Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: SCPROT4.EXE Malware Trojan/ Worm infection

  1. #1
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Unhappy SCPROT4.EXE Malware Trojan/ Worm infection

    Hello Experts,
    Following your instructions, I have created a backup with ERUNT and the HJT log is enclosed.
    Await further instructions, and thank you for your time & consideration.
    Sincerely,
    Anand Murthy

    =================================================
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 11:43:48 PM, on 03/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\WINDOWS\system32\IPSSVC.EXE
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\AVG\AVG8\avgtray.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\CardScan\CardScan\CardScanAgent.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Microsoft Office\Office\WINWORD.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\PROGRA~1\Intuit\QUICKB~1\QBDBMgr.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclIrSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
    C:\Program Files\Microsoft Office\Office\1033\msohelp.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
    O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\RunOnce: [OEMSAVHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec AntiVirus\"
    O4 - HKLM\..\RunOnce: [OEMCommonHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Common Files\Symantec Shared\OEM\"
    O4 - HKLM\..\RunOnce: [OEMSCFHomeDirectory] cmd.exe /c rmdir "C:\Program Files\Symantec Client Security\Symantec Client Firewall"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
    O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: *.sap.com
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/c...2008,0514,2338
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/t...2008,0514,2345
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/t...2008,0514,2340
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/t...2008,0701,2202
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1203342374438
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/t...ion=5,2,3790,0
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/termi...2008,0514,2341
    O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/Acti...age_Player.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/dim2/def...ploader_v6.cab
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/t...2008,0605,2205
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/...2008,0514,2348
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O20 - Winlogon Notify: winqxl32 - winqxl32.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 19966 bytes

  2. #2
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hello and to Safer Networking

    My name is peku006 and I will be helping you to remove any infection(s) that you may have.
    I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

    Please observe these rules while we work:

    • If you don't know or understand something please don't hesitate to ask
    • Please DO NOT run any other tools or scans whilst I am helping you.
    • It is important that you reply to this thread. Do not start a new topic.
    • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
    • Absence of symptoms does not mean that everything is clear.


    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
    This tool is not a toy and not for everyday use.
    ComboFix SHOULD NOT be used unless requested by a forum helper


    http://www.bleepingcomputer.com/comb...o-use-combofix

    Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    If you need help to disable your protection programs see here.

    When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  3. #3
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default Combofix Log

    Hi peku006!
    Thank you for picking up the case.
    Here is the log from combofix as directed.
    Sincerely,
    Anand Murthy

    =======================================

    ComboFix 10-01-04.01 - Anand 10/01/2010 0:44.3.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.246 [GMT -5:00]
    Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\kmd.exe
    c:\windows\Downloaded Program Files\poPCaploader.dll
    c:\windows\Downloaded Program Files\popcaploader.inf
    c:\windows\unins000.dat
    c:\windows\unins000.exe

    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PASSWORD


    ((((((((((((((((((((((((( Files Created from 2009-12-10 to 2010-01-10 )))))))))))))))))))))))))))))))
    .

    2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
    2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
    2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
    2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
    2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
    2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
    2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
    2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
    2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
    2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
    2010-01-04 04:22 . 2010-01-10 06:00 -------- dc----w- c:\windows\Internet Logs
    2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
    2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
    2009-12-25 04:22 . 2009-12-25 04:22 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5
    2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
    2010-01-10 04:57 . 2010-01-04 05:31 46188061 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
    2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
    2010-01-05 19:21 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
    2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
    2010-01-04 06:16 . 2010-01-04 06:16 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
    2010-01-04 06:07 . 2010-01-04 06:07 152576 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-01-04 06:06 . 2010-01-04 06:06 79488 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
    2010-01-03 21:07 . 2010-01-03 21:07 388096 -c--a-r- c:\documents and settings\Anand\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
    2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
    2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
    2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
    2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-01-03 07:25 . 2009-11-24 12:18 4639 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
    2010-01-03 07:24 . 2010-01-03 07:33 816456 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch2.exe
    2010-01-03 07:24 . 2010-01-03 07:33 75280 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch.exe
    2010-01-03 07:22 . 2010-01-03 07:33 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcr71.dll
    2010-01-03 07:22 . 2010-01-03 07:33 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcp71.dll
    2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
    2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
    2009-12-22 14:33 . 2009-12-12 14:42 2066200 -c--a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
    2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
    2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
    2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
    2009-12-04 15:03 . 2009-12-04 15:03 251376 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
    2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
    2009-11-20 11:08 . 2010-01-04 06:40 38784 -c--a-w- c:\documents and settings\Anand\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2009-11-19 16:48 . 2009-12-01 21:56 872960 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-11-19 16:48 . 2009-12-01 21:56 43008 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-11-19 16:48 . 2009-12-01 21:56 340480 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-11-19 16:48 . 2009-12-01 21:56 346624 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
    2009-11-16 13:04 . 2009-11-11 22:32 -------- dc----w- c:\documents and settings\All Users\Application Data\RingCentral
    2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-11 22:36 . 2009-11-11 22:32 -------- dc----w- c:\program files\RingCentral
    2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
    2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
    2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
    "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-26 282624]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "configmsi"="rmdir" [X]
    "supportdir"="rmdir" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
    backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
    backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
    backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
    backup=c:\windows\pss\Juice.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
    backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    c:\program files\SecCenter\scprot4.e [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
    2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
    2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=2 (0x2)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=3 (0x3)
    "SQLSERVERAGENT"=3 (0x3)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQLSERVER"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FileZilla Server"=3 (0x3)
    "DefWatch"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Simply Accounting Database Connection Manager"=3 (0x3)
    "wuauserv"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate1c942bc34c5debc"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
    "HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
    "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
    "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\CallWave\\IAM.exe"=
    "c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
    R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
    S3 HLIXMZGQPRS;HLIXMZGQPRS;c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe --> c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe [?]
    S3 IZE;IZE;c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe --> c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe [?]
    S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
    S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
    S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-10 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

