Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: SCPROT4.EXE Malware Trojan/ Worm infection

  1. #11
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default ComboFix Log + HJT Log

    Hello peku006,
    Here're the logs that you'd requested.

    Combofix
    ===============================
    ComboFix 10-01-16.03 - Anand 17/01/2010 1:06.5.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.369 [GMT -5:00]
    Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Anand\Desktop\CFScript.txt
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_HLIXMZGQPRS
    -------\Legacy_IZE
    -------\Service_HLIXMZGQPRS
    -------\Service_IZE


    ((((((((((((((((((((((((( Files Created from 2009-12-17 to 2010-01-17 )))))))))))))))))))))))))))))))
    .

    2010-01-15 23:39 . 2010-01-15 23:37 98136 -c--a-w- c:\windows\gzip.exe
    2010-01-15 00:46 . 2010-01-15 00:46 -------- dc----w- c:\program files\ESET
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\Anand\Application Data\Malwarebytes
    2010-01-12 04:58 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-12 04:58 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
    2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
    2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
    2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
    2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
    2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
    2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
    2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
    2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
    2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
    2010-01-04 04:22 . 2010-01-17 06:30 -------- dc----w- c:\windows\Internet Logs
    2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
    2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
    2009-12-25 04:22 . 2010-01-11 14:08 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
    2010-01-17 06:00 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
    2010-01-17 05:48 . 2010-01-04 05:31 3141363 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-01-16 00:15 . 2010-01-16 00:15 2232 -c--a-w- c:\windows\java\Packages\Data\37VNV1NH.DAT
    2010-01-16 00:15 . 2010-01-16 00:15 155995 -c--a-w- c:\windows\java\Packages\C2DBVRRR.ZIP
    2010-01-16 00:14 . 2010-01-16 00:14 2678 -c--a-w- c:\windows\java\Packages\Data\YYP3F7RJ.DAT
    2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\DZBRTB5B.DAT
    2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\Q1BJ3Z9R.DAT
    2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\AUK8U79B.DAT
    2010-01-16 00:13 . 2010-01-16 00:13 2678 -c--a-w- c:\windows\java\Packages\Data\JFNTF7XJ.DAT
    2010-01-15 23:37 . 2008-03-30 21:44 -------- dc----w- c:\program files\Intuit
    2010-01-12 11:53 . 2009-05-16 04:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-12 11:50 . 2009-05-16 05:03 -------- dc----w- c:\program files\Microsoft Works
    2010-01-11 10:54 . 2008-11-03 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
    2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
    2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
    2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
    2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
    2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
    2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
    2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
    2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
    2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
    2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
    2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
    2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
    2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools
    2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
    2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
    2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
    2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
    2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
    2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
    2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
    2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
    "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-01-17 30192]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "configmsi"="rmdir" [X]
    "supportdir"="rmdir" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
    backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
    backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
    backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
    backup=c:\windows\pss\Juice.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
    backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
    2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
    2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=2 (0x2)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=3 (0x3)
    "SQLSERVERAGENT"=3 (0x3)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQLSERVER"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FileZilla Server"=3 (0x3)
    "DefWatch"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Simply Accounting Database Connection Manager"=3 (0x3)
    "wuauserv"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate1c942bc34c5debc"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
    "HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
    "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
    "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\CallWave\\IAM.exe"=
    "c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
    R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
    S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
    S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
    S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

    2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-17 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

    2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = proxy.toronto.ca:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    Trusted Zone: live.com\login
    Trusted Zone: sap.com
    DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
    DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
    FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
    FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-17 01:33
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    "ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1408)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\windows\system32\tphklock.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1464)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(7796)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
    c:\windows\system32\PROCHLP.DLL
    c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\windows\wanmpsvc.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-17 01:46:53 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-17 06:46
    ComboFix2.txt 2010-01-15 17:51
    ComboFix3.txt 2010-01-10 06:12
    ComboFix4.txt 2008-02-18 05:30

    Pre-Run: 6,996,602,880 bytes free
    Post-Run: 7,048,966,144 bytes free

    - - End Of File - - 78076544F90E620E11EB6610D15A8DE6


    HJT Log
    =====================================
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 1:50:20 AM, on 17/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
    O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: *.sap.com
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/c...2008,0514,2338
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/t...2008,0514,2345
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/t...2008,0514,2340
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/t...2008,0701,2202
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1203342374438
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/t...ion=5,2,3790,0
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/termi...2008,0514,2341
    O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/Acti...age_Player.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/t...2008,0605,2205
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/...2008,0514,2348
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - Invalid registry found
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 18416 bytes


    Thank you!
    /anand_am01

  2. #12
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    • Download OTS by Oldtimer to your Desktop and double-click on it to extract the files.

      • NOTE: You must be logged on to the system with an account that has Administrator privileges to run this program.

    • Close ALL OTHER PROGRAMS.
    • Double-click on OTS.exe to start the program (if you are running on Vista then right-click the program and choose Run as Administrator).
    • Click the Scan All Users checkbox on the toolbar.
    • Do not change any other settings.
    • Now click the Run Scan button on the toolbar.
    • Let it run unhindered until it finishes.
    • When the scan is complete Notepad will open with the report file loaded in it.
    • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
    • Close Notepad (saving the change if necessry).


    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #13
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default OTS Scan report - Part 1

    Hello peku006,
    Thanks for the instructions.
    Here is the scan report for OTS
    Regards,
    anand_am01

    =====================================
    [code]
    OTS logfile created on: 17/01/2010 10:00:42 PM - Run 1
    OTS by OldTimer - Version 3.1.19.1 Folder = C:\Documents and Settings\Anand\Desktop\Downloads
    Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

    1,014.00 Mb Total Physical Memory | 240.00 Mb Available Physical Memory | 24.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 53.00% Paging File free
    Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 88.95 Gb Total Space | 4.82 Gb Free Space | 5.42% Space Free | Partition Type: NTFS
    D: Drive not present or media not loaded
    Drive E: | 988.00 Mb Total Space | 436.98 Mb Free Space | 44.23% Space Free | Partition Type: NTFS
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded
    Drive R: | 99.72 Mb Total Space | 99.69 Mb Free Space | 99.97% Space Free | Partition Type: FAT

    Computer Name: MURTHYCIAN
    Current User Name: Anand
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: All users
    Company Name Whitelist: Off
    Skip Microsoft Files: Off
    File Age = 30 Days

    [Processes - Safe List]
    ots.exe -> C:\Documents and Settings\Anand\Desktop\Downloads\OTS.exe -> [2010/01/17 21:34:43 | 00,632,320 | ---- | M] (OldTimer Tools)
    googledesktop.exe -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
    jqs.exe -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 01:13:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
    avgtray.exe -> C:\Program Files\AVG\AVG8\avgtray.exe -> [2009/12/12 09:40:56 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
    vsmon.exe -> C:\WINDOWS\system32\ZoneLabs\vsmon.exe -> [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD)
    zlclient.exe -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe -> [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD)
    googlecrashhandler.exe -> C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe -> [2009/10/31 03:08:27 | 00,136,176 | ---- | M] (Google Inc.)
    iswsvc.exe -> C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -> [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies)
    forcefield.exe -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe -> [2009/10/14 08:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies)
    avgrsx.exe -> C:\Program Files\AVG\AVG8\avgrsx.exe -> [2009/08/26 09:00:26 | 00,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgnsx.exe -> C:\Program Files\AVG\AVG8\avgnsx.exe -> [2009/08/26 09:00:07 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    avgwdsvc.exe -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/26 08:59:24 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
    seaport.exe -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
    rcui.exe -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
    rchotkey.exe -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe -> [2009/05/04 14:15:16 | 00,032,768 | ---- | M] (RingCentral, Inc.)
    iexplore.exe -> C:\Program Files\Internet Explorer\iexplore.exe -> [2009/03/08 13:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation)
    wltuser.exe -> C:\Program Files\Windows Live\Toolbar\wltuser.exe -> [2009/02/06 17:21:00 | 00,224,632 | ---- | M] (Microsoft Corporation)
    googleupdate.exe -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2008/11/09 17:40:14 | 00,133,104 | ---- | M] (Google Inc.)
    explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    hpswp_clipbook.exe -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe -> [2008/03/27 22:51:18 | 00,116,032 | ---- | M] (Hewlett-Packard Co.)
    lvprcsrv.exe -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.)
    lvcomser.exe -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.)
    googletoolbarnotifier.exe -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe -> [2007/07/08 09:41:30 | 00,068,856 | ---- | M] (Google Inc.)
    hkcmd.exe -> C:\WINDOWS\system32\hkcmd.exe -> [2007/01/13 09:47:04 | 00,163,840 | ---- | M] (Intel Corporation)
    igfxpers.exe -> C:\WINDOWS\system32\igfxpers.exe -> [2007/01/13 09:46:36 | 00,135,168 | ---- | M] (Intel Corporation)
    igfxsrvc.exe -> C:\WINDOWS\system32\igfxsrvc.exe -> [2007/01/13 09:46:24 | 00,241,664 | ---- | M] (Intel Corporation)
    suservice.exe -> c:\Program Files\Lenovo\System Update\SUService.exe -> [2006/07/11 18:04:42 | 00,015,872 | ---- | M] ( )
    tphkmgr.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe -> [2006/05/10 17:03:44 | 00,094,208 | ---- | M] ()
    svcguihlpr.exe -> C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe -> [2006/04/17 15:13:00 | 00,094,208 | ---- | M] (Lenovo)
    acsvc.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -> [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo)
    acprfmgrsvc.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [2006/04/17 15:12:26 | 00,040,960 | ---- | M] ()
    acmurochlpr.exe -> C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe -> [2006/04/17 15:12:20 | 00,163,840 | ---- | M] ()
    actray.exe -> C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe -> [2006/04/17 15:09:10 | 00,409,600 | ---- | M] (Lenovo)
    acwlicon.exe -> C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe -> [2006/04/17 14:59:10 | 00,098,304 | ---- | M] (Lenovo)
    scheduler_proxy.exe -> C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe -> [2006/03/28 05:01:06 | 00,503,808 | ---- | M] (Lenovo Group Limited)
    tvtsched.exe -> C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -> [2006/03/28 05:00:56 | 00,946,176 | ---- | M] (Lenovo Group Limited)
    lpmgr.exe -> C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE -> [2006/01/25 03:03:00 | 00,106,496 | ---- | M] (Lenovo Group Limited)
    rrservice.exe -> C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [2005/12/21 18:20:56 | 01,384,448 | ---- | M] ()
    pwmgr.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe -> [2005/12/21 18:13:20 | 02,369,072 | ---- | M] (Lenovo Group Limited)
    cssauth.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe -> [2005/12/21 18:08:02 | 01,996,336 | ---- | M] (Lenovo Group Limited)
    ipssvc.exe -> C:\WINDOWS\system32\IPSSVC.EXE -> [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited)
    pdservice.exe -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe -> [2005/11/15 13:13:24 | 00,049,152 | ---- | M] (Utimaco Safeware AG)
    tpscrex.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe -> [2005/10/26 02:44:30 | 00,086,016 | ---- | M] (Lenovo Group Limited)
    dkservice.exe -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2005/09/28 01:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation)
    ezejmnap.exe -> C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE -> [2005/08/10 04:20:00 | 00,237,568 | ---- | M] (Lenovo Group Limited)
    ibmtcsd.exe -> C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> [2005/08/02 20:17:30 | 00,722,480 | ---- | M] (IBM)
    syntplpr.exe -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe -> [2005/08/01 12:48:56 | 00,110,592 | ---- | M] (Synaptics, Inc.)
    syntpenh.exe -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe -> [2005/08/01 12:48:28 | 00,512,000 | ---- | M] (Synaptics, Inc.)
    s24evmon.exe -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/07/23 04:43:20 | 00,372,809 | ---- | M] (Intel Corporation )
    1xconfig.exe -> C:\Program Files\Intel\Wireless\Bin\1XConfig.exe -> [2005/07/23 04:42:24 | 00,245,760 | ---- | M] (Intel)
    evteng.exe -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/07/23 04:41:22 | 00,086,016 | ---- | M] (Intel Corporation)
    regsrvc.exe -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/07/23 04:40:08 | 00,139,264 | ---- | M] (Intel Corporation)
    tponscr.exe -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe -> [2005/07/05 16:57:12 | 00,077,824 | ---- | M] ()
    tphdexlg.exe -> C:\WINDOWS\system32\TPHDEXLG.exe -> [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.)
    smax4pnp.exe -> C:\Program Files\Analog Devices\Core\smax4pnp.exe -> [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.)
    tfswctrl.exe -> C:\WINDOWS\system32\dla\tfswctrl.exe -> [2005/05/19 07:33:00 | 00,127,037 | ---- | M] (Sonic Solutions)
    dlg.exe -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software)
    acrotray.exe -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 21:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
    taskswitch.exe -> C:\WINDOWS\system32\TaskSwitch.exe -> [2002/03/19 17:30:00 | 00,045,632 | ---- | M] ()
    wanmpsvc.exe -> C:\WINDOWS\wanmpsvc.exe -> [2001/11/26 03:54:02 | 00,065,536 | ---- | M] (America Online, Inc.)

