] (Microsoft Corporation)
jdbgmgr.exe -> C:\WINDOWS\System32\jdbgmgr.exe -> [2010/01/15 19:13:30 | 00,015,120 | ---- | C] (Microsoft Corporation)
javacypt.dll -> C:\WINDOWS\System32\javacypt.dll -> [2010/01/15 19:13:29 | 00,187,152 | ---- | C] (Microsoft Corporation)
clspack.exe -> C:\WINDOWS\System32\clspack.exe -> [2010/01/15 19:13:27 | 00,049,424 | ---- | C] (Microsoft Corporation)
ESET -> C:\Program Files\ESET -> [2010/01/14 19:46:57 | 00,000,000 | ---D | C]
SAP sourcing -> C:\Documents and Settings\Anand\My Documents\SAP sourcing -> [2010/01/13 11:46:42 | 00,000,000 | ---D | C]
Malwarebytes -> C:\Documents and Settings\Anand\Application Data\Malwarebytes -> [2010/01/11 23:58:44 | 00,000,000 | ---D | C]
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/11 23:58:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/01/11 23:58:25 | 00,000,000 | ---D | C]
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/11 23:58:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/01/11 23:58:23 | 00,000,000 | ---D | C]
NtmsData -> C:\WINDOWS\System32\NtmsData -> [2010/01/09 21:57:46 | 00,000,000 | ---D | C]
cmdcons -> C:\cmdcons -> [2010/01/09 21:44:47 | 00,000,000 | RHSD | C]
SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/01/09 21:31:29 | 00,212,480 | ---- | C] (SteelWerX)
SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/01/09 21:31:29 | 00,161,792 | ---- | C] (SteelWerX)
SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/01/09 21:31:29 | 00,136,704 | ---- | C] (SteelWerX)
NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/01/09 21:31:29 | 00,031,232 | ---- | C] (NirSoft)
Qoobox -> C:\Qoobox -> [2010/01/09 21:28:33 | 00,000,000 | ---D | C]
Resume -> C:\Documents and Settings\Anand\My Documents\Resume -> [2010/01/07 16:28:01 | 00,000,000 | ---D | C]
Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2010/01/04 01:22:47 | 00,000,000 | ---D | C]
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 01:16:15 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.)
deploytk.dll -> C:\WINDOWS\System32\deploytk.dll -> [2010/01/04 01:16:14 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 01:16:14 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 01:16:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 01:16:12 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
NOS -> C:\Program Files\NOS -> [2010/01/04 01:12:52 | 00,000,000 | ---D | C]
NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [2010/01/04 01:12:52 | 00,000,000 | ---D | C]
ForceField Shared Files -> C:\Documents and Settings\Anand\My Documents\ForceField Shared Files -> [2010/01/03 23:26:15 | 00,000,000 | ---D | C]
CheckPoint -> C:\Documents and Settings\Anand\Application Data\CheckPoint -> [2010/01/03 23:25:57 | 00,000,000 | ---D | C]
CheckPoint -> C:\Program Files\CheckPoint -> [2010/01/03 23:25:08 | 00,000,000 | ---D | C]
vsregexp.dll -> C:\WINDOWS\System32\vsregexp.dll -> [2010/01/03 23:24:31 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD)
zlcommdb.dll -> C:\WINDOWS\System32\zlcommdb.dll -> [2010/01/03 23:24:12 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD)
zlcomm.dll -> C:\WINDOWS\System32\zlcomm.dll -> [2010/01/03 23:24:11 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD)
vswmi.dll -> C:\WINDOWS\System32\vswmi.dll -> [2010/01/03 23:24:00 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD)
zpeng25.dll -> C:\WINDOWS\System32\zpeng25.dll -> [2010/01/03 23:23:45 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD)