    2010-01-10 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = proxy.toronto.ca:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    Trusted Zone: live.com\login
    Trusted Zone: sap.com
    DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
    FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
    FF - prefs.js: network.proxy.http - 192.168.0.2
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
    BHO-{29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
    BHO-{C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
    Notify-ACNotify - ACNotify.dll
    Notify-NavLogon - (no file)
    Notify-winqxl32 - winqxl32.dll
    MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    AddRemove-Spybot - Search & Destroy_is1 - c:\windows\unins000.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-10 01:01
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    c:\windows\system32\wuauclt.exe.wusetup.378546.bak 51224 bytes executable
    c:\windows\system32\wuaueng.dll.wusetup.392765.bak 1809944 bytes executable

    scan completed successfully
    hidden files: 2

    **************************************************************************
    "ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1400)
    c:\program files\ThinkPad\ConnectUtilities\ACNotify.dll
    c:\program files\ThinkPad\ConnectUtilities\AcSvcStub.dll
    c:\program files\ThinkPad\ConnectUtilities\AcLocSettings.dll
    c:\program files\ThinkPad\ConnectUtilities\ACHelper.dll
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\windows\system32\tphklock.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'lsass.exe'(1456)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(7292)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
    c:\windows\system32\PROCHLP.DLL
    c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
    c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
    c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
    c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Intel\Wireless\Bin\EvtEng.exe
    c:\program files\Intel\Wireless\Bin\S24EvMon.exe
    c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    c:\windows\system32\IPSSVC.EXE
    c:\program files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\progra~1\AVG\AVG8\avgrsx.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\progra~1\AVG\AVG8\avgnsx.exe
    c:\program files\lenovo\system update\suservice.exe
    c:\windows\System32\TPHDEXLG.EXE
    c:\program files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    c:\program files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    c:\program files\Common Files\Lenovo\Scheduler\tvtsched.exe
    c:\windows\wanmpsvc.exe
    c:\windows\system32\SearchIndexer.exe
    c:\program files\ThinkPad\ConnectUtilities\AcSvc.exe
    c:\windows\system32\fxssvc.exe
    c:\program files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    c:\program files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    c:\program files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    c:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    c:\program files\ThinkPad\UltraNav Wizard\UNavTray.EXE
    c:\windows\system32\igfxsrvc.exe
    c:\progra~1\Intel\Wireless\Bin\1XConfig.exe
    c:\program files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    c:\windows\system32\rundll32.exe
    .
    **************************************************************************
    .
    Completion time: 2010-01-10 01:12:29 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-01-10 06:12
    ComboFix2.txt 2008-02-18 05:30

    Pre-Run: 7,934,054,400 bytes free
    Post-Run: 7,841,267,712 bytes free

    - - End Of File - - AB3ED4C40F8DB6CE9F3ADCE53BE7365C

  4. #4
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    1 - Download and Run Malwarebytes' Anti-Malware

    Please save any items you were working on... close any open programs. You may be asked to reboot your machine.
    Please download Malwarebytes Anti-Malware and save it to your desktop. If needed...Tutorial w/screenshots
    Alternate download sites available here or here.
    1. Make sure you are connected to the Internet.
    2. Double-click on mbam-setup.exe to install the application.
    3. When the installation begins, follow the prompts and do not make any changes to default settings.
    4. When installation has finished, make sure you leave both of these checked:
      • Update Malwarebytes' Anti-Malware
      • Launch Malwarebytes' Anti-Malware
      • Then click Finish.
      MBAM will automatically start and you will be asked to update the program before performing a scan.
      • If an update is found, the program will automatically update itself.
      • Press the OK button to close that box and continue.
      • Problems downloading the updates? Manually download them from here and double-click on "mbam-rules.exe" to install.

    On the Scanner tab:
    1. Make sure the "Perform full scan" option is selected.
    2. Then click on the Scan button.
    3. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
    4. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
    5. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    6. Click OK to close the message box and continue with the removal process.

    Back at the main Scanner screen:
    1. Click on the Show Results button to see a list of any malware that was found.
    2. Check all items except items in the C:\System Volume Information folder... then click on Remove Selected.
      We will take care of the System Volume Information items later.
    3. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
    4. The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
      The log can also be found here:
      C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    5. Copy and paste the contents of that report in your next reply and exit MBAM.