    [Modules - Safe List]
    ots.exe -> C:\Documents and Settings\Anand\Desktop\Downloads\OTS.exe -> [2010/01/17 21:34:43 | 00,632,320 | ---- | M] (OldTimer Tools)
    iswshex.dll -> C:\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll -> [2009/10/14 08:30:36 | 00,628,080 | ---- | M] (Check Point Software Technologies)
    rchotkeyhook.dll -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll -> [2009/05/04 14:13:30 | 00,073,728 | ---- | M] (RingCentral, Inc.)
    msvcr80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll -> [2007/12/04 01:56:56 | 00,635,904 | ---- | M] (Microsoft Corporation)
    msvcp80.dll -> C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll -> [2007/12/04 01:56:54 | 00,558,080 | ---- | M] (Microsoft Corporation)
    lvprcinj.dll -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll -> [2007/10/19 13:19:10 | 00,109,080 | ---- | M] (Logitech Inc.)
    prochlp.dll -> C:\WINDOWS\system32\PROCHLP.DLL -> [2005/12/01 03:09:00 | 00,086,016 | ---- | M] (Lenovo Group Limited)
    syntpfcs.dll -> C:\WINDOWS\system32\SynTPFcs.dll -> [2005/08/01 12:48:50 | 00,065,536 | ---- | M] (Synaptics, Inc.)

    [Win32 Services - Safe List]
    (TpKmpSVC) IBM KCU Service [Auto | Stopped] -> -> File not found
    (IBMPMSVC) ThinkPad PM Service [Auto | Stopped] -> -> File not found
    (GoogleDesktopManager-110309-193829) Google Desktop Manager 5.9.911.3589 [On_Demand | Stopped] -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
    (JavaQuickStarterService) Java Quick Starter [Auto | Running] -> C:\Program Files\Java\jre6\bin\jqs.exe -> [2010/01/04 01:13:37 | 00,153,376 | ---- | M] (Sun Microsystems, Inc.)
    (getPlusHelper) getPlus(R) Helper [On_Demand | Stopped] -> C:\Program Files\NOS\bin\getPlus_Helper.dll -> [2009/12/17 16:36:24 | 00,067,360 | ---- | M] (NOS Microsystems Ltd.)
    (vsmon) TrueVector Internet Monitor [Auto | Running] -> C:\WINDOWS\System32\ZoneLabs\vsmon.exe -> [2009/11/22 15:44:16 | 02,384,240 | ---- | M] (Check Point Software Technologies LTD)
    (IswSvc) ZoneAlarm Toolbar IswSvc [Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe -> [2009/10/14 08:30:26 | 00,476,528 | ---- | M] (Check Point Software Technologies)
    (avg8wd) AVG Free8 WatchDog [Auto | Running] -> C:\Program Files\AVG\AVG8\avgwdsvc.exe -> [2009/08/26 08:59:24 | 00,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (ServiceLayer) ServiceLayer [On_Demand | Stopped] -> C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -> [2009/06/02 09:10:08 | 00,637,952 | ---- | M] (Nokia.)
    (SeaPort) SeaPort [Auto | Running] -> C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -> [2009/05/19 10:36:18 | 00,240,512 | ---- | M] (Microsoft Corporation)
    (gusvc) Google Software Updater [Disabled | Stopped] -> C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -> [2009/05/07 12:46:37 | 00,182,768 | ---- | M] (Google)
    (FileZilla Server) FileZilla Server FTP server [Disabled | Stopped] -> C:\Program Files\FileZilla Server\FileZilla Server.exe -> [2009/03/03 05:19:28 | 00,691,200 | ---- | M] (FileZilla Project)
    (Remasoft Canada Inc.: Rema update permissions manager. 19151.) Remasoft Canada Inc.: Rema update permissions manager. 19151. [Disabled | Stopped] -> C:\Program Files\Rema\RemaUpd.exe -> [2009/02/20 11:33:30 | 00,643,072 | ---- | M] ()
    (MSSQLSERVER) MSSQLSERVER [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -> [2008/12/18 09:47:08 | 09,158,656 | ---- | M] (Microsoft Corporation)
    (gupdate1c942bc34c5debc) Google Update Service (gupdate1c942bc34c5debc) [Disabled | Stopped] -> C:\Program Files\Google\Update\GoogleUpdate.exe -> [2008/11/09 17:40:14 | 00,133,104 | ---- | M] (Google Inc.)
    (odserv) Microsoft Office Diagnostics Service [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -> [2008/11/04 01:06:28 | 00,441,712 | ---- | M] (Microsoft Corporation)
    (QBCFMonitorService) QBCFMonitorService [Disabled | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -> [2008/09/10 02:33:38 | 00,020,480 | ---- | M] (Intuit)
    (Simply Accounting Database Connection Manager) Simply Accounting Database Connection Manager [Disabled | Stopped] -> C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe -> [2008/06/09 23:00:00 | 00,024,576 | ---- | M] (Sage Software)
    (Irmon) Infrared Monitor [Auto | Running] -> C:\WINDOWS\system32\irmon.dll -> [2008/04/13 19:11:55 | 00,028,160 | ---- | M] (Microsoft Corporation)
    (hpqddsvc) HP CUE DeviceDiscovery Service [Auto | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqddsvc.dll -> [2008/03/25 20:27:36 | 00,135,168 | ---- | M] (Hewlett-Packard Co.)
    (hpqcxs08) hpqcxs08 [On_Demand | Running] -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxs08.dll -> [2008/03/25 19:38:24 | 00,217,088 | ---- | M] (Hewlett-Packard Co.)
    (Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.dll -> [2008/02/28 10:53:18 | 00,053,248 | ---- | M] (Hewlett-Packard)
    (Net Driver HPZ12) Net Driver HPZ12 [Auto | Running] -> C:\WINDOWS\system32\HPZinw12.dll -> [2008/02/28 10:53:18 | 00,043,520 | ---- | M] (Hewlett-Packard)
    (LVSrvLauncher) LVSrvLauncher [Disabled | Stopped] -> C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -> [2007/10/19 13:21:16 | 00,141,848 | ---- | M] (Logitech Inc.)
    (LVPrcSrv) Process Monitor [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -> [2007/10/19 13:19:22 | 00,141,848 | ---- | M] (Logitech Inc.)
    (LVCOMSer) LVCOMSer [Auto | Running] -> C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -> [2007/10/19 13:17:28 | 00,186,904 | ---- | M] (Logitech Inc.)
    (iPod Service) iPod Service [Disabled | Stopped] -> C:\Program Files\iPod\bin\iPodService.exe -> [2006/10/30 11:36:32 | 00,492,608 | ---- | M] (Apple Computer, Inc.)
    (ose) Office Source Engine [On_Demand | Stopped] -> C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -> [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation)
    (QBFCService) Intuit QuickBooks FCS [On_Demand | Stopped] -> C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -> [2006/10/09 21:01:00 | 00,071,184 | ---- | M] (Intuit Inc.)
    (SUService) System Update [Auto | Running] -> c:\Program Files\Lenovo\System Update\SUService.exe -> [2006/07/11 18:04:42 | 00,015,872 | ---- | M] ( )
    (PsaSrv) IBM PSA Access Driver Control [On_Demand | Stopped] -> C:\WINDOWS\system32\psasrv.exe -> [2006/07/11 17:52:52 | 00,023,552 | ---- | M] ()
    (AcSvc) Access Connections Main Service [Auto | Running] -> C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe -> [2006/04/17 15:12:28 | 00,151,552 | ---- | M] (Lenovo)
    (AcPrfMgrSvc) Ac Profile Manager Service [Auto | Running] -> C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -> [2006/04/17 15:12:26 | 00,040,960 | ---- | M] ()
    (TVT Scheduler) TVT Scheduler [Auto | Running] -> C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe -> [2006/03/28 05:00:56 | 00,946,176 | ---- | M] (Lenovo Group Limited)
    (TVT Backup Service) TVT Backup Service [Auto | Running] -> C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -> [2005/12/21 18:20:56 | 01,384,448 | ---- | M] ()
    (IPSSVC) IPS Core Service [Auto | Running] -> C:\WINDOWS\system32\IPSSVC.EXE -> [2005/12/01 03:09:00 | 00,073,728 | ---- | M] (Lenovo Group Limited)
    (IDriverT) InstallDriver Table Manager [On_Demand | Stopped] -> C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -> [2005/11/14 02:06:04 | 00,069,632 | ---- | M] (Macrovision Corporation)
    (Diskeeper) Diskeeper [Auto | Running] -> C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -> [2005/09/28 01:26:12 | 00,622,700 | ---- | M] (Diskeeper Corporation)
    (TSSCoreService) TSS Core Service [Auto | Running] -> C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -> [2005/08/02 20:17:30 | 00,722,480 | ---- | M] (IBM)
    (S24EventMonitor) Spectrum24 Event Monitor [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe -> [2005/07/23 04:43:20 | 00,372,809 | ---- | M] (Intel Corporation )
    (EvtEng) EvtEng [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\EvtEng.exe -> [2005/07/23 04:41:22 | 00,086,016 | ---- | M] (Intel Corporation)
    (RegSrvc) RegSrvc [Auto | Running] -> C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe -> [2005/07/23 04:40:08 | 00,139,264 | ---- | M] (Intel Corporation)
    (TPHDEXLGSVC) ThinkPad HDD APS Logging Service [Auto | Running] -> C:\WINDOWS\system32\TPHDEXLG.exe -> [2005/06/20 14:15:00 | 00,077,824 | ---- | M] (Lenovo.)
    (SQLSERVERAGENT) SQLSERVERAGENT [Disabled | Stopped] -> C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -> [2005/05/03 21:42:56 | 00,323,584 | ---- | M] (Microsoft Corporation)
    (IPSECMON) SafeNet Monitor Service [Disabled | Stopped] -> C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IPSecMon.exe -> [2004/08/11 14:22:46 | 00,057,398 | ---- | M] (SafeNet)
    (IreIKE) SafeNet IKE Service [Disabled | Stopped] -> C:\Program Files\NETGEAR\NETGEAR ProSafe VPN Client\IreIKE.exe -> [2004/08/11 14:22:44 | 00,319,538 | ---- | M] (SafeNet)
    (WANMiniportService) WAN Miniport (ATW) Service [Auto | Running] -> C:\WINDOWS\wanmpsvc.exe -> [2001/11/26 03:54:02 | 00,065,536 | ---- | M] (America Online, Inc.)