vsxml.dll -> C:\WINDOWS\System32\vsxml.dll -> [2010/01/03 23:23:43 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD)
ZoneLabs -> C:\WINDOWS\System32\ZoneLabs -> [2010/01/03 23:23:41 | 00,000,000 | ---D | C]
vspubapi.dll -> C:\WINDOWS\System32\vspubapi.dll -> [2010/01/03 23:23:40 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD)
vsmonapi.dll -> C:\WINDOWS\System32\vsmonapi.dll -> [2010/01/03 23:23:39 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD)
vsdatant.sys -> C:\WINDOWS\System32\vsdatant.sys -> [2010/01/03 23:23:35 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD)
Zone Labs -> C:\Program Files\Zone Labs -> [2010/01/03 23:23:30 | 00,000,000 | ---D | C]
Internet Logs -> C:\WINDOWS\Internet Logs -> [2010/01/03 23:22:56 | 00,000,000 | ---D | C]
vsutil.dll -> C:\WINDOWS\System32\vsutil.dll -> [2010/01/03 23:22:53 | 00,621,960 | ---- | C] (Check Point Software Technologies LTD)
vsinit.dll -> C:\WINDOWS\System32\vsinit.dll -> [2010/01/03 23:22:53 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD)
vsdata.dll -> C:\WINDOWS\System32\vsdata.dll -> [2010/01/03 23:22:53 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD)
TrendMicro -> C:\Program Files\TrendMicro -> [2010/01/03 16:07:16 | 00,000,000 | ---D | C]
ERUNT -> C:\Program Files\ERUNT -> [2010/01/03 15:02:39 | 00,000,000 | ---D | C]
Mozilla Firefox 3.6 Beta 5 -> C:\Program Files\Mozilla Firefox 3.6 Beta 5 -> [2009/12/24 23:22:39 | 00,000,000 | ---D | C]
Intuit -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit -> [2009/10/13 11:28:02 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/07/17 17:21:41 | 00,000,000 | ---D | M]
Softland -> C:\Documents and Settings\LocalService\Application Data\Softland -> [2009/07/03 15:53:19 | 00,000,000 | ---D | M]
Mozilla -> C:\Documents and Settings\LocalService\Application Data\Mozilla -> [2009/06/08 07:44:52 | 00,000,000 | ---D | M]
Mozilla -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla -> [2009/06/08 07:44:28 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/06/02 16:08:37 | 00,000,000 | --SD | M]
Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/02/07 20:39:28 | 00,000,000 | ---D | M]
Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/02/02 23:58:42 | 00,000,000 | --SD | M]
Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/02/02 23:58:42 | 00,000,000 | ---D | M]
Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/12/30 17:57:44 | 00,000,000 | ---D | M]
Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2008/08/09 15:21:27 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2007/12/25 20:10:35 | 00,000,000 | ---D | M]
Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [2007/02/10 00:04:34 | 00,000,000 | ---D | M]
Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2006/06/22 00:08:47 | 00,000,000 | ---D | M]
Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2006/06/04 14:18:50 | 00,000,000 | ---D | M]
BVRP Software -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\BVRP Software -> [2006/05/31 15:36:38 | 00,000,000 | ---D | M]
IBM -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM -> [2006/05/31 14:38:01 | 00,000,000 | ---D | M]
Lenovo -> C:\Documents and Settings\LocalService\Application Data\Lenovo -> [2006/05/24 08:49:58 | 00,000,000 | ---D | M]
1 C:\Documents and Settings\Anand\My Documents\*.tmp files -> C:\Documents and Settings\Anand\My Documents\*.tmp ->