    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
    Click OK to either and let MBAM proceed with the disinfection process.
    If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


    2 - Status Check
    Please reply with

    1. the Malwarebytes' Anti-Malware Log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  5. #5
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default MBAM Log 2010-01-12

    Hi Peku006,
    Thank you for the instructions.
    Here is the MBAM Log.
    Thanks & regards,
    Anand Murthy

    ==================================
    Malwarebytes' Anti-Malware 1.44
    Database version: 3545
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/01/2010 6:22:26 AM
    mbam-log-2010-01-12 (06-22-26).txt

    Scan type: Full Scan (C:\|D:\|E:\|R:\|)
    Objects scanned: 323896
    Time elapsed: 2 hour(s), 41 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 4

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winqxl32 (Trojan.Dialer) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Qoobox\Quarantine\C\WINDOWS\Downloaded Program Files\popcaploader.dll.vir (Adware.PopCap) -> Quarantined and deleted successfully.
    C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0027291.sys (Malware.Trace) -> Not selected for removal.
    C:\System Volume Information\_restore{5D527826-05BD-4A83-8416-28ACDDA14001}\RP257\A0027433.sys (Malware.Trace) -> Not selected for removal.
    C:\WINDOWS\system32\ (Trojan.Dialer) -> Quarantined and deleted successfully.

  6. #6
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    1 - Clean temp files

    • Please download TFC to your desktop
    • Save any unsaved work. TFC will close all open application windows.
    • Double-click TFC.exe to run the program.
    • If prompted, click Yes to reboot.


    NOTE: Save your work.TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

    2 - Eset online scannner

    You can use either Internet Explorer or Mozilla FireFox for this scan.

    Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

    • Please go here then click on:
    • Select the option YES, I accept the Terms of Use then click on:
    • When prompted allow the Add-On/Active X to install.
    • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:

      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Now click on:
    • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
    • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
    • Now click on:
    • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
    • Copy and paste that log as a reply to this topic.


    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with

    1. the Eset online scannner report
    2. a fresh HijackThis log

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  7. #7
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default ESET Report + HJT Log

    Hi peku006,
    Thanks for the instructions.
    Here are the items requested on status check
    Thanks & regards,
    /Anand Murthy

    =====================
    ESET

    ESET Log
    ESETSmartInstaller@High as CAB hook log:
    OnlineScanner.ocx - registred OK
    # version=7
    # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
    # OnlineScanner.ocx=1.0.0.6211
    # api_version=3.0.2
    # EOSSerial=767877f625a19848bf3321c6a1b6d3f5
    # end=finished
    # remove_checked=false
    # archives_checked=true
    # unwanted_checked=true
    # unsafe_checked=true
    # antistealth_checked=true
    # utc_time=2010-01-15 12:31:11
    # local_time=2010-01-15 07:31:11 (-0500, Eastern Standard Time)
    # country="United States"
    # lang=1033
    # osver=5.1.2600 NT Service Pack 3
    # compatibility_mode=512 16777215 100 0 0 0 0 0
    # compatibility_mode=1024 16777175 100 0 36913954 36913954 0 0
    # compatibility_mode=8192 67108863 100 0 0 0 0 0
    # compatibility_mode=9217 16777214 75 70 19999 4513273 0 0
    # scanned=209330
    # found=4
    # cleaned=0
    # scan_time=41210
    C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip probably unknown NewHeur_PE virus 00000000000000000000000000000000 I
    C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe Win32/PrcView application 00000000000000000000000000000000 I
    C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\AM_H01 - Inbox.dbx Win32/VB.NEI worm 00000000000000000000000000000000 I
    C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\SME_H00 - OldInbox.dbx Win32/VB.NEI worm 00000000000000000000000000000000 I


    ESET - List of infections found

    C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip probably unknown NewHeur_PE virus
    C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe Win32/PrcView application
    C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\AM_H01 - Inbox.dbx Win32/VB.NEI worm
    C:\Documents and Settings\Anand\Local Settings\Application Data\Identities\{E49DBF85-48DC-42AF-8F45-2F48C0FEA9DE}\Microsoft\Outlook Express\SME_H00 - OldInbox.dbx Win32/VB.NEI worm



    =====================
    HJT Log

    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 7:48:39 AM, on 15/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
    C:\WINDOWS\system32\mmc.exe
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
    O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
    O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
    O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: *.sap.com
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/c...2008,0514,2338
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/t...2008,0514,2345
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/t...2008,0514,2340
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/t...2008,0701,2202
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1203342374438
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/t...ion=5,2,3790,0
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/termi...2008,0514,2341
    O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/Acti...age_Player.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/t...2008,0605,2205
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/...2008,0514,2348
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - Invalid registry found
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 19740 bytes

  8. #8
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy

    Please delete these files :
    C:\Documents and Settings\Anand\Desktop\Downloads\PGv194_Tutorial_Programme.zip
    C:\Documents and Settings\Anand\Desktop\Thumb Drive\VirtumundoBeGone.exe

    You have some items in your Microsoft\Outlook Express that are infected.
    Clear all your saved emails, and any other emails you may have read but haven't deleted.''' especially any with attachments.

    Please re-run ComboFix

    Please reply with

    the ComboFix log(C:\ComboFix.txt)

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

  9. #9
    Junior Member
    Join Date
    Jan 2010
    Posts
    10

    Default Combofix Log + HJT Log

    Hi peku006,
    Thanks for your prompt response.
    I have done as instructed.
    The log files are encl.