    [Driver Services - Safe List]
    (catchme) catchme [Kernel | On_Demand | Running] -> -> File not found
    (vsdatant) vsdatant [Kernel | System | Running] -> C:\WINDOWS\system32\vsdatant.sys -> [2009/11/22 15:42:54 | 00,486,280 | ---- | M] (Check Point Software Technologies LTD)
    (ISWKL) ZoneAlarm Toolbar ISWKL [Kernel | Auto | Running] -> C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -> [2009/10/14 08:30:02 | 00,025,208 | ---- | M] (Check Point Software Technologies)
    (AvgMfx86) AVG Free On-access Scanner Minifilter Driver x86 [File_System | System | Running] -> C:\WINDOWS\System32\Drivers\avgmfx86.sys -> [2009/08/26 09:00:24 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (AvgLdx86) AVG Free AVI Loader Driver x86 [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgldx86.sys -> [2009/08/26 09:00:23 | 00,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (AvgTdiX) AVG Free8 Network Redirector [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\avgtdix.sys -> [2009/05/08 09:09:26 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.)
    (pccsmcfd) PCCS Mode Change Filter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\pccsmcfd.sys -> [2008/08/26 09:26:12 | 00,018,816 | ---- | M] (Nokia)
    (USB_RNDIS) Thomson ST Remote NDIS Device Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usb8023.sys -> [2008/04/13 13:56:49 | 00,012,800 | ---- | M] (Microsoft Corporation)
    (NSCIRDA) NSC Infrared Device Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nscirda.sys -> [2008/04/13 13:54:36 | 00,028,672 | ---- | M] (National Semiconductor Corporation)
    (usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\usbaudio.sys -> [2008/04/13 13:45:12 | 00,060,032 | ---- | M] (Microsoft Corporation)
    (amdagp) AMD AGP Bus Filter Driver [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\amdagp.sys -> [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.)
    (sisagp) SIS AGP Bus Filter [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sisagp.sys -> [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation)
    (Secdrv) Secdrv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\secdrv.sys -> [2008/04/13 11:39:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
    (HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 11:36:05 | 00,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider)
    (HPZius12) USB to IEEE-1284.4 Translation Driver HPZius12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZius12.sys -> [2008/01/24 16:22:08 | 00,021,568 | R--- | M] (HP)
    (HPZipr12) Print Class Driver for IEEE-1284.4 HPZipr12 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZipr12.sys -> [2008/01/24 16:22:07 | 00,016,496 | R--- | M] (HP)
    (HPZid412) IEEE-1284.4 Driver HPZid412 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HPZid412.sys -> [2008/01/24 16:22:06 | 00,049,920 | R--- | M] (HP)
    (LVcKap) Logitech AEC Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\Lvckap.sys -> [2007/10/19 13:16:30 | 02,109,976 | ---- | M] (Logitech Inc.)
    (LVPr2Mon) Logitech LVPr2Mon Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\LVPr2Mon.sys -> [2007/10/11 18:59:24 | 00,025,624 | ---- | M] ()
    (LVMVDrv) Logitech Machine Vision Engine Loader [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\LVMVdrv.sys -> [2007/10/11 18:59:02 | 02,142,488 | ---- | M] (Logitech Inc.)
    (tmcomm) tmcomm [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\tmcomm.sys -> [2007/08/01 16:47:26 | 00,102,664 | ---- | M] (Trend Micro Inc.)
    (MDC8021X) AEGIS Protocol (IEEE 802.1x) v2.3.1.9 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdc8021x.sys -> [2007/05/17 08:13:03 | 00,015,781 | ---- | M] (Meetinghouse Data Communications)
    (ialm) ialm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\igxpmp32.sys -> [2007/01/13 09:33:18 | 05,672,032 | ---- | M] (Intel Corporation)
    (PxHelp20) PxHelp20 [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\PxHelp20.sys -> [2006/09/27 16:53:22 | 00,036,560 | ---- | M] (Sonic Solutions)
    (GEARAspiWDM) GEARAspiWDM [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -> [2006/09/19 17:44:04 | 00,015,664 | ---- | M] (GEAR Software Inc.)
    (AEAudioService) AEAudio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\aeaudio.sys -> [2006/08/07 07:57:30 | 00,093,952 | ---- | M] (Andrea Electronics Corporation)
    (EGATHDRV) IBM eGatherer [Kernel | Auto | Running] -> C:\WINDOWS\system32\EGATHDRV.SYS -> [2006/08/02 21:27:51 | 00,011,712 | ---- | M] (IBM Corporation)
    (psadd) IBM PSA Access Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\psadd.sys -> [2006/07/11 17:52:50 | 00,017,536 | ---- | M] (Lenovo)
    (ADIHdAudAddService) ADI UAA Function Driver for High Definition Audio Service [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ADIHdAud.sys -> [2006/06/20 11:56:48 | 00,178,688 | ---- | M] (Analog Devices, Inc.)
    (AegisP) AEGIS Protocol (IEEE 802.1x) v3.2.0.3 [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\AegisP.sys -> [2006/05/24 08:29:58 | 00,017,801 | ---- | M] (Meetinghouse Data Communications)
    (TcUsb) TC USB Kernel Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\tcusb.sys -> [2006/04/25 21:13:20 | 00,028,800 | ---- | M] (UPEK Inc.)
    (SmiHlp) SMI helper driver [Kernel | Auto | Running] -> C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys -> [2006/04/25 21:00:00 | 00,003,456 | ---- | M] (UPEK Inc.)
    (IBMTPCHK) IBMTPCHK [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\IBMBLDID.sys -> [2006/01/13 02:33:22 | 00,006,016 | ---- | M] ()
    (ibmfilter) ibmfilter [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\ibmfilter.sys -> [2005/12/21 17:14:58 | 00,012,544 | ---- | M] (IBM)
    (HSF_DPV) HSF_DPV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsx_dpv.sys -> [2005/12/06 13:21:32 | 00,936,448 | ---- | M] (Conexant Systems, Inc.)
    (HSXHWAZL) HSXHWAZL [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsxhwazl.sys -> [2005/12/06 13:20:48 | 00,192,512 | ---- | M] (Conexant Systems, Inc.)
    (winachsf) winachsf [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hsx_cnxt.sys -> [2005/12/06 13:20:42 | 00,670,208 | ---- | M] (Conexant Systems, Inc.)
    (PROCDD) IPS Helper Driver [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PROCDD.SYS -> [2005/12/01 03:09:00 | 00,005,120 | ---- | M] (Lenovo Group Limited)
    (Shockprf) Shockprf [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\shockprf.sys -> [2005/11/30 17:58:00 | 00,085,760 | ---- | M] (Lenovo)
    (PrivateDisk) PrivateDisk [Kernel | Auto | Running] -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -> [2005/11/15 13:11:28 | 00,046,142 | R--- | M] (Utimaco Safeware AG)
    (ANC) ANC [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ANC.sys -> [2005/11/08 11:27:20 | 00,011,520 | ---- | M] (IBM Corp.)
    (mdmxsdk) mdmxsdk [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\mdmxsdk.sys -> [2005/10/05 17:57:08 | 00,012,544 | ---- | M] (Conexant)
    (IBMPMDRV) IBMPMDRV [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ibmpmdrv.sys -> [2005/09/30 03:32:00 | 00,013,456 | ---- | M] (Lenovo.)
    (Smapint) Smapint [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\SMAPINT.SYS -> [2005/08/10 03:50:00 | 00,014,848 | ---- | M] (Microsoft Corporation)
    (TDSMAPI) TDSMAPI [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TDSMAPI.SYS -> [2005/08/10 03:50:00 | 00,009,340 | ---- | M] ()
    (TPPWRIF) TPPWRIF [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPPWRIF.SYS -> [2005/08/10 03:10:00 | 00,004,442 | ---- | M] ()
    (TSMAPIP) TSMAPIP [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TSMAPIP.SYS -> [2005/08/08 04:40:00 | 00,007,168 | ---- | M] ()
    (smi2) smi2 [Kernel | Auto | Running] -> C:\Program Files\SMI2\smi2.sys -> [2005/08/02 19:47:20 | 00,003,968 | ---- | M] (IBM Corp.)
    (SynTP) Synaptics TouchPad Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\SynTP.sys -> [2005/08/01 12:43:46 | 00,177,664 | ---- | M] (Synaptics, Inc.)
    (s24trans) WLAN Transport [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\s24trans.sys -> [2005/07/23 01:02:44 | 00,011,354 | ---- | M] (Intel Corporation)
    (w29n51) Intel(R) PRO/Wireless 2915ABG Network Connection Driver for Windows XP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\w29n51.sys -> [2005/07/19 23:14:02 | 03,289,088 | ---- | M] (Intel® Corporation)
    (risdptsk) risdptsk [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\risdptsk.sys -> [2005/07/14 14:14:34 | 00,027,904 | ---- | M] (REDC)
    (rimsptsk) rimsptsk [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\rimsptsk.sys -> [2005/07/12 21:00:30 | 00,051,328 | ---- | M] (REDC)
    (TPHKDRV) TPHKDRV [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\TPHKDRV.sys -> [2005/07/05 16:57:06 | 00,017,699 | ---- | M] (IBM Corporation)
    (ShockMgr) ShockMgr [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\ShockMgr.sys -> [2005/06/20 14:18:00 | 00,004,736 | ---- | M] (Lenovo.)
    (tfsnudfa) tfsnudfa [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudfa.sys -> [2005/05/19 07:33:00 | 00,100,605 | ---- | M] (Sonic Solutions)
    (tfsnudf) tfsnudf [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnudf.sys -> [2005/05/19 07:33:00 | 00,098,716 | ---- | M] (Sonic Solutions)
    (tfsnifs) tfsnifs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnifs.sys -> [2005/05/19 07:33:00 | 00,086,940 | ---- | M] (Sonic Solutions)
    (tfsncofs) tfsncofs [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsncofs.sys -> [2005/05/19 07:33:00 | 00,034,845 | ---- | M] (Sonic Solutions)
    (tfsnboio) tfsnboio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnboio.sys -> [2005/05/19 07:33:00 | 00,025,725 | ---- | M] (Sonic Solutions)
    (tfsnopio) tfsnopio [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnopio.sys -> [2005/05/19 07:33:00 | 00,014,909 | ---- | M] (Sonic Solutions)
    (tfsnpool) tfsnpool [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsnpool.sys -> [2005/05/19 07:33:00 | 00,006,365 | ---- | M] (Sonic Solutions)
    (tfsndrct) tfsndrct [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndrct.sys -> [2005/05/19 07:33:00 | 00,004,125 | ---- | M] (Sonic Solutions)
    (tfsndres) tfsndres [File_System | Auto | Running] -> C:\WINDOWS\system32\dla\tfsndres.sys -> [2005/05/19 07:33:00 | 00,002,241 | ---- | M] (Sonic Solutions)
    (atmeltpm) atmeltpm [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\atmeltpm.sys -> [2005/05/17 12:20:08 | 00,015,872 | ---- | M] (Atmel, Inc.)
    (drvmcdb) drvmcdb [Kernel | Boot | Running] -> C:\WINDOWS\system32\drivers\drvmcdb.sys -> [2005/03/24 05:22:00 | 00,088,352 | ---- | M] (Sonic Solutions)
    (drvnddm) drvnddm [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\drvnddm.sys -> [2005/03/24 04:56:00 | 00,040,544 | ---- | M] (Sonic Solutions)
    (b57w2k) Broadcom NetXtreme Gigabit Ethernet [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\b57xp32.sys -> [2005/03/17 18:30:10 | 00,132,608 | ---- | M] (Broadcom Corporation)
    (PcdrNdisuio) PCDRNDISUIO Usermode I/O Protocol [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -> [2005/02/01 19:00:42 | 00,012,416 | ---- | M] (Windows (R) 2000 DDK provider)
    (sscdbhk5) sscdbhk5 [File_System | System | Running] -> C:\WINDOWS\system32\drivers\sscdbhk5.sys -> [2004/12/02 13:04:20 | 00,005,627 | ---- | M] (Sonic Solutions)
    (ssrtln) ssrtln [File_System | System | Running] -> C:\WINDOWS\system32\drivers\ssrtln.sys -> [2004/12/02 13:04:10 | 00,023,545 | ---- | M] (Sonic Solutions)
    (AFS2K) AFS2K [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AFS2K.SYS -> [2004/10/07 20:16:04 | 00,035,840 | ---- | M] (Oak Technology Inc.)
    (IPSECDRV) SafeNet IPSec Plugin [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\IpSecDrv.sys -> [2004/08/11 13:01:40 | 00,119,864 | ---- | M] (SafeNet)
    (Ptilink) Direct Parallel Link Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\ptilink.sys -> [2004/08/04 07:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.)
    (nv) nv [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2004/08/04 00:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation)
    (Crypto) Crypto [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\Crypto.sig -> [2004/07/30 14:20:44 | 00,000,136 | ---- | M] ()
    (Iviaspi) IVI ASPI Shell [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\iviaspi.sys -> [2003/09/11 01:36:54 | 00,021,060 | ---- | M] (InterVideo, Inc.)
    (DNE) Deterministic Network Enhancer Miniport [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\dne2000.sys -> [2003/09/05 15:35:02 | 00,139,604 | ---- | M] (Deterministic Networks, Inc.)
    (DniVap) SafeNet WAN Miniport (VA) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\vap.sys -> [2001/12/14 17:26:06 | 00,036,188 | ---- | M] (Deterministic Networks Inc.)
    (wanatw) WAN Miniport (ATW) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\wanatw4.sys -> [2001/09/26 18:58:20 | 00,028,396 | ---- | M] (America Online, Inc.)
    (Sparrow) Sparrow [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sparrow.sys -> [2001/08/17 16:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.)
    (sym_u3) sym_u3 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_u3.sys -> [2001/08/17 16:07:42 | 00,030,688 | ---- | M] (LSI Logic)
    (sym_hi) sym_hi [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\sym_hi.sys -> [2001/08/17 16:07:40 | 00,028,384 | ---- | M] (LSI Logic)
    (symc8xx) symc8xx [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc8xx.sys -> [2001/08/17 16:07:36 | 00,032,640 | ---- | M] (LSI Logic)
    (symc810) symc810 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\symc810.sys -> [2001/08/17 16:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.)
    (ultra) ultra [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ultra.sys -> [2001/08/17 15:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.)
    (ql12160) ql12160 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql12160.sys -> [2001/08/17 15:52:20 | 00,045,312 | ---- | M] (QLogic Corporation)
    (ql1080) ql1080 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1080.sys -> [2001/08/17 15:52:20 | 00,040,320 | ---- | M] (QLogic Corporation)
    (ql1280) ql1280 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\ql1280.sys -> [2001/08/17 15:52:18 | 00,049,024 | ---- | M] (QLogic Corporation)
    (dac2w2k) dac2w2k [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -> [2001/08/17 15:52:16 | 00,179,584 | ---- | M] (Mylex Corporation)
    (mraid35x) mraid35x [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\mraid35x.sys -> [2001/08/17 15:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.)
    (asc) asc [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc.sys -> [2001/08/17 15:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.)
    (asc3550) asc3550 [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\asc3550.sys -> [2001/08/17 15:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.)
    (AliIde) AliIde [Kernel | Disabled | Stopped] -> C:\WINDOWS\system32\DRIVERS\aliide.sys -> [2001/08/17 15:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.)
    (CmdIde) CmdIde [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\DRIVERS\cmdide.sys -> [2001/08/17 15:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.)
    (ac97intc) Intel(r) 82801 Audio Driver Install Service (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\ac97intc.sys -> [2001/08/17 14:20:04 | 00,096,256 | ---- | M] (Intel Corporation)
    (E100B) Intel(R) PRO Adapter Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\e100b325.sys -> [2001/08/17 14:12:10 | 00,117,760 | ---- | M] (Intel Corporation)
    (pmem) pmem [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PMEMNT.SYS -> [2000/05/31 22:29:54 | 00,007,012 | ---- | M] (Microsoft Corporation)