[Files/Folders - Modified Within 30 Days]
DBGRID32.OCX -> C:\WINDOWS\System32\DBGRID32.OCX -> [2098/06/23 09:00:00 | 00,525,352 | ---- | M] (Microsoft Corporation)
VB5DB.DLL -> C:\WINDOWS\System32\VB5DB.DLL -> [2098/06/17 09:00:00 | 00,089,360 | ---- | M] (Microsoft Corporation)
PMTask.job -> C:\WINDOWS\tasks\PMTask.job -> [2010/01/17 22:04:11 | 00,000,316 | ---- | M] ()
GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job -> [2010/01/17 21:34:01 | 00,000,978 | ---- | M] ()
wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/17 21:27:59 | 00,002,278 | ---- | M] ()
Contact_Log book.xls -> C:\Documents and Settings\Anand\My Documents\Contact_Log book.xls -> [2010/01/17 21:22:20 | 00,053,760 | ---- | M] ()
GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/01/17 21:14:01 | 00,000,886 | ---- | M] ()
incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/17 18:58:30 | 47,972,104 | ---- | M] ()
microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/17 18:58:30 | 00,141,786 | ---- | M] ()
User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job -> [2010/01/17 18:06:09 | 00,000,422 | -H-- | M] ()
GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job -> [2010/01/17 06:34:02 | 00,000,926 | ---- | M] ()
system.ini -> C:\WINDOWS\system.ini -> [2010/01/17 01:31:24 | 00,000,227 | ---- | M] ()
hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/01/17 01:29:29 | 00,000,027 | ---- | M] ()
GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/01/17 01:28:52 | 00,000,882 | ---- | M] ()
SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/17 01:28:51 | 00,000,006 | -H-- | M] ()
bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/17 01:28:30 | 00,002,048 | --S- | M] ()
hiberfil.sys -> C:\hiberfil.sys -> [2010/01/17 01:28:28 | 10,637,02528 | -HS- | M] ()
NTUSER.DAT -> C:\Documents and Settings\Anand\NTUSER.DAT -> [2010/01/17 01:27:15 | 14,417,920 | -H-- | M] ()
ntuser.ini -> C:\Documents and Settings\Anand\ntuser.ini -> [2010/01/17 01:26:46 | 00,000,278 | -HS- | M] ()
ComboFix.exe -> C:\Documents and Settings\Anand\Desktop\ComboFix.exe -> [2010/01/17 01:02:50 | 03,827,079 | R--- | M] ()
HiJackThis.lnk -> C:\Documents and Settings\Anand\Desktop\HiJackThis.lnk -> [2010/01/17 00:55:05 | 00,002,441 | ---- | M] ()
Google Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk -> [2010/01/17 00:46:10 | 00,000,954 | ---- | M] ()
Intuit SiteBuilder.lnk -> C:\Documents and Settings\All Users\Desktop\Intuit SiteBuilder.lnk -> [2010/01/15 18:40:35 | 00,001,789 | ---- | M] ()
gzip.exe -> C:\WINDOWS\gzip.exe -> [2010/01/15 18:37:16 | 00,098,136 | ---- | M] ()
SecureDrive.vol -> C:\Documents and Settings\Anand\My Documents\SecureDrive.vol -> [2010/01/14 07:01:22 | 10,485,7600 | ---- | M] ()
AdobeFnt07.lst -> C:\WINDOWS\AdobeFnt07.lst -> [2010/01/12 14:25:15 | 00,551,060 | ---- | M] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/11 23:58:34 | 00,000,707 | ---- | M] ()
MRFNR -> C:\WINDOWS\System32\MRFNR -> [2010/01/09 22:08:52 | 00,000,000 | ---- | M] ()
BOOT.INI -> C:\BOOT.INI -> [2010/01/09 21:45:27 | 00,000,264 | RHS- | M] ()
mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
Layout.xls -> C:\Documents and Settings\Anand\Desktop\Layout.xls -> [2010/01/05 23:28:56 | 00,071,680 | ---- | M] ()
Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/01/05 21:37:49 | 00,002,387 | ---- | M] ()
PDF password remover.lnk -> C:\Documents and Settings\Anand\Desktop\PDF password remover.lnk -> [2010/01/04 01:52:56 | 00,001,997 | ---- | M] ()
Acrobat_com.lnk -> C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk -> [2010/01/04 01:44:58 | 00,000,743 | ---- | M] ()
win.ini -> C:\WINDOWS\win.ini -> [2010/01/04 01:35:51 | 00,001,738 | ---- | M] ()
Boot.bak -> C:\Boot.bak -> [2010/01/04 01:35:51 | 00,000,193 | ---- | M] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/04 01:30:51 | 00,001,740 | ---- | M] ()
javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 01:13:37 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
deploytk.dll -> C:\WINDOWS\System32\deploytk.dll -> [2010/01/04 01:13:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 01:13:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 01:13:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 01:13:36 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/01/03 23:30:22 | 00,422,437 | ---- | M] ()
zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2010/01/03 23:24:47 | 00,004,212 | -H-- | M] ()
ZoneAlarm Security.lnk -> C:\Documents and Settings\Anand\Desktop\ZoneAlarm Security.lnk -> [2010/01/03 23:24:46 | 00,000,742 | ---- | M] ()
ERUNT.lnk -> C:\Documents and Settings\Anand\Desktop\ERUNT.lnk -> [2010/01/03 15:02:46 | 00,000,603 | ---- | M] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/01/03 01:41:24 | 00,000,418 | ---- | M] ()
Mozilla Firefox 3.6 Beta 5.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk -> [2009/12/24 23:22:54 | 00,001,716 | ---- | M] ()
DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Anand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/24 16:09:48 | 00,044,544 | ---- | M] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2009/12/19 16:37:16 | 00,001,926 | ---- | M] ()
Thank you for calling Statue Homes.doc -> C:\Documents and Settings\Anand\Desktop\Thank you for calling Statue Homes.doc -> [2009/12/19 16:30:03 | 00,314,368 | ---- | M] ()
1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
1 C:\Documents and Settings\Anand\My Documents\*.tmp files -> C:\Documents and Settings\Anand\My Documents\*.tmp ->

[Files - No Company Name]
LXBOUSCI.INI -> C:\WINDOWS\System32\LXBOUSCI.INI -> [2100/02/16 14:09:06 | 00,000,062 | ---- | C] ()
Google Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk -> [2010/01/17 00:46:10 | 00,000,954 | ---- | C] ()
javasup.vxd -> C:\WINDOWS\System32\javasup.vxd -> [2010/01/15 19:13:58 | 00,007,315 | ---- | C] ()
jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2010/01/15 19:13:58 | 00,006,550 | ---- | C] ()
zonedon.reg -> C:\WINDOWS\System32\zonedon.reg -> [2010/01/15 19:13:33 | 00,000,113 | ---- | C] ()
zonedoff.reg -> C:\WINDOWS\System32\zonedoff.reg -> [2010/01/15 19:13:32 | 00,000,113 | ---- | C] ()
Intuit SiteBuilder.lnk -> C:\Documents and Settings\All Users\Desktop\Intuit SiteBuilder.lnk -> [2010/01/15 18:40:35 | 00,001,789 | ---- | C] ()
gzip.exe -> C:\WINDOWS\gzip.exe -> [2010/01/15 18:39:09 | 00,098,136 | ---- | C] ()
Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/11 23:58:34 | 00,000,707 | ---- | C] ()
MRFNR -> C:\WINDOWS\System32\MRFNR -> [2010/01/09 22:08:52 | 00,000,000 | ---- | C] ()
Boot.bak -> C:\Boot.bak -> [2010/01/09 21:45:27 | 00,000,193 | ---- | C] ()
cmldr -> C:\cmldr -> [2010/01/09 21:45:23 | 00,260,272 | ---- | C] ()
PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/01/09 21:31:29 | 00,261,632 | ---- | C] ()
sed.exe -> C:\WINDOWS\sed.exe -> [2010/01/09 21:31:29 | 00,098,816 | ---- | C] ()
grep.exe -> C:\WINDOWS\grep.exe -> [2010/01/09 21:31:29 | 00,080,412 | ---- | C] ()
MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/01/09 21:31:29 | 00,077,312 | ---- | C] ()
zip.exe -> C:\WINDOWS\zip.exe -> [2010/01/09 21:31:29 | 00,068,096 | ---- | C] ()
ComboFix.exe -> C:\Documents and Settings\Anand\Desktop\ComboFix.exe -> [2010/01/09 21:26:33 | 03,827,079 | R--- | C] ()
Layout.xls -> C:\Documents and Settings\Anand\Desktop\Layout.xls -> [2010/01/05 23:26:07 | 00,071,680 | ---- | C] ()
PDF password remover.lnk -> C:\Documents and Settings\Anand\Desktop\PDF password remover.lnk -> [2010/01/04 01:50:56 | 00,001,997 | ---- | C] ()
Acrobat_com.lnk -> C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk -> [2010/01/04 01:44:58 | 00,000,743 | ---- | C] ()
Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/04 01:30:50 | 00,001,740 | ---- | C] ()
zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2010/01/03 23:24:46 | 00,004,212 | -H-- | C] ()
ZoneAlarm Security.lnk -> C:\Documents and Settings\Anand\Desktop\ZoneAlarm Security.lnk -> [2010/01/03 23:24:46 | 00,000,742 | ---- | C] ()
vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/01/03 23:23:35 | 00,422,437 | ---- | C] ()
HiJackThis.lnk -> C:\Documents and Settings\Anand\Desktop\HiJackThis.lnk -> [2010/01/03 16:07:25 | 00,002,441 | ---- | C] ()
ERUNT.lnk -> C:\Documents and Settings\Anand\Desktop\ERUNT.lnk -> [2010/01/03 15:02:46 | 00,000,603 | ---- | C] ()
Mozilla Firefox 3.6 Beta 5.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk -> [2009/12/24 23:22:54 | 00,001,716 | ---- | C] ()
Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2009/12/19 16:37:16 | 00,001,926 | ---- | C] ()
mdm.ini -> C:\WINDOWS\mdm.ini -> [2009/09/29 12:45:24 | 00,000,063 | ---- | C] ()
hpqEmlSz.INI -> C:\WINDOWS\hpqEmlSz.INI -> [2009/09/24 17:39:03 | 00,000,000 | ---- | C] ()
FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2009/06/27 23:11:35 | 00,771,224 | ---- | C] ()
vrptspdf.dll -> C:\WINDOWS\System32\vrptspdf.dll -> [2009/04/18 10:12:35 | 00,278,528 | ---- | C] ()
ACMonitor_X84-X85.ini -> C:\WINDOWS\ACMonitor_X84-X85.ini -> [2009/04/13 13:26:17 | 00,000,020 | ---- | C] ()
LXBOUSCI.DLL -> C:\WINDOWS\System32\LXBOUSCI.DLL -> [2009/04/13 13:25:36 | 00,004,672 | ---- | C] ()
Tx32.dll -> C:\WINDOWS\System32\Tx32.dll -> [2009/02/01 19:20:05 | 00,495,616 | ---- | C] ()
ic32.ini -> C:\WINDOWS\System32\ic32.ini -> [2009/02/01 19:20:04 | 00,000,260 | ---- | C] ()
Webica.ini -> C:\WINDOWS\Webica.ini -> [2009/01/25 23:40:42 | 00,000,036 | ---- | C] ()
skillv.ini -> C:\WINDOWS\skillv.ini -> [2009/01/23 21:48:29 | 00,000,093 | ---- | C] ()
netg.ini -> C:\WINDOWS\netg.ini -> [2009/01/23 21:48:29 | 00,000,060 | ---- | C] ()
SMWizard.INI -> C:\WINDOWS\SMWizard.INI -> [2008/11/22 10:07:55 | 00,000,041 | ---- | C] ()
AISAWFileMap.dll -> C:\WINDOWS\System32\AISAWFileMap.dll -> [2008/06/07 20:30:47 | 00,049,152 | ---- | C] ()
Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [2008/06/07 20:30:06 | 00,017,920 | ---- | C] ()
igfxCoIn_v4764.dll -> C:\WINDOWS\System32\igfxCoIn_v4764.dll -> [2008/01/13 12:59:29 | 00,204,800 | ---- | C] ()
LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2007/10/11 18:59:24 | 00,025,624 | ---- | C] ()
NCLogConfig.ini -> C:\WINDOWS\NCLogConfig.ini -> [2007/10/07 18:18:54 | 00,000,221 | ---- | C] ()
idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 00,020,698 | ---- | C] ()
gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 00,030,628 | ---- | C] ()
gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 00,031,698 | ---- | C] ()
atnt40k.sys -> C:\WINDOWS\System32\drivers\atnt40k.sys -> [2007/09/21 17:59:38 | 00,050,272 | ---- | C] ()
deposit.dll -> C:\WINDOWS\System32\deposit.dll -> [2007/09/09 06:16:57 | 00,000,010 | ---- | C] ()
cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/08/26 07:52:56 | 00,000,050 | ---- | C] ()
pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2007/07/12 17:05:54 | 00,000,028 | ---- | C] ()
pdf995mon.dll -> C:\WINDOWS\System32\pdf995mon.dll -> [2007/07/12 17:02:32 | 00,051,716 | ---- | C] ()
wpd99.drv -> C:\WINDOWS\wpd99.drv -> [2007/07/12 17:02:32 | 00,000,059 | ---- | C] ()
VSHP2600.DLL -> C:\WINDOWS\System32\VSHP2600.DLL -> [2007/06/16 02:48:46 | 00,114,688 | R--- | C] ()
ZHHP_RES.DLL -> C:\WINDOWS\System32\ZHHP_RES.DLL -> [2007/06/16 02:48:39 | 11,194,368 | R--- | C] ()
AGISSI.DLL -> C:\WINDOWS\System32\AGISSI.DLL -> [2007/06/16 02:48:38 | 00,749,568 | R--- | C] ()
gswin32.ini -> C:\WINDOWS\gswin32.ini -> [2006/07/22 16:22:33 | 00,000,043 | ---- | C] ()
GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/07/02 21:37:12 | 00,030,808 | ---- | C] ()
GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/07/02 21:37:10 | 00,026,489 | ---- | C] ()
ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/06/19 15:09:35 | 00,002,006 | ---- | C] ()
Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2006/06/12 01:09:43 | 00,176,235 | ---- | C] ()
primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2006/06/12 01:09:43 | 00,000,129 | ---- | C] ()
nsldap32v50.dll -> C:\WINDOWS\System32\nsldap32v50.dll -> [2006/06/05 12:36:54 | 00,143,360 | ---- | C] ()
saplogon.ini -> C:\WINDOWS\saplogon.ini -> [2006/06/05 00:04:31 | 00,002,502 | ---- | C] ()
h5krnl32.dll -> C:\WINDOWS\System32\h5krnl32.dll -> [2006/06/05 00:01:16 | 01,064,960 | ---- | C] ()
h5icon32.dll -> C:\WINDOWS\System32\h5icon32.dll -> [2006/06/05 00:01:16 | 00,188,928 | ---- | C] ()
h5menu32.dll -> C:\WINDOWS\System32\h5menu32.dll -> [2006/06/05 00:01:16 | 00,175,616 | ---- | C] ()
h5rtf32.dll -> C:\WINDOWS\System32\h5rtf32.dll -> [2006/06/05 00:01:16 | 00,095,744 | ---- | C] ()
h5tool32.dll -> C:\WINDOWS\System32\h5tool32.dll -> [2006/06/05 00:01:16 | 00,051,200 | ---- | C] ()
vtssm32.dll -> C:\WINDOWS\System32\vtssm32.dll -> [2006/06/05 00:01:13 | 00,015,872 | ---- | C] ()
fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/05/31 16:04:34 | 00,001,793 | ---- | C] ()
vpc32.INI -> C:\WINDOWS\vpc32.INI -> [2006/05/31 15:07:25 | 00,000,000 | ---- | C] ()
smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/24 08:54:56 | 00,000,061 | ---- | C] ()
TPPWRIF.SYS -> C:\WINDOWS\System32\drivers\TPPWRIF.SYS -> [2006/05/24 08:54:00 | 00,004,442 | ---- | C] ()
IBMBLDID.sys -> C:\WINDOWS\System32\drivers\IBMBLDID.sys -> [2006/05/24 08:53:32 | 00,006,016 | ---- | C] ()
wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/24 08:47:26 | 00,000,418 | ---- | C] ()
IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2006/05/24 08:41:02 | 00,204,800 | ---- | C] ()
IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2006/05/24 08:41:02 | 00,200,704 | ---- | C] ()
IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2006/05/24 08:41:02 | 00,192,512 | ---- | C] ()
IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2006/05/24 08:41:02 | 00,192,512 | ---- | C] ()
IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2006/05/24 08:41:02 | 00,188,416 | ---- | C] ()
IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2006/05/24 08:41:02 | 00,020,480 | ---- | C] ()
TSMAPIP.SYS -> C:\WINDOWS\System32\drivers\TSMAPIP.SYS -> [2006/05/24 08:30:46 | 00,007,168 | ---- | C] ()
FPCALL.dll -> C:\WINDOWS\System32\FPCALL.dll -> [2006/05/24 08:30:23 | 00,045,056 | ---- | C] ()
TDSMAPI.SYS -> C:\WINDOWS\System32\drivers\TDSMAPI.SYS -> [2006/05/24 08:27:17 | 00,009,340 | ---- | C] ()
OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/05/24 08:16:12 | 00,002,481 | ---- | C] ()
GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/19 19:21:28 | 00,029,779 | ---- | C] ()
GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/19 19:21:28 | 00,026,040 | ---- | C] ()
IPSCtrl.INI -> C:\WINDOWS\System32\IPSCtrl.INI -> [2005/12/01 03:09:00 | 00,000,487 | ---- | C] ()
px.ini -> C:\WINDOWS\System32\px.ini -> [2005/09/02 15:02:20 | 00,000,000 | ---- | C] ()
DEVMAN.DLL -> C:\WINDOWS\System32\DEVMAN.DLL -> [2005/06/21 20:46:52 | 00,049,152 | ---- | C] ()
PcdrKernelModeServices.dll -> C:\WINDOWS\System32\PcdrKernelModeServices.dll -> [2005/05/04 16:32:42 | 00,090,112 | ---- | C] ()
ProgressTrace.dll -> C:\WINDOWS\System32\ProgressTrace.dll -> [2005/05/04 16:32:42 | 00,065,536 | ---- | C] ()
orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/09 13:03:43 | 00,000,882 | ---- | C] ()
JAWTAccessBridge.dll -> C:\WINDOWS\System32\JAWTAccessBridge.dll -> [2003/04/10 18:04:00 | 00,028,672 | ---- | C] ()
hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2003/03/08 23:31:04 | 00,561,152 | ---- | C] ()
LEXSTAT.INI -> C:\WINDOWS\LEXSTAT.INI -> [2002/09/18 17:40:16 | 00,000,643 | ---- | C] ()
lxboBCE.DLL -> C:\WINDOWS\System32\lxboBCE.DLL -> [2002/09/18 17:13:14 | 00,102,400 | ---- | C] ()
lxboICO.DLL -> C:\WINDOWS\System32\lxboICO.DLL -> [2002/09/18 17:13:12 | 00,032,768 | ---- | C] ()
lxbo2kui.dll -> C:\WINDOWS\System32\lxbo2kui.dll -> [2002/06/11 06:34:09 | 00,007,680 | ---- | C] ()
lxbo2kpm.dll -> C:\WINDOWS\System32\lxbo2kpm.dll -> [2002/06/11 06:33:54 | 00,015,360 | ---- | C] ()
X84-X85_DS.ini -> C:\WINDOWS\X84-X85_DS.ini -> [2002/06/07 10:59:15 | 00,000,194 | ---- | C] ()
msvdm.dll -> C:\WINDOWS\System32\msvdm.dll -> [2002/03/19 16:30:00 | 00,141,824 | ---- | C] ()
REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [2002/01/18 00:33:42 | 00,040,448 | ---- | C] ()
Lexmark_ICM.ini -> C:\WINDOWS\Lexmark_ICM.ini -> [2001/08/24 17:17:59 | 00,001,369 | ---- | C] ()
hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/06 12:00:00 | 00,003,399 | ---- | C] ()
LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2000/10/24 07:08:36 | 00,118,784 | ---- | C] ()
lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [2000/10/24 07:08:33 | 00,338,944 | ---- | C] ()
MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 13:46:56 | 00,065,536 | ---- | C] ()
SynTPCoI.dll -> C:\WINDOWS\System32\SynTPCoI.dll -> [1980/01/01 02:00:00 | 00,077,824 | ---- | C] ()
tpinspm.dll -> C:\WINDOWS\System32\tpinspm.dll -> [1980/01/01 02:00:00 | 00,049,152 | ---- | C] ()
notifyf2.dll -> C:\WINDOWS\System32\notifyf2.dll -> [1980/01/01 02:00:00 | 00,028,672 | ---- | C] ()
tphklock.dll -> C:\WINDOWS\System32\tphklock.dll -> [1980/01/01 02:00:00 | 00,024,576 | ---- | C] ()
< End of report >
[/code]

anand_am01
2010-01-18, 09:17
Hello peku006,
The OTS scan report is attached in .Zip format for your consideration.
Thanks & regards,
anand_am01

peku006
2010-01-18, 12:30
Hi Anand Murthy

all logs are ok ,How's the computer running now? Any problems?

Thanks peku006

anand_am01
2010-01-20, 18:51
Hello peku006,
Thank you for your guidance.
The computer 'seems' to be alright, except that I've noticed that it is extraordinarily slow on the start up ...
Any thoughts?
Thanks & regards,
Anand Murthy

peku006
2010-01-21, 11:28
Hi Anand Murthy

System Still Slow?
You may wish to try StartupLite. (http://www.malwarebytes.org/startuplite.php) Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware (http://www.bleepingcomputer.com/forums/index.php?showtopic=87058&view=findpost&p=487112)

post back if it helped.

Thanks peku006

peku006
2010-01-25, 10:29
Due to a lack of response, this topic is now closed

If you still require help, please open a new thread in the Malware Removal forum (http://forums.spybot.info/forumdisplay.php?f=22), include a
fresh HijackThis log, and wait for a new helper.

Your donation helps improving Spybot-S&D! (http://www.safer-networking.org/en/donate/index.html)