    Just out of curiosity, I wanted your opinion on something that I noticed in the HJT log & was wondering what your experience was ...
    O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)

    ========================
    Here's the full HJT log (combofix log follows below)
    Logfile of Trend Micro HijackThis v2.0.3 (BETA)
    Scan saved at 12:18:37 PM, on 15/01/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
    C:\Program Files\Google\Update\GoogleUpdate.exe
    C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\PROGRA~1\AVG\AVG8\avgrsx.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    c:\program files\lenovo\system update\suservice.exe
    C:\WINDOWS\System32\TPHDEXLG.EXE
    C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\system32\SearchIndexer.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\Program Files\ThinkPad\ConnectUtilities\AcMurocHlpr.exe
    C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe
    C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\WINDOWS\system32\taskswitch.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe
    C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\IBM ThinkVantage\Client Security Solution\pwmgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox 3.6 Beta 5\firefox.exe
    C:\Program Files\Microsoft Office\Office\EXCEL.EXE
    C:\Program Files\AVG\AVG8\avgcsrvx.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
    C:\Program Files\Diskeeper Corporation\Diskeeper\DfrgNTFS.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\AVG\AVG8\avgtray.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Windows Live\Mail\wlmail.exe
    C:\PROGRA~1\AVG\AVG8\avgnsx.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.toronto.ca:8080
    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
    O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
    O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
    O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
    O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [cssauth] "C:\Program Files\IBM ThinkVantage\Client Security Solution\cssauth.exe" silent
    O4 - HKLM\..\Run: [PDService.exe] "C:\Program Files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe"
    O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\ThinkVantage Fingerprint Software\launcher.exe" /startup
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
    O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
    O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.e
    O4 - HKCU\..\Run: [RCUI] "C:\Program Files\RingCentral\RingCentral Call Controller\RCUI.exe"
    O4 - HKCU\..\Run: [RCHotKey] "C:\Program Files\RingCentral\RingCentral Call Controller\RCHotKey.exe"
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [supportdir] cmd /c "rmdir /q /s "C:\WINDOWS\TEMP\{BF90215F-2D7B-4C84-8A24-A03BC41B95DD}"" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [configmsi] cmd /c "rmdir /q C:\config.msi" (User 'Default user')
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
    O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\Hewlett-Packard\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [JAVA_IBM] Java (IBM)
    O15 - Trusted Zone: *.sap.com
    O16 - DPF: {2A0B9B82-D5C8-4D3D-8338-AD55B23662B1} (F5 Networks CacheCleaner) - https://connectphl05.sap.com/vdesk/c...2008,0514,2338
    O16 - DPF: {45B69029-F3AB-4204-92DE-D5140C3E8E74} (F5 Networks Auto Update) - https://connectphl05.sap.com/vdesk/t...2008,0514,2345
    O16 - DPF: {57C76689-F052-487B-A19F-855AFDDF28EE} (F5 Networks Policy Agent Host Class) - https://connectphl05.sap.com/vdesk/t...2008,0514,2340
    O16 - DPF: {6C275925-A1ED-4DD2-9CEE-9823F5FDAA10} (F5 Networks SSLTunnel) - https://connectphl05.sap.com/vdesk/t...2008,0701,2202
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1203342374438
    O16 - DPF: {74FFE28D-2378-11D5-990C-006094235084} (IBM Access Support) - http://www-307.ibm.com/pc/support/IbmEgath.cab
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
    O16 - DPF: {7584c670-2274-4efb-b00b-d6aaba6d3850} (Microsoft RDP Client Control (redist)) - https://connectphl05.sap.com/vdesk/t...ion=5,2,3790,0
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
    O16 - DPF: {CC85ACDF-B277-486F-8C70-2C9B2ED2A4E7} (F5 Networks SuperHost Class) - https://epass.toronto.ca/vdesk/termi...2008,0514,2341
    O16 - DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} (RingCentral Message Player Control) - https://service.ringcentral.com/Acti...age_Player.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) -
    O16 - DPF: {E0FF21FA-B857-45C5-8621-F120A0C17FF2} (F5 Networks Host Control) - https://connectphl05.sap.com/vdesk/t...2008,0605,2205
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O16 - DPF: {E615C9EA-AD69-4AE9-83C9-9D906A0ACA6D} (F5 Networks OS Policy Agent) - https://connectphl05.sap.com/policy/...2008,0514,2348
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ACNotify - Invalid registry found
    O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
    O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
    O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Desktop Manager 5.9.911.3589 (GoogleDesktopManager-110309-193829) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
    O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\WINDOWS\system32\IPSSVC.EXE
    O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
    O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe
    O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: System Update (SUService) - - c:\program files\lenovo\system update\suservice.exe
    O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.EXE
    O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe (file missing)
    O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
    O23 - Service: TVT Backup Service - Unknown owner - C:\Program Files\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
    O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

    --
    End of file - 19710 bytes

    ==========================
    Combofix log

    ComboFix 10-01-15.01 - Anand 15/01/2010 12:29:29.4.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.175 [GMT -5:00]
    Running from: c:\documents and settings\Anand\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .

    ((((((((((((((((((((((((( Files Created from 2009-12-15 to 2010-01-15 )))))))))))))))))))))))))))))))
    .

    2010-01-15 00:46 . 2010-01-15 00:46 -------- dc----w- c:\program files\ESET
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\Anand\Application Data\Malwarebytes
    2010-01-12 04:58 . 2010-01-07 21:07 38224 -c--a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-01-12 04:58 . 2010-01-12 04:58 -------- dc----w- c:\program files\Malwarebytes' Anti-Malware
    2010-01-12 04:58 . 2010-01-07 21:07 19160 -c--a-w- c:\windows\system32\drivers\mbam.sys
    2010-01-10 02:57 . 2010-01-10 02:58 -------- dc----w- c:\windows\system32\NtmsData
    2010-01-04 06:40 . 2009-11-20 11:08 38784 -c--a-w- c:\documents and settings\Anand\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
    2010-01-04 06:22 . 2010-01-04 06:22 -------- dc----w- c:\program files\Common Files\Adobe AIR
    2010-01-04 06:16 . 2010-01-04 06:16 86016 -c--a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
    2010-01-04 06:16 . 2010-01-04 06:13 411368 -c--a-w- c:\windows\system32\deploytk.dll
    2010-01-04 06:12 . 2010-01-05 18:51 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
    2010-01-04 06:12 . 2010-01-04 06:12 -------- dc----w- c:\program files\NOS
    2010-01-04 06:07 . 2010-01-04 06:07 152576 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
    2010-01-04 06:06 . 2010-01-04 06:06 79488 -c--a-w- c:\documents and settings\Anand\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\documents and settings\Anand\Application Data\CheckPoint
    2010-01-04 04:25 . 2010-01-04 04:25 -------- dc----w- c:\program files\CheckPoint
    2010-01-04 04:24 . 2010-01-04 04:24 4212 -c-ha-w- c:\windows\system32\zllictbl.dat
    2010-01-04 04:24 . 2009-11-22 20:42 103816 -c--a-w- c:\windows\system32\zlcommdb.dll
    2010-01-04 04:24 . 2009-11-22 20:42 69000 -c--a-w- c:\windows\system32\zlcomm.dll
    2010-01-04 04:23 . 2009-11-22 20:42 1238408 -c--a-w- c:\windows\system32\zpeng25.dll
    2010-01-04 04:23 . 2010-01-04 04:24 -------- dc----w- c:\windows\system32\ZoneLabs
    2010-01-04 04:23 . 2010-01-04 04:23 -------- dc----w- c:\program files\Zone Labs
    2010-01-04 04:22 . 2010-01-15 17:26 -------- dc----w- c:\windows\Internet Logs
    2010-01-03 21:07 . 2010-01-03 21:07 388096 -c--a-r- c:\documents and settings\Anand\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
    2010-01-03 21:07 . 2010-01-03 21:07 -------- dc----w- c:\program files\TrendMicro
    2010-01-03 20:02 . 2010-01-03 20:02 -------- dc----w- c:\program files\ERUNT
    2010-01-03 07:33 . 2010-01-03 07:24 816456 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch2.exe
    2010-01-03 07:33 . 2010-01-03 07:24 75280 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\qbpatch.exe
    2010-01-03 07:33 . 2010-01-03 07:22 348160 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcr71.dll
    2010-01-03 07:33 . 2010-01-03 07:22 499712 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\Components\DownloadQB18\Patch\msvcp71.dll
    2009-12-25 04:22 . 2010-01-11 14:08 -------- dc----w- c:\program files\Mozilla Firefox 3.6 Beta 5
    2009-12-17 18:32 . 2009-12-17 18:32 -------- dc----w- c:\program files\tools