    [Registry - Safe List]
    < Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
    HKEY_LOCAL_MACHINE\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
    HKEY_LOCAL_MACHINE\: Search\\"Search Bar" -> http://search.msn.com/spbasic.htm ->
    < Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
    HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
    HKEY_USERS\.DEFAULT\: "ProxyServer" -> proxy.toronto.ca:8080 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
    HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-18\: "ProxyServer" -> proxy.toronto.ca:8080 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
    HKEY_USERS\S-1-5-19\: "ProxyEnable" -> 0 ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
    < Internet Explorer Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Main\\"Default_Search_URL" -> http://www.google.com/ie ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Main\\"Start Page" -> http://www.google.com/ ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Search\\"Default_Search_URL" -> http://www.google.com/ie ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: Search\\"SearchAssistant" -> http://www.google.com/ie ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: SearchURL\\"" -> http://www.google.com/search?q=%s ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: "ProxyEnable" -> 0 ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\: "ProxyServer" -> proxy.toronto.ca:8080 ->
    < FireFox Settings [Prefs.js] > -> C:\Documents and Settings\Anand\Application Data\Mozilla\FireFox\Profiles\p5pyhhaj.default\prefs.js ->
    browser.search.defaultenginename -> "Google" ->
    browser.search.defaulturl -> "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=" ->
    browser.search.selectedEngine -> "Google" ->
    browser.startup.homepage -> "http://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng" ->
    extensions.enabledItems -> {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429 ->
    extensions.enabledItems -> firebug@software.joehewitt.com:1.4.5 ->
    extensions.enabledItems -> moveplayer@movenetworks.com:1.0.0.07061050 ->
    extensions.enabledItems -> {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 ->
    extensions.enabledItems -> {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 ->
    extensions.enabledItems -> {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546 ->
    extensions.enabledItems -> {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.53.4 ->
    extensions.enabledItems -> jqs@sun.com:1.0 ->
    extensions.enabledItems -> {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 ->
    extensions.enabledItems -> {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.8.6 ->
    extensions.enabledItems -> {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.5 ->
    extensions.enabledItems -> foxyproxy@eric.h.jung:2.16.1 ->
    extensions.enabledItems -> {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.6.5 ->
    extensions.enabledItems -> {5C46D283-ABDE-4dce-B83C-08881401921C}:1.8.5 ->
    extensions.enabledItems -> {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501 ->
    extensions.enabledItems -> wisestamp@wisestamp.com:1.3.3 ->
    extensions.enabledItems -> tineye@ideeinc.com:0.7.1 ->
    extensions.enabledItems -> SkipScreen@SkipScreen:0.3.20091214_AMO ->
    extensions.enabledItems -> {28197867-b1ef-4140-8e3b-55c45b9c8460}:2.5.2 ->
    network.proxy.autoconfig_url -> "http://localhost:9100/proxy.pac" ->
    network.proxy.http -> "192.168.0.2" ->
    network.proxy.http_port -> 8080 ->
    < FireFox Settings [User.js] > -> C:\Documents and Settings\Anand\Application Data\Mozilla\FireFox\Profiles\p5pyhhaj.default\user.js ->
    < FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
    HKLM\software\mozilla\eMusic Download Manager\Extensions -> ->
    HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components -> C:\Program Files\eMusic Download Manager\xulrunner\components [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\COMPONENTS] -> [2009/07/13 12:42:39 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins -> C:\Program Files\eMusic Download Manager\xulrunner\plugins [C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\PLUGINS] -> [2010/01/04 01:30:47 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions -> ->
    HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71} -> C:\Program Files\AVG\AVG8\Firefox [C:\PROGRAM FILES\AVG\AVG8\FIREFOX] -> [2009/12/22 09:41:01 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com -> C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\ [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 7\BKMRKSYNC\] -> [2009/07/17 17:03:52 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn2 [C:\PROGRAM FILES\HEWLETT-PACKARD\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON2] -> [2009/08/04 16:08:36 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8} -> C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\] -> [2009/11/03 23:19:57 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB} -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker [C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER] -> [2010/01/14 07:18:24 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6\extensions -> ->
    HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components -> C:\Program Files\Mozilla Firefox 3.6 Beta 5\components [C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 5\COMPONENTS] -> [2010/01/17 00:39:47 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins -> C:\Program Files\Mozilla Firefox 3.6 Beta 5\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX 3.6 BETA 5\PLUGINS] -> [2010/01/11 09:07:44 | 00,000,000 | ---D | M]
    HKLM\software\mozilla\Mozilla Firefox2.0.0.\Extensions -> ->
    < FireFox Extensions [User Folders] > ->
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Extensions -> [2009/07/30 09:07:23 | 00,000,000 | ---D | M]
    No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Extensions\{2f1e6a90-e99e-11dd-ba2f-0800200c9a66} -> [2009/07/30 09:07:23 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions -> [2010/01/16 08:14:53 | 00,000,000 | ---D | M]
    Session Manager -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} -> [2010/01/04 13:17:11 | 00,000,000 | ---D | M]
    Integrated Gmail -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{28197867-b1ef-4140-8e3b-55c45b9c8460} -> [2010/01/12 06:44:23 | 00,000,000 | ---D | M]
    No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{29c4afe1-db19-4298-8785-fcc94d1d6c1d} -> [2010/01/11 16:10:41 | 00,000,000 | ---D | M]
    Stylish -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} -> [2010/01/11 16:11:48 | 00,000,000 | ---D | M]
    Google Shortcuts -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C} -> [2010/01/11 16:10:43 | 00,000,000 | ---D | M]
    Yahoo! Toolbar -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} -> [2010/01/04 13:17:13 | 00,000,000 | ---D | M]
    DownloadHelper -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} -> [2010/01/11 16:10:52 | 00,000,000 | ---D | M]
    Download Statusbar -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} -> [2010/01/11 16:11:26 | 00,000,000 | ---D | M]
    No name found -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{dc572301-7619-498c-a57d-39143191b318} -> [2010/01/11 16:10:23 | 00,000,000 | ---D | M]
    Download Manager Tweak -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} -> [2010/01/11 16:11:32 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\firebug@software.joehewitt.com -> [2009/11/10 11:54:20 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\foxyproxy@eric.h.jung -> [2010/01/11 16:11:06 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com -> [2007/08/13 20:55:56 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\notebook@google.com -> [2008/10/05 08:22:40 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\SkipScreen@SkipScreen -> [2010/01/11 16:10:24 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\tineye@ideeinc.com -> [2010/01/11 16:10:25 | 00,000,000 | ---D | M]
    -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\wisestamp@wisestamp.com -> [2010/01/11 16:10:37 | 00,000,000 | ---D | M]
    < FireFox SearchPlugins [User Folders] > ->
    linkedin.xml -> C:\Documents and Settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\searchplugins\linkedin.xml -> [2010/01/15 14:34:45 | 00,005,216 | ---- | M] ()
    < FireFox Extensions [Program Folders] > ->
    -> C:\Program Files\Mozilla Firefox\extensions -> [2010/01/03 12:43:13 | 00,000,000 | ---D | M]
    < HOSTS File > (27 bytes and 1 lines) -> C:\WINDOWS\system32\drivers\etc\hosts ->
    Reset Hosts
    127.0.0.1 localhost
    < BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
    {0347C33E-8762-4905-BF09-768834316C61} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [HP Print Enhancer] -> [2008/03/27 22:51:18 | 00,322,880 | ---- | M] (Hewlett-Packard Co.)
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} [HKLM] -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [Adobe PDF Link Helper] -> [2009/02/27 13:07:26 | 00,075,128 | ---- | M] (Adobe Systems Incorporated)
    {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> C:\Program Files\AVG\AVG8\avgssie.dll [AVG Safe Search] -> [2009/12/12 09:41:10 | 01,111,320 | ---- | M] (AVG Technologies CZ, s.r.o.)
    {53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot-S&D IE Protection] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    {5CA3D70E-1895-11CF-8E15-001234567890} [HKLM] -> C:\WINDOWS\system32\dla\tfswshx.dll [DriveLetterAccess] -> [2005/05/19 07:33:00 | 00,118,844 | ---- | M] (Sonic Solutions)
    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} [HKLM] -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [Search Helper] -> [2009/05/19 10:36:18 | 00,137,600 | ---- | M] (Microsoft Corporation)
    {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar Registrar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
    {AA58ED58-01DD-4d91-8333-CF10577473F7} [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar Helper] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
    {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [Google Toolbar Notifier BHO] -> [2009/11/29 19:40:29 | 00,764,912 | ---- | M] (Google Inc.)
    {DBC80044-A445-435b-BC74-9C25C1C588A9} [HKLM] -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [Java(tm) Plug-In 2 SSV Helper] -> [2010/01/04 01:13:37 | 00,041,760 | ---- | M] (Sun Microsystems, Inc.)
    {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Google Gears Helper] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [Windows Live Toolbar Helper] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
    {E7E6F031-17CE-4C07-BC86-EABFE594F69C} [HKLM] -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [JQSIEStartDetectorImpl Class] -> [2010/01/04 01:13:40 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
    {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [HP Smart BHO Class] -> [2008/03/27 22:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
    < Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
    "{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
    "{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
    < Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\Toolbar\ ->
    ShellBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
    ShellBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{21FA44EF-376D-4D53-9B0F-8A89D3229068}" [HKLM] -> C:\Program Files\Windows Live\Toolbar\wltcore.dll [&Windows Live Toolbar] -> [2009/02/06 17:17:46 | 01,068,904 | ---- | M] (Microsoft Corporation)
    WebBrowser\\"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" [HKLM] -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [Google Toolbar] -> [2009/11/29 19:37:11 | 00,263,280 | ---- | M] (Google Inc.)
    WebBrowser\\"{A057A204-BACC-4D26-9990-79A187E2698E}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{DB87BFA2-A2E3-451E-8E5A-C89982D87CBF}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
    WebBrowser\\"{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}" [HKLM] -> C:\Program Files\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll [ZoneAlarm Toolbar] -> [2009/10/14 08:30:44 | 00,578,928 | ---- | M] (Check Point Software Technologies)
    < Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "ACTray" -> C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe] -> [2006/04/17 15:09:10 | 00,409,600 | ---- | M] (Lenovo)
    "ACWLIcon" -> C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe] -> [2006/04/17 14:59:10 | 00,098,304 | ---- | M] (Lenovo)
    "Adobe ARM" -> C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe ["C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"] -> [2009/09/04 12:08:30 | 00,935,288 | R--- | M] (Adobe Systems Incorporated)
    "Adobe Reader Speed Launcher" -> C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe ["C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"] -> [2009/10/03 04:08:38 | 00,035,696 | ---- | M] (Adobe Systems Incorporated)
    "AVG8_TRAY" -> C:\Program Files\AVG\AVG8\avgtray.exe [C:\PROGRA~1\AVG\AVG8\avgtray.exe] -> [2009/12/12 09:40:56 | 02,043,160 | ---- | M] (AVG Technologies CZ, s.r.o.)
    "CoolSwitch" -> C:\WINDOWS\system32\TaskSwitch.exe [C:\WINDOWS\system32\taskswitch.exe] -> [2002/03/19 17:30:00 | 00,045,632 | ---- | M] ()
    "cssauth" -> C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe ["C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent] -> [2005/12/21 18:08:02 | 01,996,336 | ---- | M] (Lenovo Group Limited)
    "dla" -> C:\WINDOWS\system32\dla\tfswctrl.exe [C:\WINDOWS\system32\dla\tfswctrl.exe] -> [2005/05/19 07:33:00 | 00,127,037 | ---- | M] (Sonic Solutions)
    "EZEJMNAP" -> C:\Program Files\ThinkPad\Utilities\EZEJMNAP.EXE [C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe] -> [2005/08/10 04:20:00 | 00,237,568 | ---- | M] (Lenovo Group Limited)
    "Google Desktop Search" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe ["C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup] -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
    "HotKeysCmds" -> C:\WINDOWS\system32\hkcmd.exe [C:\WINDOWS\system32\hkcmd.exe] -> [2007/01/13 09:47:04 | 00,163,840 | ---- | M] (Intel Corporation)
    "IgfxTray" -> C:\WINDOWS\system32\igfxtray.exe [C:\WINDOWS\system32\igfxtray.exe] -> [2007/01/13 08:47:04 | 00,131,072 | ---- | M] (Intel Corporation)
    "ISUSPM Startup" -> c:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup] -> [2004/07/27 18:50:42 | 00,221,184 | ---- | M] (InstallShield Software Corporation)
    "ISW" -> C:\Program Files\CheckPoint\ZAForceField\ForceField.exe ["C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"] -> [2009/10/14 08:30:06 | 00,730,480 | ---- | M] (Check Point Software Technologies)
    "LPManager" -> C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE [C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe] -> [2006/01/25 03:03:00 | 00,106,496 | ---- | M] (Lenovo Group Limited)
    "PDService.exe" -> C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe ["C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"] -> [2005/11/15 13:13:24 | 00,049,152 | ---- | M] (Utimaco Safeware AG)
    "Persistence" -> C:\WINDOWS\system32\igfxpers.exe [C:\WINDOWS\system32\igfxpers.exe] -> [2007/01/13 09:46:36 | 00,135,168 | ---- | M] (Intel Corporation)
    "PrinTray" -> C:\WINDOWS\system32\spool\drivers\w32x86\3\printray.exe [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe] -> [2002/09/18 17:52:52 | 00,036,864 | ---- | M] (Lexmark)
    "PSQLLauncher" -> C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe ["C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup] -> [2006/04/25 21:03:42 | 00,031,232 | ---- | M] (UPEK Inc.)
    "SoundMAXPnP" -> C:\Program Files\Analog Devices\Core\smax4pnp.exe [C:\Program Files\Analog Devices\Core\smax4pnp.exe] -> [2005/05/20 09:11:06 | 00,925,696 | ---- | M] (Analog Devices, Inc.)
    "SynTPEnh" -> C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] -> [2005/08/01 12:48:28 | 00,512,000 | ---- | M] (Synaptics, Inc.)
    "SynTPLpr" -> C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [C:\Program Files\Synaptics\SynTP\SynTPLpr.exe] -> [2005/08/01 12:48:56 | 00,110,592 | ---- | M] (Synaptics, Inc.)
    "TPHOTKEY" -> C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe [C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe] -> [2006/05/10 17:03:44 | 00,094,208 | ---- | M] ()
    "TPKMAPHELPER" -> C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe [C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper] -> [2005/10/28 21:04:44 | 00,864,256 | ---- | M] (Lenovo)
    "TVT Scheduler Proxy" -> C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe [C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe] -> [2006/03/28 05:01:06 | 00,503,808 | ---- | M] (Lenovo Group Limited)
    "ZoneAlarm Client" -> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe ["C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"] -> [2009/11/22 15:42:50 | 01,037,192 | ---- | M] (Check Point Software Technologies LTD)
    < RunOnce [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    "configmsi" -> C:\WINDOWS\System32\cmd.exe [cmd /c "rmdir /q C:\config.msi"] -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
    "supportdir" -> [cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""] -> File not found
    < RunOnce [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce ->
    "configmsi" -> C:\WINDOWS\System32\cmd.exe [cmd /c "rmdir /q C:\config.msi"] -> [2008/04/13 19:12:14 | 00,389,120 | ---- | M] (Microsoft Corporation)
    "supportdir" -> [cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}""] -> File not found
    < Run [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
    "RCHotKey" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe ["C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"] -> [2009/05/04 14:15:16 | 00,032,768 | ---- | M] (RingCentral, Inc.)
    "RCUI" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe ["C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"] -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
    "swg" -> C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe ["C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"] -> [2007/07/08 09:41:30 | 00,068,856 | ---- | M] (Google Inc.)
    < Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
    < All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk -> C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe -> [2003/10/23 21:37:56 | 00,217,194 | ---- | M] (Adobe Systems Inc.)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe -> [2003/10/29 05:06:00 | 00,024,576 | ---- | M] (BVRP Software)
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE -> [2000/01/21 03:15:54 | 00,065,588 | ---- | M] (Microsoft Corporation)
    < Anand Startup Folder > -> C:\Documents and Settings\Anand\Start Menu\Programs\Startup ->
    < Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
    < Heeru Startup Folder > -> C:\Documents and Settings\Heeru\Start Menu\Programs\Startup ->
    < Jolly Startup Folder > -> C:\Documents and Settings\Jolly\Start Menu\Programs\Startup ->
    < Software Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Policies\Microsoft\Internet Explorer ->
    < CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->

    ====== End of Part 1=====

  4. #14
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default OTS Scan report - Part 2

    Here's Part 2

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoCDBurning" -> [0] -> File not found
    \\"HonorAutoRunSetting" -> [1] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [145] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
    \\"NoDriveTypeAutoRun" -> [323] -> File not found
    \\"NoDriveAutoRun" -> [67108863] -> File not found
    \\"NoDrives" -> [0] -> File not found
    < CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
    < Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\MenuExt\ ->
    Google Sidewiki... -> C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll [res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html] -> [2009/11/29 19:37:17 | 00,648,192 | ---- | M] (Google Inc.)
    Open in new background tab -> C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de] -> [2006/10/10 22:25:34 | 00,112,640 | ---- | M] (Microsoft Corporation)
    Open in new foreground tab -> C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui [res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de] -> [2006/10/10 22:25:34 | 00,112,640 | ---- | M] (Microsoft Corporation)
    < Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
    {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}:{0B4350D1-055F-47A3-B112-5F2F2B0D6F08} [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [Menu: &Gears Settings] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
    {92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
    {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}:Exec [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Button: Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
    {DDE87865-83C5-48c4-8357-2F5B1AA84522}:{DDE87865-83C5-48c4-8357-2F5B1AA84522} [HKLM] -> C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [Button: HP Smart Select] -> [2008/03/27 22:51:18 | 00,501,056 | ---- | M] (Hewlett-Packard Co.)
    {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}:{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Menu: Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
    < Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\Software\Microsoft\Internet Explorer\Extensions\ ->
    CmdMapping\\"{09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5}" [HKLM] -> C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll [&Gears Settings] -> [2009/10/16 14:35:24 | 02,101,248 | ---- | M] (Google Inc.)
    CmdMapping\\"{5DCA74AE-D95E-425E-8F00-269575536490}" [HKLM] -> [Reg Error: Key error.] -> File not found
    CmdMapping\\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 00,039,464 | ---- | M] (Microsoft Corporation)
    CmdMapping\\"{D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5}" [HKLM] -> C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe [Software Installer] -> [2005/12/05 14:11:48 | 01,392,706 | ---- | M] ()
    CmdMapping\\"{DFB852A3-47F8-48C4-A200-58CAB36FD2A2}" [HKLM] -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2009/01/26 14:31:02 | 01,879,896 | ---- | M] (Safer Networking Limited)
    < Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
    < Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
    "" -> http://
    < Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
    59 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
    58 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 5969 domain(s) found. ->
    58 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
    32 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4032 domain(s) found. ->
    32 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 77 range(s) found. ->
    < Trusted Sites Domains [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 7998 domain(s) found. ->
    login_live.com [https] -> Trusted sites ->
    localhost .[http] -> Local intranet ->
    sap.com .[*] -> Trusted sites ->
    66 domain(s) and sub-domain(s) not assigned to a zone.
    < Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\] > -> HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
    HKEY_USERS\S-1-5-21-2345978724-3825532129-4291118871-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 78 range(s) found. ->
    GD [:Range = 127.0.0.1] -> http = Local intranet | ->
    < Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
    {166B1BCA-3F9C-11CF-8075-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab [Shockwave ActiveX Control] ->
    {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} [HKLM] -> https://connectphl05.sap.com/vdesk/cachecleaner.cab#version=6020,2008,0514,2338 [F5 Networks CacheCleaner] ->
    {45B69029-F3AB-4204-92DE-D5140C3E8E74} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/InstallerControl.cab#version=6020,2008,0514,2345 [F5 Networks Auto Update] ->
    {57C76689-F052-487B-A19F-855AFDDF28EE} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/f5InspectionHost.cab#version=6020,2008,0514,2340 [F5 Networks Policy Agent Host Class] ->
    {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/urTermProxy.cab#version=6020,2008,0701,2202 [F5 Networks SSLTunnel] ->
    {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1203342374438 [MUWebControl Class] ->
    {74FFE28D-2378-11D5-990C-006094235084} [HKLM] -> http://www-307.ibm.com/pc/support/IbmEgath.cab [IBM Access Support] ->
    {7530BFB8-7293-4D34-9923-61A11451AFC5} [HKLM] -> http://download.eset.com/special/eos/OnlineScanner.cab [OnlineScanner Control] ->
    {7584c670-2274-4efb-b00b-d6aaba6d3850} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/msrdp.cab#version=5,2,3790,0 [Microsoft RDP Client Control (redist)] ->
    {8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
    {B8BE5E93-A60C-4D26-A2DC-220313175592} [HKLM] -> http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab [ZoneIntro Class] ->
    {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab [Java Plug-in 1.4.2] ->
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [HKLM] -> http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab [Java Plug-in 1.6.0_17] ->
    {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} [HKLM] -> https://epass.toronto.ca/vdesk/terminal/urxshost.cab#version=6020,2008,0514,2341 [F5 Networks SuperHost Class] ->
    {CF25C291-E91C-11D3-873F-0000B4A2973D} [HKLM] -> https://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab [RingCentral Message Player Control] ->
    {D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Shockwave Flash Object] ->
    {D27CDB6E-AE6D-11CF-96B8-445453540000} [HKLM] -> http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab [Reg Error: Key error.] ->
    {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} [HKLM] -> [GpcContainer Class] ->
    {E0FF21FA-B857-45C5-8621-F120A0C17FF2} [HKLM] -> https://connectphl05.sap.com/vdesk/terminal/urxhost.cab#version=6020,2008,0605,2205 [F5 Networks Host Control] ->
    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} [HKLM] -> http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab [get_atlcom Class] ->
    {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} [HKLM] -> https://connectphl05.sap.com/policy/download_binary.php/win32/f5syschk.cab#Version=6020,2008,0514,2348 [F5 Networks OS Policy Agent] ->
    Microsoft XML Parser for Java [HKLM] -> file:///C:/WINDOWS/Java/classes/xmldso.cab [Reg Error: Key error.] ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
    DhcpNameServer -> 64.71.255.198 ->
    < Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
    {81A6560B-5A15-441B-9070-9B147E54D1AB}\\DhcpNameServer -> 64.71.255.198 (Intel(R) PRO/Wireless 2915ABG Network Connection) ->
    < Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
    *Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
    Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation)
    *MultiFile Done* -> ->
    < Winlogon\Notify settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ ->
    ACNotify -> Reg Error: Value error. -> File not found
    avgrsstarter -> C:\WINDOWS\System32\avgrsstx.dll -> [2009/08/26 09:00:26 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.)
    igfxcui -> C:\WINDOWS\System32\igfxdev.dll -> [2007/01/13 09:46:04 | 00,204,800 | ---- | M] (Intel Corporation)
    NavLogon -> Reg Error: Value error. -> File not found
    psfus -> C:\WINDOWS\System32\psqlpwd.dll -> [2006/04/25 21:20:38 | 00,040,448 | ---- | M] (UPEK Inc.)
    tpfnf2 -> C:\WINDOWS\System32\notifyf2.dll -> [2005/07/06 01:45:08 | 00,028,672 | ---- | M] ()
    tphotkey -> C:\WINDOWS\System32\tphklock.dll -> [2005/11/30 22:16:02 | 00,024,576 | ---- | M] ()
    < ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}" [HKLM] -> C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [] -> [2009/05/24 21:41:34 | 00,304,128 | ---- | M] (Microsoft Corporation)
    < Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/14 19:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 11:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 08:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/20 09:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2006/04/20 06:20:58 | 00,188,416 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 06:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/11 23:04:04 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/20 09:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 20:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2008/03/26 01:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 01:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 11:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/18 14:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/16 09:19:34 | 00,192,512 | ---- | M] ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/20 09:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2002/10/07 01:22:34 | 00,454,656 | ---- | M] ()
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    < Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
    "C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" -> C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll [C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin] -> [2009/12/04 09:57:54 | 03,409,392 | ---- | M] (Google)
    "C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" -> C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe [C:\Documents and Settings\Anand\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin] -> [2009/12/04 09:47:54 | 00,083,440 | ---- | M] (Google)
    "C:\Program Files\AVG\AVG8\avgnsx.exe" -> C:\Program Files\AVG\AVG8\avgnsx.exe [C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe] -> [2009/08/26 09:00:07 | 00,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\AVG\AVG8\avgupd.exe" -> C:\Program Files\AVG\AVG8\avgupd.exe [C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe] -> [2009/12/12 09:38:20 | 01,143,064 | ---- | M] (AVG Technologies CZ, s.r.o.)
    "C:\Program Files\CallWave\IAM.exe" -> C:\Program Files\CallWave\IAM.exe [C:\Program Files\CallWave\IAM.exe:*:Enabled:CallWave] -> [2007/05/27 09:09:32 | 01,940,544 | ---- | M] (CallWave, Inc.)
    "C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe" -> C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe [C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process ] -> [2009/06/29 09:01:36 | 00,372,736 | ---- | M] (Nokia Corporation)
    "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" -> C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe:*:Enabled:Google Desktop] -> [2010/01/16 19:25:48 | 00,030,192 | ---- | M] (Google)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2006/02/14 19:37:26 | 00,147,511 | R--- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe] -> [2008/03/16 11:14:04 | 01,556,480 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/04/20 08:42:18 | 00,063,064 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/04/20 09:13:30 | 00,231,000 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpofxs08.exe:*:Enabled:hpofxs08.exe] -> [2006/04/20 06:20:58 | 00,188,416 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/04/20 06:28:12 | 00,040,960 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2008/05/11 23:04:04 | 00,107,864 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/04/20 09:06:26 | 00,181,848 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcopy2.exe:*:Enabled:hpqcopy2.exe] -> [2008/03/25 20:21:20 | 00,247,128 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe] -> [2008/03/26 01:25:18 | 00,286,720 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe] -> [2008/03/26 01:25:20 | 00,237,568 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe] -> [2008/03/16 11:14:00 | 00,167,936 | ---- | M] (Hewlett-Packard)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe] -> [2006/02/18 14:29:46 | 00,139,264 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe] -> [2006/02/16 09:19:34 | 00,192,512 | ---- | M] ()
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe] -> [2008/03/25 19:49:02 | 00,184,320 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe] -> [2008/03/25 19:40:42 | 00,214,360 | ---- | M] (Hewlett-Packard Co.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/04/20 09:13:00 | 00,456,280 | ---- | M] (Hewlett-Packard Development Company, L.P.)
    "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2002/10/07 01:22:34 | 00,454,656 | ---- | M] ()
    "C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe" -> C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe [C:\Program Files\Intuit\QuickBooks 2009\QBDBMgrN.exe:*:Enabled:QuickBooks 2009 Data Manager] -> [2008/09/10 04:57:44 | 00,128,280 | ---- | M] (iAnywhere Solutions, Inc.)
    "C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2006/10/30 11:36:32 | 15,338,560 | ---- | M] (Apple Computer, Inc.)
    "C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe" -> C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe [C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater] -> [2009/07/09 12:00:10 | 01,955,064 | ---- | M] (Nokia Corporation)
    "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe" -> C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe [C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe:*:Enabled:RingCentral Call Controller] -> [2009/05/04 14:17:18 | 00,479,232 | ---- | M] (RingCentral, Inc.)
    "C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe" -> C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe [C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:Enabled:SAP Logon for Windows] -> [2005/01/19 05:02:54 | 00,475,136 | ---- | M] (SAP AG, Walldorf)
    "C:\Program Files\Skype\Phone\Skype.exe" -> C:\Program Files\Skype\Phone\Skype.exe [C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype] -> [2007/05/07 09:32:22 | 23,395,368 | R--- | M] (Skype Technologies S.A.)
    "C:\Program Files\Windows Live\Messenger\wlcsdk.exe" -> C:\Program Files\Windows Live\Messenger\wlcsdk.exe [C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call] -> [2009/02/06 17:21:00 | 00,583,024 | ---- | M] (Microsoft Corporation)
    "C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe" -> C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe [C:\Program Files\winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe:*:Enabled:mysqld-nt.exe 5.0.38] -> [2007/05/17 23:00:00 | 04,583,424 | ---- | M] ()
    "C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe" -> C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe [C:\Program Files\winsim\ConnectionManager\SimplyConnectionManager.exe:*:Enabled:SimplyConnectionManager.exe] -> [2008/06/09 23:00:00 | 00,024,576 | ---- | M] (Sage Software)
    < SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
    < CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
    "AutoRun" -> 1 ->
    "DisplayName" -> CD-ROM Driver ->
    "ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
    < Drives with AutoRun files > -> ->
    C:\AUTOEXEC.BAT [] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/05/31 16:33:41 | 00,000,000 | -H-- | M] ()
    < MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
    < Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command ->
    comfile [open] -> "%1" %* ->
    exefile [open] -> "%1" %* ->


    [Files/Folders - Created Within 30 Days]
    jit.dll -> C:\WINDOWS\System32\jit.dll -> [2010/01/15 19:13:59 | 00,171,280 | ---- | C] (Microsoft Corporation)
    setdebug.exe -> C:\WINDOWS\setdebug.exe -> [2010/01/15 19:13:59 | 00,046,352 | ---- | C] (Microsoft Corporation)
    dx3j.dll -> C:\WINDOWS\System32\dx3j.dll -> [2010/01/15 19:13:58 | 00,313,856 | ---- | C] (Microsoft Corporation)
    javaee.dll -> C:\WINDOWS\System32\javaee.dll -> [2010/01/15 19:13:58 | 00,139,536 | ---- | C] (Microsoft Corporation)
    vmhelper.dll -> C:\WINDOWS\System32\vmhelper.dll -> [2010/01/15 19:13:32 | 00,286,992 | ---- | C] (Microsoft Corporation)
    wjview.exe -> C:\WINDOWS\System32\wjview.exe -> [2010/01/15 19:13:32 | 00,171,792 | ---- | C] (Microsoft Corporation)
    msjdbc10.dll -> C:\WINDOWS\System32\msjdbc10.dll -> [2010/01/15 19:13:32 | 00,021,264 | ---- | C] (Microsoft Corporation)
    jview.exe -> C:\WINDOWS\System32\jview.exe -> [2010/01/15 19:13:31 | 00,172,304 | ---- | C] (Microsoft Corporation)
    msawt.dll -> C:\WINDOWS\System32\msawt.dll -> [2010/01/15 19:13:31 | 00,154,384 | ---- | C] (Microsoft Corporation)
    javart.dll -> C:\WINDOWS\System32\javart.dll -> [2010/01/15 19:13:30 | 00,404,752 | ---- | C] (Microsoft Corporation)
    javaprxy.dll -> C:\WINDOWS\System32\javaprxy.dll -> [2010/01/15 19:13:30 | 00,063,248 | ---- | C] (Microsoft Corporation)
    jdbgmgr.exe -> C:\WINDOWS\System32\jdbgmgr.exe -> [2010/01/15 19:13:30 | 00,015,120 | ---- | C] (Microsoft Corporation)
    javacypt.dll -> C:\WINDOWS\System32\javacypt.dll -> [2010/01/15 19:13:29 | 00,187,152 | ---- | C] (Microsoft Corporation)
    clspack.exe -> C:\WINDOWS\System32\clspack.exe -> [2010/01/15 19:13:27 | 00,049,424 | ---- | C] (Microsoft Corporation)
    ESET -> C:\Program Files\ESET -> [2010/01/14 19:46:57 | 00,000,000 | ---D | C]
    SAP sourcing -> C:\Documents and Settings\Anand\My Documents\SAP sourcing -> [2010/01/13 11:46:42 | 00,000,000 | ---D | C]
    Malwarebytes -> C:\Documents and Settings\Anand\Application Data\Malwarebytes -> [2010/01/11 23:58:44 | 00,000,000 | ---D | C]
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/11 23:58:27 | 00,038,224 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes -> C:\Documents and Settings\All Users\Application Data\Malwarebytes -> [2010/01/11 23:58:25 | 00,000,000 | ---D | C]
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/11 23:58:23 | 00,019,160 | ---- | C] (Malwarebytes Corporation)
    Malwarebytes' Anti-Malware -> C:\Program Files\Malwarebytes' Anti-Malware -> [2010/01/11 23:58:23 | 00,000,000 | ---D | C]
    NtmsData -> C:\WINDOWS\System32\NtmsData -> [2010/01/09 21:57:46 | 00,000,000 | ---D | C]
    cmdcons -> C:\cmdcons -> [2010/01/09 21:44:47 | 00,000,000 | RHSD | C]
    SWXCACLS.exe -> C:\WINDOWS\SWXCACLS.exe -> [2010/01/09 21:31:29 | 00,212,480 | ---- | C] (SteelWerX)
    SWREG.exe -> C:\WINDOWS\SWREG.exe -> [2010/01/09 21:31:29 | 00,161,792 | ---- | C] (SteelWerX)
    SWSC.exe -> C:\WINDOWS\SWSC.exe -> [2010/01/09 21:31:29 | 00,136,704 | ---- | C] (SteelWerX)
    NIRCMD.exe -> C:\WINDOWS\NIRCMD.exe -> [2010/01/09 21:31:29 | 00,031,232 | ---- | C] (NirSoft)
    Qoobox -> C:\Qoobox -> [2010/01/09 21:28:33 | 00,000,000 | ---D | C]
    Resume -> C:\Documents and Settings\Anand\My Documents\Resume -> [2010/01/07 16:28:01 | 00,000,000 | ---D | C]
    Adobe AIR -> C:\Program Files\Common Files\Adobe AIR -> [2010/01/04 01:22:47 | 00,000,000 | ---D | C]
    javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 01:16:15 | 00,073,728 | ---- | C] (Sun Microsystems, Inc.)
    deploytk.dll -> C:\WINDOWS\System32\deploytk.dll -> [2010/01/04 01:16:14 | 00,411,368 | ---- | C] (Sun Microsystems, Inc.)
    javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 01:16:14 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.)
    javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 01:16:13 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
    java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 01:16:12 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.)
    NOS -> C:\Program Files\NOS -> [2010/01/04 01:12:52 | 00,000,000 | ---D | C]
    NOS -> C:\Documents and Settings\All Users\Application Data\NOS -> [2010/01/04 01:12:52 | 00,000,000 | ---D | C]
    ForceField Shared Files -> C:\Documents and Settings\Anand\My Documents\ForceField Shared Files -> [2010/01/03 23:26:15 | 00,000,000 | ---D | C]
    CheckPoint -> C:\Documents and Settings\Anand\Application Data\CheckPoint -> [2010/01/03 23:25:57 | 00,000,000 | ---D | C]
    CheckPoint -> C:\Program Files\CheckPoint -> [2010/01/03 23:25:08 | 00,000,000 | ---D | C]
    vsregexp.dll -> C:\WINDOWS\System32\vsregexp.dll -> [2010/01/03 23:24:31 | 00,058,248 | ---- | C] (Check Point Software Technologies LTD)
    zlcommdb.dll -> C:\WINDOWS\System32\zlcommdb.dll -> [2010/01/03 23:24:12 | 00,103,816 | ---- | C] (Check Point Software Technologies LTD)
    zlcomm.dll -> C:\WINDOWS\System32\zlcomm.dll -> [2010/01/03 23:24:11 | 00,069,000 | ---- | C] (Check Point Software Technologies LTD)
    vswmi.dll -> C:\WINDOWS\System32\vswmi.dll -> [2010/01/03 23:24:00 | 00,041,864 | ---- | C] (Check Point Software Technologies LTD)
    zpeng25.dll -> C:\WINDOWS\System32\zpeng25.dll -> [2010/01/03 23:23:45 | 01,238,408 | ---- | C] (Check Point Software Technologies LTD)
    vsxml.dll -> C:\WINDOWS\System32\vsxml.dll -> [2010/01/03 23:23:43 | 00,109,960 | ---- | C] (Check Point Software Technologies LTD)
    ZoneLabs -> C:\WINDOWS\System32\ZoneLabs -> [2010/01/03 23:23:41 | 00,000,000 | ---D | C]
    vspubapi.dll -> C:\WINDOWS\System32\vspubapi.dll -> [2010/01/03 23:23:40 | 00,299,912 | ---- | C] (Check Point Software Technologies LTD)
    vsmonapi.dll -> C:\WINDOWS\System32\vsmonapi.dll -> [2010/01/03 23:23:39 | 00,107,912 | ---- | C] (Check Point Software Technologies LTD)
    vsdatant.sys -> C:\WINDOWS\System32\vsdatant.sys -> [2010/01/03 23:23:35 | 00,486,280 | ---- | C] (Check Point Software Technologies LTD)
    Zone Labs -> C:\Program Files\Zone Labs -> [2010/01/03 23:23:30 | 00,000,000 | ---D | C]
    Internet Logs -> C:\WINDOWS\Internet Logs -> [2010/01/03 23:22:56 | 00,000,000 | ---D | C]
    vsutil.dll -> C:\WINDOWS\System32\vsutil.dll -> [2010/01/03 23:22:53 | 00,621,960 | ---- | C] (Check Point Software Technologies LTD)
    vsinit.dll -> C:\WINDOWS\System32\vsinit.dll -> [2010/01/03 23:22:53 | 00,227,720 | ---- | C] (Check Point Software Technologies LTD)
    vsdata.dll -> C:\WINDOWS\System32\vsdata.dll -> [2010/01/03 23:22:53 | 00,112,008 | ---- | C] (Check Point Software Technologies LTD)
    TrendMicro -> C:\Program Files\TrendMicro -> [2010/01/03 16:07:16 | 00,000,000 | ---D | C]
    ERUNT -> C:\Program Files\ERUNT -> [2010/01/03 15:02:39 | 00,000,000 | ---D | C]
    Mozilla Firefox 3.6 Beta 5 -> C:\Program Files\Mozilla Firefox 3.6 Beta 5 -> [2009/12/24 23:22:39 | 00,000,000 | ---D | C]
    Intuit -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit -> [2009/10/13 11:28:02 | 00,000,000 | ---D | M]
    Microsoft -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft -> [2009/07/17 17:21:41 | 00,000,000 | ---D | M]
    Softland -> C:\Documents and Settings\LocalService\Application Data\Softland -> [2009/07/03 15:53:19 | 00,000,000 | ---D | M]
    Mozilla -> C:\Documents and Settings\LocalService\Application Data\Mozilla -> [2009/06/08 07:44:52 | 00,000,000 | ---D | M]
    Mozilla -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Mozilla -> [2009/06/08 07:44:28 | 00,000,000 | ---D | M]
    Microsoft -> C:\Documents and Settings\LocalService\Application Data\Microsoft -> [2009/06/02 16:08:37 | 00,000,000 | --SD | M]
    Google -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Google -> [2009/02/07 20:39:28 | 00,000,000 | ---D | M]
    Microsoft -> C:\Documents and Settings\NetworkService\Application Data\Microsoft -> [2009/02/02 23:58:42 | 00,000,000 | --SD | M]
    Microsoft -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft -> [2009/02/02 23:58:42 | 00,000,000 | ---D | M]
    Google -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google -> [2008/12/30 17:57:44 | 00,000,000 | ---D | M]
    Intel -> C:\Documents and Settings\NetworkService\Application Data\Intel -> [2008/08/09 15:21:27 | 00,000,000 | ---D | M]
    Adobe -> C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe -> [2007/12/25 20:10:35 | 00,000,000 | ---D | M]
    Google -> C:\Documents and Settings\LocalService\Application Data\Google -> [2007/02/10 00:04:34 | 00,000,000 | ---D | M]
    Adobe -> C:\Documents and Settings\LocalService\Application Data\Adobe -> [2006/06/22 00:08:47 | 00,000,000 | ---D | M]
    Macromedia -> C:\Documents and Settings\LocalService\Application Data\Macromedia -> [2006/06/04 14:18:50 | 00,000,000 | ---D | M]
    BVRP Software -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\BVRP Software -> [2006/05/31 15:36:38 | 00,000,000 | ---D | M]
    IBM -> C:\Documents and Settings\NetworkService\Local Settings\Application Data\IBM -> [2006/05/31 14:38:01 | 00,000,000 | ---D | M]
    Lenovo -> C:\Documents and Settings\LocalService\Application Data\Lenovo -> [2006/05/24 08:49:58 | 00,000,000 | ---D | M]
    1 C:\Documents and Settings\Anand\My Documents\*.tmp files -> C:\Documents and Settings\Anand\My Documents\*.tmp ->

    [Files/Folders - Modified Within 30 Days]
    DBGRID32.OCX -> C:\WINDOWS\System32\DBGRID32.OCX -> [2098/06/23 09:00:00 | 00,525,352 | ---- | M] (Microsoft Corporation)
    VB5DB.DLL -> C:\WINDOWS\System32\VB5DB.DLL -> [2098/06/17 09:00:00 | 00,089,360 | ---- | M] (Microsoft Corporation)
    PMTask.job -> C:\WINDOWS\tasks\PMTask.job -> [2010/01/17 22:04:11 | 00,000,316 | ---- | M] ()
    GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job -> [2010/01/17 21:34:01 | 00,000,978 | ---- | M] ()
    wpa.dbl -> C:\WINDOWS\System32\wpa.dbl -> [2010/01/17 21:27:59 | 00,002,278 | ---- | M] ()
    Contact_Log book.xls -> C:\Documents and Settings\Anand\My Documents\Contact_Log book.xls -> [2010/01/17 21:22:20 | 00,053,760 | ---- | M] ()
    GoogleUpdateTaskMachineUA.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job -> [2010/01/17 21:14:01 | 00,000,886 | ---- | M] ()
    incavi.avm -> C:\WINDOWS\System32\drivers\Avg\incavi.avm -> [2010/01/17 18:58:30 | 47,972,104 | ---- | M] ()
    microavi.avg -> C:\WINDOWS\System32\drivers\Avg\microavi.avg -> [2010/01/17 18:58:30 | 00,141,786 | ---- | M] ()
    User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job -> C:\WINDOWS\tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job -> [2010/01/17 18:06:09 | 00,000,422 | -H-- | M] ()
    GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job -> C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job -> [2010/01/17 06:34:02 | 00,000,926 | ---- | M] ()
    system.ini -> C:\WINDOWS\system.ini -> [2010/01/17 01:31:24 | 00,000,227 | ---- | M] ()
    hosts -> C:\WINDOWS\System32\drivers\etc\hosts -> [2010/01/17 01:29:29 | 00,000,027 | ---- | M] ()
    GoogleUpdateTaskMachineCore.job -> C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job -> [2010/01/17 01:28:52 | 00,000,882 | ---- | M] ()
    SA.DAT -> C:\WINDOWS\tasks\SA.DAT -> [2010/01/17 01:28:51 | 00,000,006 | -H-- | M] ()
    bootstat.dat -> C:\WINDOWS\bootstat.dat -> [2010/01/17 01:28:30 | 00,002,048 | --S- | M] ()
    hiberfil.sys -> C:\hiberfil.sys -> [2010/01/17 01:28:28 | 10,637,02528 | -HS- | M] ()
    NTUSER.DAT -> C:\Documents and Settings\Anand\NTUSER.DAT -> [2010/01/17 01:27:15 | 14,417,920 | -H-- | M] ()
    ntuser.ini -> C:\Documents and Settings\Anand\ntuser.ini -> [2010/01/17 01:26:46 | 00,000,278 | -HS- | M] ()
    ComboFix.exe -> C:\Documents and Settings\Anand\Desktop\ComboFix.exe -> [2010/01/17 01:02:50 | 03,827,079 | R--- | M] ()
    HiJackThis.lnk -> C:\Documents and Settings\Anand\Desktop\HiJackThis.lnk -> [2010/01/17 00:55:05 | 00,002,441 | ---- | M] ()
    Google Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk -> [2010/01/17 00:46:10 | 00,000,954 | ---- | M] ()
    Intuit SiteBuilder.lnk -> C:\Documents and Settings\All Users\Desktop\Intuit SiteBuilder.lnk -> [2010/01/15 18:40:35 | 00,001,789 | ---- | M] ()
    gzip.exe -> C:\WINDOWS\gzip.exe -> [2010/01/15 18:37:16 | 00,098,136 | ---- | M] ()
    SecureDrive.vol -> C:\Documents and Settings\Anand\My Documents\SecureDrive.vol -> [2010/01/14 07:01:22 | 10,485,7600 | ---- | M] ()
    AdobeFnt07.lst -> C:\WINDOWS\AdobeFnt07.lst -> [2010/01/12 14:25:15 | 00,551,060 | ---- | M] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/11 23:58:34 | 00,000,707 | ---- | M] ()
    MRFNR -> C:\WINDOWS\System32\MRFNR -> [2010/01/09 22:08:52 | 00,000,000 | ---- | M] ()
    BOOT.INI -> C:\BOOT.INI -> [2010/01/09 21:45:27 | 00,000,264 | RHS- | M] ()
    mbamswissarmy.sys -> C:\WINDOWS\System32\drivers\mbamswissarmy.sys -> [2010/01/07 16:07:14 | 00,038,224 | ---- | M] (Malwarebytes Corporation)
    mbam.sys -> C:\WINDOWS\System32\drivers\mbam.sys -> [2010/01/07 16:07:04 | 00,019,160 | ---- | M] (Malwarebytes Corporation)
    Layout.xls -> C:\Documents and Settings\Anand\Desktop\Layout.xls -> [2010/01/05 23:28:56 | 00,071,680 | ---- | M] ()
    Skype.lnk -> C:\Documents and Settings\All Users\Desktop\Skype.lnk -> [2010/01/05 21:37:49 | 00,002,387 | ---- | M] ()
    PDF password remover.lnk -> C:\Documents and Settings\Anand\Desktop\PDF password remover.lnk -> [2010/01/04 01:52:56 | 00,001,997 | ---- | M] ()
    Acrobat_com.lnk -> C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk -> [2010/01/04 01:44:58 | 00,000,743 | ---- | M] ()
    win.ini -> C:\WINDOWS\win.ini -> [2010/01/04 01:35:51 | 00,001,738 | ---- | M] ()
    Boot.bak -> C:\Boot.bak -> [2010/01/04 01:35:51 | 00,000,193 | ---- | M] ()
    Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/04 01:30:51 | 00,001,740 | ---- | M] ()
    javaws.exe -> C:\WINDOWS\System32\javaws.exe -> [2010/01/04 01:13:37 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.)
    deploytk.dll -> C:\WINDOWS\System32\deploytk.dll -> [2010/01/04 01:13:36 | 00,411,368 | ---- | M] (Sun Microsystems, Inc.)
    javaw.exe -> C:\WINDOWS\System32\javaw.exe -> [2010/01/04 01:13:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
    java.exe -> C:\WINDOWS\System32\java.exe -> [2010/01/04 01:13:36 | 00,145,184 | ---- | M] (Sun Microsystems, Inc.)
    javacpl.cpl -> C:\WINDOWS\System32\javacpl.cpl -> [2010/01/04 01:13:36 | 00,073,728 | ---- | M] (Sun Microsystems, Inc.)
    vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/01/03 23:30:22 | 00,422,437 | ---- | M] ()
    zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2010/01/03 23:24:47 | 00,004,212 | -H-- | M] ()
    ZoneAlarm Security.lnk -> C:\Documents and Settings\Anand\Desktop\ZoneAlarm Security.lnk -> [2010/01/03 23:24:46 | 00,000,742 | ---- | M] ()
    ERUNT.lnk -> C:\Documents and Settings\Anand\Desktop\ERUNT.lnk -> [2010/01/03 15:02:46 | 00,000,603 | ---- | M] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2010/01/03 01:41:24 | 00,000,418 | ---- | M] ()
    Mozilla Firefox 3.6 Beta 5.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk -> [2009/12/24 23:22:54 | 00,001,716 | ---- | M] ()
    DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> C:\Documents and Settings\Anand\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini -> [2009/12/24 16:09:48 | 00,044,544 | ---- | M] ()
    Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2009/12/19 16:37:16 | 00,001,926 | ---- | M] ()
    Thank you for calling Statue Homes.doc -> C:\Documents and Settings\Anand\Desktop\Thank you for calling Statue Homes.doc -> [2009/12/19 16:30:03 | 00,314,368 | ---- | M] ()
    1 C:\WINDOWS\Temp\*.tmp files -> C:\WINDOWS\Temp\*.tmp ->
    1 C:\Documents and Settings\Anand\My Documents\*.tmp files -> C:\Documents and Settings\Anand\My Documents\*.tmp ->

    [Files - No Company Name]
    LXBOUSCI.INI -> C:\WINDOWS\System32\LXBOUSCI.INI -> [2100/02/16 14:09:06 | 00,000,062 | ---- | C] ()
    Google Desktop.lnk -> C:\Documents and Settings\All Users\Desktop\Google Desktop.lnk -> [2010/01/17 00:46:10 | 00,000,954 | ---- | C] ()
    javasup.vxd -> C:\WINDOWS\System32\javasup.vxd -> [2010/01/15 19:13:58 | 00,007,315 | ---- | C] ()
    jautoexp.dat -> C:\WINDOWS\jautoexp.dat -> [2010/01/15 19:13:58 | 00,006,550 | ---- | C] ()
    zonedon.reg -> C:\WINDOWS\System32\zonedon.reg -> [2010/01/15 19:13:33 | 00,000,113 | ---- | C] ()
    zonedoff.reg -> C:\WINDOWS\System32\zonedoff.reg -> [2010/01/15 19:13:32 | 00,000,113 | ---- | C] ()
    Intuit SiteBuilder.lnk -> C:\Documents and Settings\All Users\Desktop\Intuit SiteBuilder.lnk -> [2010/01/15 18:40:35 | 00,001,789 | ---- | C] ()
    gzip.exe -> C:\WINDOWS\gzip.exe -> [2010/01/15 18:39:09 | 00,098,136 | ---- | C] ()
    Malwarebytes' Anti-Malware.lnk -> C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk -> [2010/01/11 23:58:34 | 00,000,707 | ---- | C] ()
    MRFNR -> C:\WINDOWS\System32\MRFNR -> [2010/01/09 22:08:52 | 00,000,000 | ---- | C] ()
    Boot.bak -> C:\Boot.bak -> [2010/01/09 21:45:27 | 00,000,193 | ---- | C] ()
    cmldr -> C:\cmldr -> [2010/01/09 21:45:23 | 00,260,272 | ---- | C] ()
    PEV.exe -> C:\WINDOWS\PEV.exe -> [2010/01/09 21:31:29 | 00,261,632 | ---- | C] ()
    sed.exe -> C:\WINDOWS\sed.exe -> [2010/01/09 21:31:29 | 00,098,816 | ---- | C] ()
    grep.exe -> C:\WINDOWS\grep.exe -> [2010/01/09 21:31:29 | 00,080,412 | ---- | C] ()
    MBR.exe -> C:\WINDOWS\MBR.exe -> [2010/01/09 21:31:29 | 00,077,312 | ---- | C] ()
    zip.exe -> C:\WINDOWS\zip.exe -> [2010/01/09 21:31:29 | 00,068,096 | ---- | C] ()
    ComboFix.exe -> C:\Documents and Settings\Anand\Desktop\ComboFix.exe -> [2010/01/09 21:26:33 | 03,827,079 | R--- | C] ()
    Layout.xls -> C:\Documents and Settings\Anand\Desktop\Layout.xls -> [2010/01/05 23:26:07 | 00,071,680 | ---- | C] ()
    PDF password remover.lnk -> C:\Documents and Settings\Anand\Desktop\PDF password remover.lnk -> [2010/01/04 01:50:56 | 00,001,997 | ---- | C] ()
    Acrobat_com.lnk -> C:\Documents and Settings\All Users\Desktop\Acrobat_com.lnk -> [2010/01/04 01:44:58 | 00,000,743 | ---- | C] ()
    Adobe Reader 9.lnk -> C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk -> [2010/01/04 01:30:50 | 00,001,740 | ---- | C] ()
    zllictbl.dat -> C:\WINDOWS\System32\zllictbl.dat -> [2010/01/03 23:24:46 | 00,004,212 | -H-- | C] ()
    ZoneAlarm Security.lnk -> C:\Documents and Settings\Anand\Desktop\ZoneAlarm Security.lnk -> [2010/01/03 23:24:46 | 00,000,742 | ---- | C] ()
    vsconfig.xml -> C:\WINDOWS\System32\vsconfig.xml -> [2010/01/03 23:23:35 | 00,422,437 | ---- | C] ()
    HiJackThis.lnk -> C:\Documents and Settings\Anand\Desktop\HiJackThis.lnk -> [2010/01/03 16:07:25 | 00,002,441 | ---- | C] ()
    ERUNT.lnk -> C:\Documents and Settings\Anand\Desktop\ERUNT.lnk -> [2010/01/03 15:02:46 | 00,000,603 | ---- | C] ()
    Mozilla Firefox 3.6 Beta 5.lnk -> C:\Documents and Settings\All Users\Desktop\Mozilla Firefox 3.6 Beta 5.lnk -> [2009/12/24 23:22:54 | 00,001,716 | ---- | C] ()
    Google Earth.lnk -> C:\Documents and Settings\All Users\Desktop\Google Earth.lnk -> [2009/12/19 16:37:16 | 00,001,926 | ---- | C] ()
    mdm.ini -> C:\WINDOWS\mdm.ini -> [2009/09/29 12:45:24 | 00,000,063 | ---- | C] ()
    hpqEmlSz.INI -> C:\WINDOWS\hpqEmlSz.INI -> [2009/09/24 17:39:03 | 00,000,000 | ---- | C] ()
    FontCache3.0.0.0.dat -> C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat -> [2009/06/27 23:11:35 | 00,771,224 | ---- | C] ()
    vrptspdf.dll -> C:\WINDOWS\System32\vrptspdf.dll -> [2009/04/18 10:12:35 | 00,278,528 | ---- | C] ()
    ACMonitor_X84-X85.ini -> C:\WINDOWS\ACMonitor_X84-X85.ini -> [2009/04/13 13:26:17 | 00,000,020 | ---- | C] ()
    LXBOUSCI.DLL -> C:\WINDOWS\System32\LXBOUSCI.DLL -> [2009/04/13 13:25:36 | 00,004,672 | ---- | C] ()
    Tx32.dll -> C:\WINDOWS\System32\Tx32.dll -> [2009/02/01 19:20:05 | 00,495,616 | ---- | C] ()
    ic32.ini -> C:\WINDOWS\System32\ic32.ini -> [2009/02/01 19:20:04 | 00,000,260 | ---- | C] ()
    Webica.ini -> C:\WINDOWS\Webica.ini -> [2009/01/25 23:40:42 | 00,000,036 | ---- | C] ()
    skillv.ini -> C:\WINDOWS\skillv.ini -> [2009/01/23 21:48:29 | 00,000,093 | ---- | C] ()
    netg.ini -> C:\WINDOWS\netg.ini -> [2009/01/23 21:48:29 | 00,000,060 | ---- | C] ()
    SMWizard.INI -> C:\WINDOWS\SMWizard.INI -> [2008/11/22 10:07:55 | 00,000,041 | ---- | C] ()
    AISAWFileMap.dll -> C:\WINDOWS\System32\AISAWFileMap.dll -> [2008/06/07 20:30:47 | 00,049,152 | ---- | C] ()
    Implode.dll -> C:\WINDOWS\System32\Implode.dll -> [2008/06/07 20:30:06 | 00,017,920 | ---- | C] ()
    igfxCoIn_v4764.dll -> C:\WINDOWS\System32\igfxCoIn_v4764.dll -> [2008/01/13 12:59:29 | 00,204,800 | ---- | C] ()
    LVPr2Mon.sys -> C:\WINDOWS\System32\drivers\LVPr2Mon.sys -> [2007/10/11 18:59:24 | 00,025,624 | ---- | C] ()
    NCLogConfig.ini -> C:\WINDOWS\NCLogConfig.ini -> [2007/10/07 18:18:54 | 00,000,221 | ---- | C] ()
    idxcntrs.ini -> C:\WINDOWS\System32\idxcntrs.ini -> [2007/09/27 09:51:02 | 00,020,698 | ---- | C] ()
    gsrvctr.ini -> C:\WINDOWS\System32\gsrvctr.ini -> [2007/09/27 09:48:48 | 00,030,628 | ---- | C] ()
    gthrctr.ini -> C:\WINDOWS\System32\gthrctr.ini -> [2007/09/27 09:48:28 | 00,031,698 | ---- | C] ()
    atnt40k.sys -> C:\WINDOWS\System32\drivers\atnt40k.sys -> [2007/09/21 17:59:38 | 00,050,272 | ---- | C] ()
    deposit.dll -> C:\WINDOWS\System32\deposit.dll -> [2007/09/09 06:16:57 | 00,000,010 | ---- | C] ()
    cdplayer.ini -> C:\WINDOWS\cdplayer.ini -> [2007/08/26 07:52:56 | 00,000,050 | ---- | C] ()
    pdf995.ini -> C:\WINDOWS\pdf995.ini -> [2007/07/12 17:05:54 | 00,000,028 | ---- | C] ()
    pdf995mon.dll -> C:\WINDOWS\System32\pdf995mon.dll -> [2007/07/12 17:02:32 | 00,051,716 | ---- | C] ()
    wpd99.drv -> C:\WINDOWS\wpd99.drv -> [2007/07/12 17:02:32 | 00,000,059 | ---- | C] ()
    VSHP2600.DLL -> C:\WINDOWS\System32\VSHP2600.DLL -> [2007/06/16 02:48:46 | 00,114,688 | R--- | C] ()
    ZHHP_RES.DLL -> C:\WINDOWS\System32\ZHHP_RES.DLL -> [2007/06/16 02:48:39 | 11,194,368 | R--- | C] ()
    AGISSI.DLL -> C:\WINDOWS\System32\AGISSI.DLL -> [2007/06/16 02:48:38 | 00,749,568 | R--- | C] ()
    gswin32.ini -> C:\WINDOWS\gswin32.ini -> [2006/07/22 16:22:33 | 00,000,043 | ---- | C] ()
    GlobalUserInterface.CompositeFont -> C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont -> [2006/07/02 21:37:12 | 00,030,808 | ---- | C] ()
    GlobalSansSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont -> [2006/07/02 21:37:10 | 00,026,489 | ---- | C] ()
    ODBC.INI -> C:\WINDOWS\ODBC.INI -> [2006/06/19 15:09:35 | 00,002,006 | ---- | C] ()
    Primomonnt.dll -> C:\WINDOWS\System32\Primomonnt.dll -> [2006/06/12 01:09:43 | 00,176,235 | ---- | C] ()
    primopdf.ini -> C:\WINDOWS\primopdf.ini -> [2006/06/12 01:09:43 | 00,000,129 | ---- | C] ()
    nsldap32v50.dll -> C:\WINDOWS\System32\nsldap32v50.dll -> [2006/06/05 12:36:54 | 00,143,360 | ---- | C] ()
    saplogon.ini -> C:\WINDOWS\saplogon.ini -> [2006/06/05 00:04:31 | 00,002,502 | ---- | C] ()
    h5krnl32.dll -> C:\WINDOWS\System32\h5krnl32.dll -> [2006/06/05 00:01:16 | 01,064,960 | ---- | C] ()
    h5icon32.dll -> C:\WINDOWS\System32\h5icon32.dll -> [2006/06/05 00:01:16 | 00,188,928 | ---- | C] ()
    h5menu32.dll -> C:\WINDOWS\System32\h5menu32.dll -> [2006/06/05 00:01:16 | 00,175,616 | ---- | C] ()
    h5rtf32.dll -> C:\WINDOWS\System32\h5rtf32.dll -> [2006/06/05 00:01:16 | 00,095,744 | ---- | C] ()
    h5tool32.dll -> C:\WINDOWS\System32\h5tool32.dll -> [2006/06/05 00:01:16 | 00,051,200 | ---- | C] ()
    vtssm32.dll -> C:\WINDOWS\System32\vtssm32.dll -> [2006/06/05 00:01:13 | 00,015,872 | ---- | C] ()
    fxsperf.ini -> C:\WINDOWS\System32\fxsperf.ini -> [2006/05/31 16:04:34 | 00,001,793 | ---- | C] ()
    vpc32.INI -> C:\WINDOWS\vpc32.INI -> [2006/05/31 15:07:25 | 00,000,000 | ---- | C] ()
    smscfg.ini -> C:\WINDOWS\smscfg.ini -> [2006/05/24 08:54:56 | 00,000,061 | ---- | C] ()
    TPPWRIF.SYS -> C:\WINDOWS\System32\drivers\TPPWRIF.SYS -> [2006/05/24 08:54:00 | 00,004,442 | ---- | C] ()
    IBMBLDID.sys -> C:\WINDOWS\System32\drivers\IBMBLDID.sys -> [2006/05/24 08:53:32 | 00,006,016 | ---- | C] ()
    wininit.ini -> C:\WINDOWS\wininit.ini -> [2006/05/24 08:47:26 | 00,000,418 | ---- | C] ()
    IVIresizeW7.dll -> C:\WINDOWS\System32\IVIresizeW7.dll -> [2006/05/24 08:41:02 | 00,204,800 | ---- | C] ()
    IVIresizeA6.dll -> C:\WINDOWS\System32\IVIresizeA6.dll -> [2006/05/24 08:41:02 | 00,200,704 | ---- | C] ()
    IVIresizeP6.dll -> C:\WINDOWS\System32\IVIresizeP6.dll -> [2006/05/24 08:41:02 | 00,192,512 | ---- | C] ()
    IVIresizeM6.dll -> C:\WINDOWS\System32\IVIresizeM6.dll -> [2006/05/24 08:41:02 | 00,192,512 | ---- | C] ()
    IVIresizePX.dll -> C:\WINDOWS\System32\IVIresizePX.dll -> [2006/05/24 08:41:02 | 00,188,416 | ---- | C] ()
    IVIresize.dll -> C:\WINDOWS\System32\IVIresize.dll -> [2006/05/24 08:41:02 | 00,020,480 | ---- | C] ()
    TSMAPIP.SYS -> C:\WINDOWS\System32\drivers\TSMAPIP.SYS -> [2006/05/24 08:30:46 | 00,007,168 | ---- | C] ()
    FPCALL.dll -> C:\WINDOWS\System32\FPCALL.dll -> [2006/05/24 08:30:23 | 00,045,056 | ---- | C] ()
    TDSMAPI.SYS -> C:\WINDOWS\System32\drivers\TDSMAPI.SYS -> [2006/05/24 08:27:17 | 00,009,340 | ---- | C] ()
    OEMINFO.INI -> C:\WINDOWS\System32\OEMINFO.INI -> [2006/05/24 08:16:12 | 00,002,481 | ---- | C] ()
    GlobalSerif.CompositeFont -> C:\WINDOWS\Fonts\GlobalSerif.CompositeFont -> [2006/04/19 19:21:28 | 00,029,779 | ---- | C] ()
    GlobalMonospace.CompositeFont -> C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont -> [2006/04/19 19:21:28 | 00,026,040 | ---- | C] ()
    IPSCtrl.INI -> C:\WINDOWS\System32\IPSCtrl.INI -> [2005/12/01 03:09:00 | 00,000,487 | ---- | C] ()
    px.ini -> C:\WINDOWS\System32\px.ini -> [2005/09/02 15:02:20 | 00,000,000 | ---- | C] ()
    DEVMAN.DLL -> C:\WINDOWS\System32\DEVMAN.DLL -> [2005/06/21 20:46:52 | 00,049,152 | ---- | C] ()
    PcdrKernelModeServices.dll -> C:\WINDOWS\System32\PcdrKernelModeServices.dll -> [2005/05/04 16:32:42 | 00,090,112 | ---- | C] ()
    ProgressTrace.dll -> C:\WINDOWS\System32\ProgressTrace.dll -> [2005/05/04 16:32:42 | 00,065,536 | ---- | C] ()
    orun32.ini -> C:\WINDOWS\orun32.ini -> [2004/08/09 13:03:43 | 00,000,882 | ---- | C] ()
    JAWTAccessBridge.dll -> C:\WINDOWS\System32\JAWTAccessBridge.dll -> [2003/04/10 18:04:00 | 00,028,672 | ---- | C] ()
    hpotscl.dll -> C:\WINDOWS\System32\hpotscl.dll -> [2003/03/08 23:31:04 | 00,561,152 | ---- | C] ()
    LEXSTAT.INI -> C:\WINDOWS\LEXSTAT.INI -> [2002/09/18 17:40:16 | 00,000,643 | ---- | C] ()
    lxboBCE.DLL -> C:\WINDOWS\System32\lxboBCE.DLL -> [2002/09/18 17:13:14 | 00,102,400 | ---- | C] ()
    lxboICO.DLL -> C:\WINDOWS\System32\lxboICO.DLL -> [2002/09/18 17:13:12 | 00,032,768 | ---- | C] ()
    lxbo2kui.dll -> C:\WINDOWS\System32\lxbo2kui.dll -> [2002/06/11 06:34:09 | 00,007,680 | ---- | C] ()
    lxbo2kpm.dll -> C:\WINDOWS\System32\lxbo2kpm.dll -> [2002/06/11 06:33:54 | 00,015,360 | ---- | C] ()
    X84-X85_DS.ini -> C:\WINDOWS\X84-X85_DS.ini -> [2002/06/07 10:59:15 | 00,000,194 | ---- | C] ()
    msvdm.dll -> C:\WINDOWS\System32\msvdm.dll -> [2002/03/19 16:30:00 | 00,141,824 | ---- | C] ()
    REGOBJ.DLL -> C:\WINDOWS\System32\REGOBJ.DLL -> [2002/01/18 00:33:42 | 00,040,448 | ---- | C] ()
    Lexmark_ICM.ini -> C:\WINDOWS\Lexmark_ICM.ini -> [2001/08/24 17:17:59 | 00,001,369 | ---- | C] ()
    hptcpmon.ini -> C:\WINDOWS\System32\hptcpmon.ini -> [2001/07/06 12:00:00 | 00,003,399 | ---- | C] ()
    LFKODAK.DLL -> C:\WINDOWS\System32\LFKODAK.DLL -> [2000/10/24 07:08:36 | 00,118,784 | ---- | C] ()
    lffpx7.dll -> C:\WINDOWS\System32\lffpx7.dll -> [2000/10/24 07:08:33 | 00,338,944 | ---- | C] ()
    MSRTEDIT.DLL -> C:\WINDOWS\System32\MSRTEDIT.DLL -> [1999/01/22 13:46:56 | 00,065,536 | ---- | C] ()
    SynTPCoI.dll -> C:\WINDOWS\System32\SynTPCoI.dll -> [1980/01/01 02:00:00 | 00,077,824 | ---- | C] ()
    tpinspm.dll -> C:\WINDOWS\System32\tpinspm.dll -> [1980/01/01 02:00:00 | 00,049,152 | ---- | C] ()
    notifyf2.dll -> C:\WINDOWS\System32\notifyf2.dll -> [1980/01/01 02:00:00 | 00,028,672 | ---- | C] ()
    tphklock.dll -> C:\WINDOWS\System32\tphklock.dll -> [1980/01/01 02:00:00 | 00,024,576 | ---- | C] ()
    < End of report >
    [/code]

  5. #15
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default OTS Scan report - Attached

    Hello peku006,
    The OTS scan report is attached in .Zip format for your consideration.
    Thanks & regards,
    anand_am01

  6. #16
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    all logs are ok ,How's the computer running now? Any problems?

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #17
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default Thanks for the guidance

    Hello peku006,
    Thank you for your guidance.
    The computer 'seems' to be alright, except that I've noticed that it is extraordinarily slow on the start up ...
    Any thoughts?
    Thanks & regards,
    Anand Murthy

  8. #18
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    System Still Slow?
    You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
    If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

    post back if it helped.

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #19
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Due to a lack of response, this topic is now closed

    If you still require help, please open a new thread in the Malware Removal forum, include a
    fresh HijackThis log, and wait for a new helper.

    Your donation helps improving Spybot-S&D!
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •