Spybot 1.6.2 will not run to completion, crashes. DDS.txt File

[plug_it_in]

Sorry about the confusion Im new to this forum .

Here is my DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete Rawlings at 11:51:41.64 on 14/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1402 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Notes\nsd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\vptray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\myiHome\app\myiHome-server.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\AT&T Network Client\NetMsg.exe
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Notes\swiftsrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
F:\$Downloads\Windows\SysinternalsSuite\procexp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\lmnvnp.exe
F:\$Downloads\Recovery\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\\vptray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [UltraNav Keyboard] c:\program files\lenovo\ultranav keyboard\SkdUNav.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageechoenterpriseserver\TrueImageMonitor.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISSI Service] "c:\sdwork\issimsvc.exe"
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [IBM Lotus EasySync Pro] "c:\program files\lotus\easysync pro\SyncLauncher.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageechoenterpriseserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - c:\program files\myihome\app\myiHome-server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\start3~1.lnk - c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxware\3dxsrv.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {CAD550CF-E36D-4DF5-A998-908611C8D4A9} = 9.64.162.21,9.64.163.21
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
Notify: atmgrtok - atmgrtok.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-13 28552]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-16 10384]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\at&t network client\NetClientSvc.exe [2009-10-7 263520]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-13 94208]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-6 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-6 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-2-6 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-13 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2010-2-8 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-7-13 81280]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\naveng.sys [2010-9-13 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\navex15.sys [2010-9-13 1362608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [2007-11-2 40960]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpsvc.exe --> c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpSvc.exe [?]
S2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [2007-11-2 70656]
S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-27 30192]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2009-10-23 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eeye digital security\retina 5\scanner\ret55.sys --> c:\program files\eeye digital security\retina 5\scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\admini~1\locals~1\temp\rrmon.sys --> c:\docume~1\admini~1\locals~1\temp\rrmon.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-7 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-6 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe [?]
S4 csrcmds;csrcmds;c:\program files\ibm\personal communications\csrcmds.exe [2007-11-2 49152]
S4 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [2007-11-2 36864]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-2-21 583640]
S4 WindowsScheduler;System Scheduler Service;c:\progra~1\system~1\WService.exe [2009-9-16 13312]
S4 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\system~1\WSLogon.exe [2009-9-16 52224]

============== File Associations ===============

.scr=AutoCADScriptFile
.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-09-14 10:29:56 24064 ----a-w- c:\documents and settings\administrator\Ian Paterson 100914 Workload DB Import.XLS
2010-09-14 08:45:36 0 d-----w- c:\program files\Sophos
2010-09-14 08:21:06 0 d-----w- c:\docume~1\admini~1\applic~1\smkits
2010-09-14 00:13:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09:23 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:09:23 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09:23 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:48:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-12 23:47:40 0 d-----w- c:\program files\Panda Security
2010-09-12 01:31:16 0 d-----w- c:\program files\mSoftware
2010-09-12 01:09:51 0 d-----w- c:\program files\Aspecto Software
2010-09-11 19:21:43 0 d-----w- C:\TTN7
2010-09-11 13:14:33 0 d-----w- c:\program files\SDA
2010-09-10 14:38:46 0 d-----w- c:\program files\Lotus
2010-09-10 14:38:46 0 d-----w- c:\program files\common files\XCPCSync.OEM
2010-09-10 13:38:32 0 d--h--w- c:\documents and settings\administrator\InstallAnywhere
2010-09-09 21:42:18 361 ----a-w- C:\RapiConfigOut.xml
2010-09-09 21:21:33 0 d-----w- c:\program files\NetDragon
2010-09-08 23:35:41 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 23:23:17 282624 ----a-w- c:\windows\system32\acomte445.ocx
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29:28 0 d-----w- c:\docume~1\alluse~1\applic~1\AGNS
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.001
2010-09-08 15:38:05 36836 ----a-w- c:\windows\system32\nvwsapps.nvb
2010-09-08 15:21:13 190706 ----a-w- c:\windows\system32\nvapps.xml
2010-09-08 15:21:13 110415 ----a-w- c:\windows\system32\nvwsapps.xml
2010-09-08 15:20:56 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20:56 18725 ----a-w- c:\windows\system32\nvdisp.nvu
2010-09-08 15:20:56 0 d-----w- c:\windows\nview
2010-09-08 15:20:55 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49:20 0 d-----w- C:\ET_ROOT
2010-09-08 11:33:46 0 d-----w- c:\docume~1\admini~1\applic~1\Realtime Soft
2010-09-08 11:33:40 0 d-----w- c:\program files\common files\Realtime Soft
2010-09-08 11:33:39 0 d-----w- c:\program files\UltraMon
2010-09-08 11:33:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-09-07 13:35:03 0 d-----w- c:\docume~1\admini~1\applic~1\Sierra Wireless
2010-09-07 10:41:46 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09:26 0 d-----w- c:\program files\JRE
2010-09-06 17:38:30 1721 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2010-09-06 13:50:34 24064 ----a-w- c:\documents and settings\administrator\EMEA Workload DB Import.XLS
2010-09-04 21:18:21 0 d-----w- c:\docume~1\admini~1\applic~1\Nokia Ovi Suite
2010-09-04 20:52:38 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52:30 0 d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache
2010-09-04 14:53:03 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51:53 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51:53 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-09-02 15:13:49 2840 ----a-w- c:\documents and settings\administrator\pseudovalindbmt.xls
2010-09-02 11:33:39 585216 ----a-w- c:\documents and settings\administrator\NationalRequirements_30501033-200712.doc
2010-08-29 18:50:43 3283 ----a-w- c:\windows\system32\wbem\Outlook_01cb47ab159fdb6e.mof
2010-08-28 17:44:51 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44:50 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44:49 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44:43 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44:17 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43:32 0 d-----w- c:\program files\common files\VMware
2010-08-16 13:20:58 0 d-----w- c:\program files\myiHome
2010-08-16 11:14:29 0 d-----w- c:\program files\Siber Systems
2010-08-15 13:25:04 1026 ----a-w- c:\windows\dirscan
2010-08-15 13:16:55 0 d-----w- c:\program files\Disk Size Manager 2.0

==================== Find3M ====================

2010-09-07 18:56:22 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-08-10 11:26:36 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-08-01 11:55:38 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-08-01 11:55:36 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-08-01 11:54:52 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-08-01 11:53:02 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-08-01 11:53:02 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-08-01 10:39:06 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-08-01 10:12:36 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-08-01 08:18:24 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-08-01 08:18:24 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-08-01 08:18:24 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-07-27 19:53:07 64792 ----a-w- c:\windows\isamunin.exe
2010-07-25 14:54:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-25 14:37:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-22 11:37:29 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-03-31 12:22:40 56079 --sh--r- c:\program files\DLS8Uninstall.log
2009-09-26 21:38:44 437 ----a-w- c:\program files\Shortcut to O2.lnk
2008-09-29 08:12:04 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58:10 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00:48 23 --sha-w- c:\windows\system32\edacded0.dat

============= FINISH: 11:52:44.93 ===============


Thanks

[jmw3]

Hello & Welcome to Safer-Networking

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:

• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

You also need to know that I will not help remove malware from computers that have filesharing software (P2P) installed (such as Limewire, Bit Torrent, μTorrent etc. ). So if you want my help, please uninstall any such programs now & reboot.

Thanks

DDS
As your logs are now a few days old, please run DDS again, copy the contents of both logs & post in your next reply.

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.

• Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
• Double click the gmer.exe file
• The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
• After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of New DDS log
Contents of New Attach.txt
Contents of Gmer log

[plug_it_in]

Data posted below .

I had problems running GMER with BSOD's . In the end I used msconfig disabled all but Microsoft Servies and disabled all Startup and on the 5th attempt ran to completion. Note GMER Log in two parts. When it starts it does a quick scan and that the first log. The second list is after hitting the scan button (this is where it crashed usually in its own driver)


I tried posting all the input you wanted but it exceeds the input capacaty so I have attached a zip of all files

[jmw3]

Hi

While I'm going through this lot, please also run the following:

Rootkit Unhooker
Download Rootkit Unhooker from Here & save it on your desktop.

• Disable your security programs
• Double click RKUnhookerLE.exe to run it
• Click the Report tab, then click Scan
• Check Drivers and Stealth Code, uncheck the rest, then click OK
• When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
• Wait till the scanner has finished then go File > Save Report
• Save the report somewhere you can find it such as your desktop then click Close
• Copy/paste the entire contents of the report & post it in your next reply

Note - You may get the following warning - it is ok - just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

[jmw3]

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.

• Click Browse
• Copy & paste the following File & Path in the text box next to File name: then click Open
  Code:

  c:\windows\neoqaz2.dll

• Click Send File
• If confronted with two options, choose Reanalyse file now
• Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply

[plug_it_in]

http://www.virustotal.com/file-scan/...858-1285333222

[jmw3]

Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.

If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.