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2098-06-17 14:00 . 2002-01-18 05:33 89360 -c--a-w- c:\windows\system32\VB5DB.DLL
    2010-01-15 12:44 . 2010-01-04 05:31 23169289 -c--a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-01-14 18:55 . 2009-08-05 02:54 -------- dc----w- c:\documents and settings\Anand\Application Data\HPAppData
    2010-01-12 11:53 . 2009-05-16 04:53 -------- dc----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-01-12 11:50 . 2009-05-16 05:03 -------- dc----w- c:\program files\Microsoft Works
    2010-01-11 10:54 . 2008-11-03 04:12 -------- dc----w- c:\documents and settings\All Users\Application Data\avg8
    2010-01-06 05:25 . 2007-05-15 22:57 -------- dc----w- c:\documents and settings\Anand\Application Data\Skype
    2010-01-06 02:37 . 2007-05-15 22:51 -------- dc----w- c:\program files\Common Files\Skype
    2010-01-04 06:30 . 2006-06-04 17:45 -------- dc----w- c:\program files\Common Files\Adobe
    2010-01-04 06:12 . 2006-06-20 22:46 -------- dc----w- c:\program files\Java
    2010-01-04 05:33 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec Client Security
    2010-01-03 20:14 . 2009-07-18 14:24 -------- dc----w- c:\program files\Juice
    2010-01-03 20:11 . 2009-06-17 15:46 -------- dc----w- c:\documents and settings\Anand\Application Data\uTorrent
    2010-01-03 19:33 . 2007-08-14 02:04 -------- dc----w- c:\documents and settings\Anand\Application Data\Move Networks
    2010-01-03 19:07 . 2009-08-14 00:20 -------- dc----w- c:\documents and settings\All Users\Application Data\Skyline
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Common Files\Symantec Shared
    2010-01-03 12:57 . 2006-05-24 13:44 -------- dc----w- c:\program files\Symantec
    2010-01-03 12:56 . 2006-05-24 13:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Symantec
    2010-01-03 07:50 . 2008-03-30 21:44 -------- dc----w- c:\documents and settings\All Users\Application Data\Intuit
    2010-01-03 07:25 . 2009-11-24 12:18 4639 -c--a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2009\qbbackup.sys
    2010-01-03 07:11 . 2007-12-01 21:12 -------- dc----w- c:\program files\Spybot - Search & Destroy
    2009-12-29 00:57 . 2009-06-23 14:31 -------- dc----w- c:\program files\Acro Software
    2009-12-22 14:33 . 2009-12-12 14:42 2066200 -c--a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
    2009-12-19 21:34 . 2006-06-21 06:15 -------- dc----w- c:\program files\Google
    2009-12-10 01:20 . 2009-12-09 23:03 -------- dc----w- c:\documents and settings\All Users\Application Data\CardScan
    2009-12-09 23:06 . 2009-12-09 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\ScanSoft
    2009-12-09 23:04 . 2009-12-09 23:04 -------- dc----w- c:\documents and settings\Anand\Application Data\CardScan
    2009-12-09 22:49 . 2009-12-09 22:48 -------- dc----w- c:\program files\CardScan
    2009-12-04 15:03 . 2009-12-04 15:03 251376 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
    2009-12-02 22:53 . 2009-02-05 02:48 -------- dc----w- c:\program files\MSECache
    2009-11-19 16:48 . 2009-12-01 21:56 872960 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    2009-11-19 16:48 . 2009-12-01 21:56 43008 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
    2009-11-19 16:48 . 2009-12-01 21:56 340480 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
    2009-11-19 16:48 . 2009-12-01 21:56 346624 -c--a-w- c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
    2009-11-19 12:47 . 2008-01-16 02:58 -------- dc----w- c:\program files\Microsoft Silverlight
    2009-11-12 15:06 . 2006-05-31 21:34 75592 -c--a-w- c:\documents and settings\Anand\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-11-11 13:27 . 2009-11-11 13:27 423168 -c--a-w- c:\windows\system32\RCMedia.dll
    2009-11-06 02:09 . 2009-11-06 02:09 60744 -c--a-w- c:\documents and settings\Anand\g2mdlhlpx.exe
    2009-12-02 23:43 . 2006-06-21 06:16 119808 -c--a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
    2007-09-21 22:58 . 2007-09-21 22:58 44360 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
    2007-09-21 22:58 . 2007-09-21 22:58 107928 -c--a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
    2007-06-21 08:38 . 2007-06-21 08:38 30280 -c--a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2007-06-21 08:38 . 2007-06-21 08:38 79432 -c--a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    2007-06-21 08:38 . 2007-06-21 08:38 71240 -c--a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2007-06-21 08:38 . 2007-06-21 08:38 140872 -c--a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2007-06-21 08:39 . 2007-06-21 08:39 38472 -c--a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2007-06-21 08:39 . 2007-06-21 08:39 46664 -c--a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2007-06-21 08:39 . 2007-06-21 08:39 34376 -c--a-w- c:\program files\mozilla firefox\plugins\logging.dll
    2007-06-21 08:39 . 2007-06-21 08:39 685640 -c--a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2007-06-21 08:40 . 2007-06-21 08:40 30280 -c--a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RCUI"="c:\program files\RingCentral\RingCentral Call Controller\RCUI.exe" [2009-05-04 479232]
    "RCHotKey"="c:\program files\RingCentral\RingCentral Call Controller\RCHotKey.exe" [2009-05-04 32768]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-08 68856]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-08-01 110592]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 512000]
    "EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2005-08-10 237568]
    "TPHOTKEY"="c:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
    "LPManager"="c:\progra~1\THINKV~2\PrdCtr\LPMGR.exe" [2006-01-25 106496]
    "dla"="c:\windows\system32\dla\tfswctrl.exe" [2005-05-19 127037]
    "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
    "cssauth"="c:\program files\IBM ThinkVantage\Client Security Solution\cssauth.exe" [2005-12-21 1996336]
    "PDService.exe"="c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\pdservice.exe" [2005-11-15 49152]
    "TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2005-10-29 864256]
    "PSQLLauncher"="c:\program files\ThinkVantage Fingerprint Software\launcher.exe" [2006-04-26 31232]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-02 30192]
    "TVT Scheduler Proxy"="c:\program files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2006-03-28 503808]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "CoolSwitch"="c:\windows\system32\taskswitch.exe" [2002-03-19 45632]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-12-12 2043160]
    "PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2002-09-18 36864]
    "ACWLIcon"="c:\program files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2006-04-17 98304]
    "ACTray"="c:\program files\ThinkPad\ConnectUtilities\ACTray.exe" [2006-04-17 409600]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]
    "ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-10-14 730480]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "configmsi"="rmdir" [X]
    "supportdir"="rmdir" [X]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
    Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-5-31 24576]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2009-08-26 14:00 11952 -c--a-w- c:\windows\system32\avgrsstx.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NavLogon]
    [BU]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2006-04-26 02:20 40448 ----a-w- c:\windows\system32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
    2005-07-06 06:45 28672 ----a-w- c:\windows\system32\notifyf2.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
    2005-12-01 03:16 24576 ----a-w- c:\windows\system32\tphklock.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 7.0 Tray Icon.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AOL 7.0 Tray Icon.lnk.disabled
    backup=c:\windows\pss\AOL 7.0 Tray Icon.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk.disabled
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 1000 series.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hp psc 1000 series.lnk.disabled
    backup=c:\windows\pss\hp psc 1000 series.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk.disabled
    backup=c:\windows\pss\hpoddt01.exe.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR ProSafe VPN Client.lnk.disabled]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR ProSafe VPN Client.lnk.disabled
    backup=c:\windows\pss\NETGEAR ProSafe VPN Client.lnk.disabledCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
    backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Service Manager.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
    backup=c:\windows\pss\Service Manager.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Juice.lnk]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Juice.lnk
    backup=c:\windows\pss\Juice.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Anand^Start Menu^Programs^Startup^Yuuguu.lnk.disabled]
    path=c:\documents and settings\Anand\Start Menu\Programs\Startup\Yuuguu.lnk.disabled
    backup=c:\windows\pss\Yuuguu.lnk.disabledStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    c:\program files\SecCenter\scprot4.e [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 17:08 935288 -c--a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
    2007-03-09 01:09 63712 -c--a-w- c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScanAgent]
    2008-02-15 00:34 152824 -c--a-w- c:\program files\CardScan\CardScan\CardScanAgent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager]
    2008-06-10 04:00 32768 -c--a-w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2009-07-01 02:49 133104 -c--atw- c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    2004-07-27 23:50 81920 -c----w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 20:44 3883856 -c--a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-01-04 06:13 149280 -c--a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2007-07-08 14:41 68856 -c--a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "WMPNetworkSvc"=2 (0x2)
    "SymSecurePort"=2 (0x2)
    "Symantec AntiVirus"=3 (0x3)
    "SQLSERVERAGENT"=3 (0x3)
    "SPBBCSvc"=3 (0x3)
    "SNDSrvc"=3 (0x3)
    "Remasoft Canada Inc.: Rema update permissions manager. 19151."=2 (0x2)
    "MSSQLServerADHelper"=3 (0x3)
    "MSSQLSERVER"=2 (0x2)
    "iPod Service"=3 (0x3)
    "FileZilla Server"=3 (0x3)
    "DefWatch"=2 (0x2)
    "ccSetMgr"=2 (0x2)
    "ccPwdSvc"=3 (0x3)
    "ccProxy"=2 (0x2)
    "ccEvtMgr"=2 (0x2)
    "Simply Accounting Database Connection Manager"=3 (0x3)
    "wuauserv"=2 (0x2)
    "Pml Driver HPZ12"=2 (0x2)
    "gusvc"=3 (0x3)
    "gupdate1c942bc34c5debc"=2 (0x2)
    "LVSrvLauncher"=2 (0x2)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe"
    "HP Software Update"=c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe"
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"=
    "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"=
    "c:\\Program Files\\SAP\\FrontEnd\\SAPgui\\saplogon.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
    "c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\Anand\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
    "c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpiscnapp.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqcopy2.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpofxs08.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
    "c:\\Program Files\\Hewlett-Packard\\Digital Imaging\\bin\\hpqgpc01.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Intuit\\QuickBooks 2009\\QBDBMgrN.exe"=
    "c:\\Program Files\\CallWave\\IAM.exe"=
    "c:\\Program Files\\RingCentral\\RingCentral Call Controller\\RCUI.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "67:UDP"= 67:UDP:DHCP Discovery Service

    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/02/2009 12:01 AM 335240]
    R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/02/2009 12:01 AM 108552]
    R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/02/2009 12:00 AM 297752]
    R2 Crypto;Crypto;c:\windows\system32\drivers\Crypto.sys [05/06/2006 12:38 PM 521786]
    R2 IPSECDRV;SafeNet IPSec Plugin;c:\windows\system32\drivers\IpSecDrv.sys [05/06/2006 12:38 PM 119864]
    R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [14/10/2009 8:30 AM 25208]
    R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [14/10/2009 8:30 AM 476528]
    R2 PrivateDisk;PrivateDisk;c:\program files\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [15/11/2005 1:11 PM 46142]
    R2 smi2;smi2;c:\program files\SMI2\smi2.sys [02/08/2005 7:47 PM 3968]
    R2 SmiHlp;SMI helper driver;c:\program files\ThinkVantage Fingerprint Software\smihlp.sys [25/04/2006 9:00 PM 3456]
    R3 DniVap;SafeNet WAN Miniport (VA);c:\windows\system32\drivers\vap.sys [05/06/2006 12:36 PM 36188]
    S0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys --> c:\windows\system32\drivers\ANCSQ.sys [?]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [21/06/2006 1:15 AM 30192]
    S3 HLIXMZGQPRS;HLIXMZGQPRS;c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe --> c:\docume~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe [?]
    S3 IZE;IZE;c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe --> c:\docume~1\Anand\LOCALS~1\Temp\IZE.exe [?]
    S4 gupdate1c942bc34c5debc;Google Update Service (gupdate1c942bc34c5debc);c:\program files\Google\Update\GoogleUpdate.exe [09/11/2008 5:40 PM 133104]
    S4 Remasoft Canada Inc.: Rema update permissions manager. 19151.;Remasoft Canada Inc.: Rema update permissions manager. 19151.;c:\program files\Rema\RemaUpd.exe -PermissionManagerRun --> c:\program files\Rema\RemaUpd.exe -PermissionManagerRun [?]
    S4 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [29/03/2008 10:36 PM 24576]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - SYSMONLOG

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2006-09-29 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8150069797.job
    - c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 06:52]

    2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-09 22:40]

    2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005Core.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2345978724-3825532129-4291118871-1005UA.job
    - c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-07-15 02:49]

    2010-01-15 c:\windows\Tasks\PMTask.job
    - c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2006-05-24 08:10]

    2010-01-15 c:\windows\Tasks\User_Feed_Synchronization-{CC6DF3AB-01C8-4ADD-88D3-1F788BBB9D72}.job
    - c:\windows\system32\msfeedssync.exe [2009-03-08 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uInternet Settings,ProxyServer = proxy.toronto.ca:8080
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Open in new background tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?cd20b42499654f789f343cf995bad7de
    IE: Open in new foreground tab - c:\program files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?cd20b42499654f789f343cf995bad7de
    Trusted Zone: live.com\login
    Trusted Zone: sap.com
    DPF: {CF25C291-E91C-11D3-873F-0000B4A2973D} - hxxps://service.ringcentral.com/ActiveX/RingCentral_Message_Player.cab
    FF - ProfilePath - c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?auth=DQAAAHIAAAAnlt7ZJUrz5d6QBslySlXPZD_vHklFz_18lmXFwrswvhnjdDOW5zZb93mkuMqxHqkXb_sl6mAiTnXddUrMgd5QOjZbVqimVruXqW-cLhByaGzoJsa8DkGQDY3sGXhVvJwzUPx0to_EEgHa7vgMVSsrdgbN-3JRmuuyqm6GO6PPng
    FF - component: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
    FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\Firefox\Profiles\p5pyhhaj.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
    FF - plugin: c:\documents and settings\Anand\Application Data\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\documents and settings\Anand\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\eMusic Download Manager\plugin\npemusic.dll
    FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox 3.6 Beta 5\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox 3.6 Beta 5\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
    BHO-{29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
    BHO-{C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-01-15 12:43
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    ? [46748]
    ? [46368]
    ? [45420]
    ? [46088]
    ? [46000]
    ? [48892]
    ? [20996]
    ? [42432]
    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    "ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Remasoft Canada Inc.: Rema update permissions manager. 19151.]
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1400)
    c:\windows\system32\psqlpwd.dll
    c:\program files\ThinkVantage Fingerprint Software\infra.dll
    c:\program files\ThinkVantage Fingerprint Software\homefus2.dll
    c:\windows\system32\biologon.dll
    c:\program files\ThinkVantage Fingerprint Software\homepass.dll
    c:\program files\ThinkVantage Fingerprint Software\bio.dll
    c:\program files\ThinkVantage Fingerprint Software\remote.dll
    c:\program files\ThinkVantage Fingerprint Software\ps2css.dll
    c:\windows\system32\tphklock.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\program files\ThinkVantage Fingerprint Software\crypto.dll

    - - - - - - - > 'lsass.exe'(1456)
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

    - - - - - - - > 'explorer.exe'(107968)
    c:\windows\system32\WININET.dll
    c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
    c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\MSVCR80.dll
    c:\program files\RingCentral\RingCentral Call Controller\RCHotKeyHook.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-01-15 12:51:31
    ComboFix-quarantined-files.txt 2010-01-15 17:51
    ComboFix2.txt 2010-01-10 06:12
    ComboFix3.txt 2008-02-18 05:30

    Pre-Run: 6,887,653,376 bytes free
    Post-Run: 6,859,452,416 bytes free

    - - End Of File - - 481C937BDADF4B3D288676BBD54C8D51


    =====================

    Thanks & regards,
    /anand_am01

  10. #10
    Emeritus- Security Expert peku006's Avatar
    Join Date
    Feb 2007
    Location
    Norway
    Posts
    3,103

    Default

    Hi Anand Murthy
    Just out of curiosity, I wanted your opinion on something that I noticed in the HJT log & was wondering what your experience was ...
    O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
    it is an "empty registry entry",we have removed the file

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]

    1 - Remove bad HijackThis entries
    • Run HijackThis
    • Click on the Scan button
    • Put a check beside all of the items listed below (if present):

      • O2 - BHO: (no name) - {1ECE7AC5-2091-419D-BD0F-FCDB92EEBA9B} - (no file)
        O2 - BHO: (no name) - {29A92273-C690-41FF-92AB-468EF44B16B4} - (no file)
        O2 - BHO: (no name) - {30BAA4DF-E0AB-4AFD-B6D8-FFAA032D0468} - (no file)
        O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
        O2 - BHO: (no name) - {62780D18-D103-03D3-323A-01F43008B839} - (no file)
        O2 - BHO: (no name) - {C1AC8C15-62FC-1F2B-8B2E-48E679F00E91} - (no file)
        O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
        O4 - HKLM\..\Run: [SC2] C:\Program Files\SecCenter\scprot4.exe
        O23 - Service: HLIXMZGQPRS - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\HLIXMZGQPRS.exe (file missing)
        O23 - Service: IZE - Unknown owner - C:\DOCUME~1\Anand\LOCALS~1\Temp\IZE.exe (file missing)

    • Close all open windows and browsers/email, etc...
    • Click on the "Fix Checked" button
    • When completed, close the application.


    2 - Run CFScript

    Open Notepad and copy/paste the text in the box into the window:

    Code:
    Folder::
    c:\program files\SecCenter
    
    Driver::
    HLIXMZGQPRS
    IZE
    
    Registry::
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SC2]
    • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.


    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
    • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
    • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

    CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

    3 - Run Hijackthis
    Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad

    4 - Status Check
    Please reply with


    1. the ComboFix log(C:\ComboFix.txt)
    2. a fresh HijackThis log
    description of any problems you are having with your PC

    Thanks peku006
    I don't help with logs thru PM. If you have problems create a thread in the forum, please.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •