View Full Version : Spybot 1.6.2 will not run to completion, crashes. DDS.txt File
plug_it_in
2010-09-14, 21:16
Sorry about the confusion Im new to this forum .
Here is my DDS.txt
DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete Rawlings at 11:51:41.64 on 14/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1402 [GMT 1:00]
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
============== Running Processes ===============
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Notes\nsd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\vptray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\myiHome\app\myiHome-server.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\AT&T Network Client\NetMsg.exe
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Notes\swiftsrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
F:\$Downloads\Windows\SysinternalsSuite\procexp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\lmnvnp.exe
F:\$Downloads\Recovery\dds.com
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\\vptray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [UltraNav Keyboard] c:\program files\lenovo\ultranav keyboard\SkdUNav.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageechoenterpriseserver\TrueImageMonitor.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISSI Service] "c:\sdwork\issimsvc.exe"
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [IBM Lotus EasySync Pro] "c:\program files\lotus\easysync pro\SyncLauncher.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageechoenterpriseserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - c:\program files\myihome\app\myiHome-server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\start3~1.lnk - c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxware\3dxsrv.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {CAD550CF-E36D-4DF5-A998-908611C8D4A9} = 9.64.162.21,9.64.163.21
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
Notify: atmgrtok - atmgrtok.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
============= SERVICES / DRIVERS ===============
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-13 28552]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-16 10384]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\at&t network client\NetClientSvc.exe [2009-10-7 263520]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-13 94208]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-6 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-6 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-2-6 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-13 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2010-2-8 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-7-13 81280]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\naveng.sys [2010-9-13 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\navex15.sys [2010-9-13 1362608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [2007-11-2 40960]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpsvc.exe --> c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpSvc.exe [?]
S2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [2007-11-2 70656]
S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-27 30192]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2009-10-23 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eeye digital security\retina 5\scanner\ret55.sys --> c:\program files\eeye digital security\retina 5\scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\admini~1\locals~1\temp\rrmon.sys --> c:\docume~1\admini~1\locals~1\temp\rrmon.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-7 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-6 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe [?]
S4 csrcmds;csrcmds;c:\program files\ibm\personal communications\csrcmds.exe [2007-11-2 49152]
S4 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [2007-11-2 36864]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-2-21 583640]
S4 WindowsScheduler;System Scheduler Service;c:\progra~1\system~1\WService.exe [2009-9-16 13312]
S4 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\system~1\WSLogon.exe [2009-9-16 52224]
============== File Associations ===============
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
=============== Created Last 30 ================
2010-09-14 10:29:56 24064 ----a-w- c:\documents and settings\administrator\Ian Paterson 100914 Workload DB Import.XLS
2010-09-14 08:45:36 0 d-----w- c:\program files\Sophos
2010-09-14 08:21:06 0 d-----w- c:\docume~1\admini~1\applic~1\smkits
2010-09-14 00:13:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09:23 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:09:23 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09:23 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:48:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-12 23:47:40 0 d-----w- c:\program files\Panda Security
2010-09-12 01:31:16 0 d-----w- c:\program files\mSoftware
2010-09-12 01:09:51 0 d-----w- c:\program files\Aspecto Software
2010-09-11 19:21:43 0 d-----w- C:\TTN7
2010-09-11 13:14:33 0 d-----w- c:\program files\SDA
2010-09-10 14:38:46 0 d-----w- c:\program files\Lotus
2010-09-10 14:38:46 0 d-----w- c:\program files\common files\XCPCSync.OEM
2010-09-10 13:38:32 0 d--h--w- c:\documents and settings\administrator\InstallAnywhere
2010-09-09 21:42:18 361 ----a-w- C:\RapiConfigOut.xml
2010-09-09 21:21:33 0 d-----w- c:\program files\NetDragon
2010-09-08 23:35:41 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 23:23:17 282624 ----a-w- c:\windows\system32\acomte445.ocx
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29:28 0 d-----w- c:\docume~1\alluse~1\applic~1\AGNS
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.001
2010-09-08 15:38:05 36836 ----a-w- c:\windows\system32\nvwsapps.nvb
2010-09-08 15:21:13 190706 ----a-w- c:\windows\system32\nvapps.xml
2010-09-08 15:21:13 110415 ----a-w- c:\windows\system32\nvwsapps.xml
2010-09-08 15:20:56 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20:56 18725 ----a-w- c:\windows\system32\nvdisp.nvu
2010-09-08 15:20:56 0 d-----w- c:\windows\nview
2010-09-08 15:20:55 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49:20 0 d-----w- C:\ET_ROOT
2010-09-08 11:33:46 0 d-----w- c:\docume~1\admini~1\applic~1\Realtime Soft
2010-09-08 11:33:40 0 d-----w- c:\program files\common files\Realtime Soft
2010-09-08 11:33:39 0 d-----w- c:\program files\UltraMon
2010-09-08 11:33:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-09-07 13:35:03 0 d-----w- c:\docume~1\admini~1\applic~1\Sierra Wireless
2010-09-07 10:41:46 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09:26 0 d-----w- c:\program files\JRE
2010-09-06 17:38:30 1721 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2010-09-06 13:50:34 24064 ----a-w- c:\documents and settings\administrator\EMEA Workload DB Import.XLS
2010-09-04 21:18:21 0 d-----w- c:\docume~1\admini~1\applic~1\Nokia Ovi Suite
2010-09-04 20:52:38 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52:30 0 d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache
2010-09-04 14:53:03 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51:53 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51:53 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-09-02 15:13:49 2840 ----a-w- c:\documents and settings\administrator\pseudovalindbmt.xls
2010-09-02 11:33:39 585216 ----a-w- c:\documents and settings\administrator\NationalRequirements_30501033-200712.doc
2010-08-29 18:50:43 3283 ----a-w- c:\windows\system32\wbem\Outlook_01cb47ab159fdb6e.mof
2010-08-28 17:44:51 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44:50 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44:49 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44:43 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44:17 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43:32 0 d-----w- c:\program files\common files\VMware
2010-08-16 13:20:58 0 d-----w- c:\program files\myiHome
2010-08-16 11:14:29 0 d-----w- c:\program files\Siber Systems
2010-08-15 13:25:04 1026 ----a-w- c:\windows\dirscan
2010-08-15 13:16:55 0 d-----w- c:\program files\Disk Size Manager 2.0
==================== Find3M ====================
2010-09-07 18:56:22 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-08-10 11:26:36 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-08-01 11:55:38 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-08-01 11:55:36 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-08-01 11:54:52 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-08-01 11:53:02 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-08-01 11:53:02 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-08-01 10:39:06 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-08-01 10:12:36 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-08-01 08:18:24 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-08-01 08:18:24 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-08-01 08:18:24 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-07-27 19:53:07 64792 ----a-w- c:\windows\isamunin.exe
2010-07-25 14:54:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-25 14:37:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-22 11:37:29 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-03-31 12:22:40 56079 --sh--r- c:\program files\DLS8Uninstall.log
2009-09-26 21:38:44 437 ----a-w- c:\program files\Shortcut to O2.lnk
2008-09-29 08:12:04 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58:10 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00:48 23 --sha-w- c:\windows\system32\edacded0.dat
============= FINISH: 11:52:44.93 ===============
Thanks
Hello & Welcome to Safer-Networking
Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.
In the meantime please note the following:
Any recommendations made are for your computer problems only and should NOT be used on any other computer.
Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
If you get stuck or are unsure of something please ask for a further explanation, do not guess.
It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
Because of this, I advise you to backup any personal files and folders before you start.
You also need to know that I will not help remove malware from computers that have filesharing software (P2P) installed (such as Limewire, Bit Torrent, μTorrent etc. ). So if you want my help, please uninstall any such programs now & reboot.
Thanks
DDS
As your logs are now a few days old, please run DDS again, copy the contents of both logs & post in your next reply.
Gmer
Download GMER Rootkit Scanner from here (http://www.gmer.net/download.php) & save it to your desktop.
Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
http://i28.photobucket.com/albums/c227/tetonbob/gmer_th.gif (http://i28.photobucket.com/albums/c227/tetonbob/gmer_screen2-1.gif)
Click the image to enlarge it
In the right panel, you will see several boxes that have been checked. Uncheck the following ... IAT/EAT
Drives/Partition other than Systemdrive (typically C:\)
Show All (don't miss this one)
Then click the Scan button & wait for it to finish
Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
Save it where you can easily find it, such as your desktop, and post it in reply**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.
NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
Double click the gmer.exe file
The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your replyTo post in next reply:
Contents of New DDS log
Contents of New Attach.txt
Contents of Gmer log
plug_it_in
2010-09-24, 13:56
Data posted below .
I had problems running GMER with BSOD's . In the end I used msconfig disabled all but Microsoft Servies and disabled all Startup and on the 5th attempt ran to completion. Note GMER Log in two parts. When it starts it does a quick scan and that the first log. The second list is after hitting the scan button (this is where it crashed usually in its own driver)
I tried posting all the input you wanted but it exceeds the input capacaty so I have attached a zip of all files
Hi
While I'm going through this lot, please also run the following:
Rootkit Unhooker
Download Rootkit Unhooker from Here (http://www.rootkit.com/vault/DiabloNova/RKUnhookerLE.EXE) & save it on your desktop. Disable your security programs
Double click RKUnhookerLE.exe to run it
Click the Report tab, then click Scan
Check Drivers and Stealth Code, uncheck the rest, then click OK
When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
Wait till the scanner has finished then go File > Save Report
Save the report somewhere you can find it such as your desktop then click Close
Copy/paste the entire contents of the report & post it in your next replyNote - You may get the following warning - it is ok - just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK
Upload Files for Scanning
Go to VirusTotal (http://www.virustotal.com/) & upload the following File/s for scanning.
Click Browse
Copy & paste the following File & Path in the text box next to File name: then click Open
c:\windows\neoqaz2.dll
Click Send File
If confronted with two options, choose Reanalyse file now
Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
plug_it_in
2010-09-24, 16:03
http://www.virustotal.com/file-scan/report.html?id=af59874dd23a2e93b1356822032bafad878c60e76bc95ec3af05e16ca58fa858-1285333222
plug_it_in
2010-09-24, 16:49
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8DF2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6623232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.74 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6287360 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 178.74 )
0xB89DA000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB2C9B000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100923.003\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xB4854000 C:\WINDOWS\System32\drivers\appn.sys 1318912 bytes (IBM Corporation, APPN library)
0xB73EE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB87AC000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xB9E17000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB49E2000 C:\WINDOWS\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)
0xB733B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9CE1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB69E0000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xB6B9F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C49000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB33AA000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xB6B19000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB8631000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6E15000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7073000 C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xB435F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB894F000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB7552000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xB6CF4000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100915.004\symidsco.sys 290816 bytes (Symantec Corporation, IDS Core Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8D9D000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB149F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB876B000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)
0xB6DDA000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xB889D000 C:\WINDOWS\system32\DRIVERS\agnfilt.sys 221184 bytes (AT&T, Net Firewall)
0xB74E0000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB49AF000 C:\WINDOWS\System32\drivers\AppnBase.sys 208896 bytes (IBM Corporation, APPNBASE library)
0xB86AC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9CB4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9DBA000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB8923000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB1101000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB6C0F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6D3B000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 167936 bytes (Symantec Corporation, Firewall Filter Driver)
0xB8D51000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB6CCC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB4819000 C:\WINDOWS\System32\drivers\pdlncfwk.sys 163840 bytes (IBM Corporation, PDLNCFWK.SYS)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6DB4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB54FE000 C:\WINDOWS\System32\Drivers\DefragFS.SYS 151552 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xB752E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8D79000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB88D3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2E0F000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6CAA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB7051000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D9A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9C29000 snman380.sys 131072 bytes (Acronis, Acronis Snapshot API)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB479E000 C:\WINDOWS\System32\drivers\appnapi.sys 122880 bytes (IBM Corporation, APPNAPI library)
0xB9C0B000 Apsx86.sys 122880 bytes (Lenovo., Shockproof Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB6AFC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB868F000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB7514000 C:\WINDOWS\system32\drivers\AEAudio.sys 106496 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9BF1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE6000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB88F6000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 102400 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xB4996000 C:\WINDOWS\system32\DRIVERS\llc2.sys 102400 bytes (IBM Corporation, LLC2 library)
0xB5495000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB547C000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DFF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EED000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D6E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8754000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB554B000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB5562000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9D85000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xB3A27000 C:\WINDOWS\System32\drivers\pdlndldl6.sys 86016 bytes (IBM Corporation, PDLNDLDL6.SYS)
0xB4804000 C:\WINDOWS\System32\drivers\pdlndlpb.sys 86016 bytes (IBM Corporation, PDLNDLPB.SYS)
0xB4C6F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6EC9000 C:\WINDOWS\System32\Drivers\LenovoRd.sys 81920 bytes (Lenovo, Smart Card Reader Driver)
0xB2C87000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100923.003\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB890F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB47DE000 C:\WINDOWS\System32\drivers\pdlndsdl.sys 81920 bytes (IBM Corporation, PDLNDSDL.SYS)
0xB89A1000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB703D000 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB89C6000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB8DDE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6E6E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB4841000 C:\WINDOWS\System32\drivers\pdlnacom.sys 77824 bytes (IBM Corporation, PDLNACOM.SYS)
0xB3ADC000 C:\WINDOWS\System32\drivers\pdlndldl.sys 77824 bytes (IBM Corporation, PDLNDLDL.SYS)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB47F2000 C:\WINDOWS\System32\drivers\pdlndqll.sys 73728 bytes (IBM Corporation, PDLNDQLL.SYS)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB47CD000 C:\WINDOWS\System32\drivers\pdlndtdl.sys 69632 bytes (IBM Corporation, PDLNDTDL.SYS)
0xB47BC000 C:\WINDOWS\System32\drivers\pdlnemap.sys 69632 bytes (IBM Corporation, PDLNEMAP.SYS)
0xB89B5000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9BB1000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA1A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9BD1000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB4CE4000 C:\WINDOWS\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9493000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB4C84000 C:\WINDOWS\System32\drivers\pdlnshay.sys 61440 bytes (IBM Corporation, PDLNSHAY.SYS)
0xB4B41000 C:\WINDOWS\System32\drivers\pdlnsx25.sys 61440 bytes (IBM Corporation, PDLNSX25.SYS)
0xB9BA1000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4F4C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB94A3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB94D3000 C:\WINDOWS\system32\drivers\WmXlCore.sys 61440 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0D8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xB5074000 C:\WINDOWS\System32\drivers\pdlnsv25.sys 57344 bytes (IBM Corporation, PDLNSV25.SYS)
0xBA168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9BE1000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB428F000 C:\WINDOWS\System32\drivers\pdlndoem.sys 53248 bytes (IBM Corporation, PDLNDOEM.SYS)
0xB4CA4000 C:\WINDOWS\System32\drivers\pdlnecfg.sys 53248 bytes (IBM Corporation, PDLNECFG.SYS)
0xB9B81000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2B8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA148000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA138000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB9B61000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA298000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 49152 bytes (Symantec Corporation, IDS Filter Driver)
0xBA1E8000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA1F8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA1C8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA1D8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xBA2C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9BC1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9B71000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA288000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0xBA188000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xBA218000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB4D14000 C:\WINDOWS\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB94B3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB4CB4000 C:\WINDOWS\System32\drivers\pdlnatcm.sys 40960 bytes (IBM Corporation, PDLNATCM.SYS)
0xB4C94000 C:\WINDOWS\System32\drivers\pdlnatdl.sys 40960 bytes (IBM Corporation, PDLNATDL.SYS)
0xBA178000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA128000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA0F8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xBA198000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xBA258000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xB9B51000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB9443000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xBA228000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xBA158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9B91000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA318000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1397000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB4B31000 C:\WINDOWS\System32\drivers\pdlnafac.sys 36864 bytes (IBM Corporation, PDLNAFAC.SYS)
0xBA0E8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB6ADC000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA118000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA398000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB8724000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB871C000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA450000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB6DA4000 C:\WINDOWS\System32\drivers\pdlnctdl.sys 32768 bytes (IBM Corporation, PDLNCTDL.SYS)
0xB6D84000 C:\WINDOWS\System32\drivers\pdlndint.sys 32768 bytes (IBM Corporation, PDLNDINT.SYS)
0xB3DA7000 C:\WINDOWS\system32\DRIVERS\RNDISMPX.SYS 32768 bytes (Microsoft Corporation, Remote NDIS Miniport)
0xBA358000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA368000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xBA340000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA390000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA388000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBA3A0000 risdptsk.sys 28672 bytes (REDC, RICOH SD/MMC Driver)
0xBA460000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 28672 bytes (Symantec Corporation, DNS Filter Driver)
0xBA360000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xB86FC000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8714000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB86EC000 C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 28672 bytes (VMware, Inc., VMware bridge driver (32-bit))
0xBA370000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xB6D94000 C:\WINDOWS\System32\drivers\anydlc.sys 24576 bytes (IBM Corporation, ANYDLC.DLL(9X)/ANYDLC.SYS(NT))
0xBA378000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB6D6C000 C:\WINDOWS\System32\drivers\pdlnslea.sys 24576 bytes (IBM Corporation, PDLNSLEA.SYS)
0xBA428000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB54C6000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA430000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB86E4000 C:\WINDOWS\system32\DRIVERS\agnwifi.sys 20480 bytes (AT&T, Wi-Fi Driver)
0xB54DE000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA490000 C:\WINDOWS\system32\drivers\bfturboh.sys 20480 bytes (BUFFALO INC., USB Turbo Driver for HDD)
0xBA380000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBA480000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA350000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xB6D74000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBA348000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xBA448000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB6D8C000 C:\WINDOWS\System32\drivers\pdlnepkt.sys 20480 bytes (IBM Corporation, PDLNEPKT.SYS)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA420000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0xBA338000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA478000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xBA470000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA468000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xBA4B0000 C:\WINDOWS\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))
0xB54E6000 C:\WINDOWS\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))
0xB8704000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4CC000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBA4DC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA4E4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xB9A67000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA4C8000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xBA4D4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBA4E0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xB6E81000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB4347000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB95AB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB545C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB4D90000 C:\WINDOWS\System32\drivers\pdlnemsg.sys 16384 bytes (IBM Corporation, PDLNEMSG.SYS)
0xB9A6F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB8629000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xBA4D0000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xB6C3A000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB27FB000 C:\WINDOWS\system32\DRIVERS\usb8023x.sys 16384 bytes (Microsoft Corporation, Remote NDIS USB Driver)
0xB402F000 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)
0xB95A7000 C:\WINDOWS\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4D8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6C52000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB861D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8738000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB5440000 C:\WINDOWS\System32\drivers\klognt.sys 12288 bytes (IBM Corporation, KLOGNT DLL)
0xB959B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9A4B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB4D94000 C:\WINDOWS\System32\drivers\pdlnebas.sys 12288 bytes (IBM Corporation, PDLNEBAS.SYS)
0xB9A5F000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB8611000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB5450000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB553F000 C:\WINDOWS\System32\Drivers\TVicPort.SYS 12288 bytes (EnTech Taiwan, TVicPort Driver for Windows NT/2000/XP)
0xB400F000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0xB959F000 C:\WINDOWS\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))
0xB95A3000 C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))
0xB9A4F000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xB9A57000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB7113000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5AC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBA5F0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B8000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBA5AE000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBA5B6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA624000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xBA5EE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5EA000 C:\WINDOWS\system32\DRIVERS\isamfilter.sys 8192 bytes (IBM Corp., IBM Standard Asset Manager Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F8000 C:\WINDOWS\System32\drivers\nstrcnt.sys 8192 bytes (IBM Corporation, NSTRCNT.SYS)
0xBA608000 C:\WINDOWS\System32\drivers\pdlncbas.sys 8192 bytes (IBM Corporation, PDLNCBAS.SYS)
0xBA5BA000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBA656000 C:\WINDOWS\system32\drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA5F6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5DC000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5E8000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA5DE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA612000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5B0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5B2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA602000 C:\WINDOWS\system32\Drivers\VMparport.sys 8192 bytes (VMware, Inc., VMware parallel port driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6D8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA71F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA704000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xBA7C9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA6CD000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA6A5000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x05B70000 Hidden Image-->Google.GData.Client.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 176128 bytes
0x03790000 Hidden Image-->Google.GData.AccessControl.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 28672 bytes
0x03760000 Hidden Image-->Google.GData.Calendar.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 45056 bytes
0x05AF0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 507904 bytes
0x02B10000 Hidden Image-->ClxGoogleCalendar.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 73728 bytes
0x037C0000 Hidden Image-->Google.GData.Extensions.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 86016 bytes
Hi
I think I'd like an Expert to have a look at that file.
Can you go to c:\windows\neoqaz2.dll, right click the file, select Send to compressed(zip) folders. That will make a zipped copy of the file.
Then upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so I can get the file examined.
Just create a new topic, name it something like Files for jmw3, fill in the needed details & give a link to your post here, then click the Browse button & navigate to & select the zipped file. When the file is listed in the window click Send to upload the file (see the "Instructions for uploading files" there for help, if needed).
TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here (http://oldtimer.geekstogo.com/TFC.exe) & save it to your desktop.
Save any unsaved work. TFC Cleaner will close all open application windows
Double-click TFC.exe to run the program, your desktop will temporarily disappear
If prompted, click Yes to rebootNote: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.
ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
**IMPORTANT !!! Save ComboFix.exe to your Desktop**
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
A guide to do this can be found here (http://www.bleepingcomputer.com/forums/topic114351.html)
Double click on ComboFix.exe & follow the prompts
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Consolehttp://img.photobucket.com/albums/v666/sUBs/Query_RC.gif
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
http://img.photobucket.com/albums/v666/sUBs/RC_successful.gif
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next replyA word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
To post in next reply:
ComboFix log
Update on how the computer is running
plug_it_in
2010-09-24, 20:56
http://thespykiller.co.uk/index.php/topic,9441.msg37862.html#msg37862
plug_it_in
2010-09-24, 22:12
Ran combo fix after TFC . Ran Spybot after this and still fails to run to completion
ComboFix 10-09-23.01 - Pete Rawlings 24/09/2010 19:17:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2320 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Desktop\Pilot Install.EXE
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
C:\Documents
c:\windows\system\VI30AUT.DLL
c:\windows\system32\Cache
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:30 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-24 18:30 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-24 18:30 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-24 18:29 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-24 18:26 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-24 17:36 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-29 08:12 . 2008-09-29 08:12 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]
2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]
2010-09-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-16 10:08]
2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-atmgrtok - atmgrtok.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 19:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3644.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(436)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(8464)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-24 19:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 18:37
Pre-Run: 19,832,352,768 bytes free
Post-Run: 19,511,652,352 bytes free
- - End Of File - - FB4F8E3B8F33D3036A0ABD0D2723FC75
Hi
I don't see any references to it in your logs, but do you have Spybot's TeaTimer disabled when you run a scan with Spybot?
Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove
Advanced SystemCare 3
If some programs listed are not present, please do not panic
You should also remove the following outdated version of Java, as it is open to exploitation:
Java(TM) 6 Update 13
CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:
File::
c:\windows\neoqaz2.dll
c:\windows\Tasks\AWC Update.job
Folder::
c:\program files\IObit
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
LogWatch
CA_LIC_CLNT
MEMSWEEP2
RRMONX
DDS::
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
uInternet Settings,ProxyOverride = <local>;<local>
Trusted Zone: o2.co.uk\*.broadband
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Save this as CFScript.txt, in the same location as ComboFix.exe
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
MBRCheck
Download MBRCheck from Here (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) & save it to your desktop.
Disable your security programs so they do not interfere with the tool. Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt if enabled)
A window will open on your desktop
If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop
Post the contents of that file in your next replyTo post in next reply:
ComboFix log
MBRCheck log
plug_it_in
2010-09-25, 14:15
ComboFix 10-09-23.01 - Pete Rawlings 24/09/2010 19:17:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2320 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Administrator\Desktop\Pilot Install.EXE
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
C:\Documents
c:\windows\system\VI30AUT.DLL
c:\windows\system32\Cache
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll
.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.
2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:30 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-24 18:30 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-24 18:30 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-24 18:29 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-24 18:26 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-24 17:36 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-29 08:12 . 2008-09-29 08:12 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]
2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]
2010-09-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-16 10:08]
2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-atmgrtok - atmgrtok.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 19:31
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3644.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(436)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll
- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(8464)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-24 19:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 18:37
Pre-Run: 19,832,352,768 bytes free
Post-Run: 19,511,652,352 bytes free
- - End Of File - - FB4F8E3B8F33D3036A0ABD0D2723FC75
plug_it_in
2010-09-25, 14:18
Note : I have a HD with two partitions and on second Partition is Windows 7 and it created a dual boot environment.
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200003c
Kernel Drivers (total 300):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xBA4C8000 cpqarray.sys
0xB9EED000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E17000 iaStor.sys
0xB9DFF000 atapi.sys
0xBA4CC000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4D0000 symc810.sys
0xBA0D8000 aic78xx.sys
0xBA4D4000 dac960nt.sys
0xBA0E8000 ql10wnt.sys
0xBA4D8000 amsint.sys
0xBA340000 asc.sys
0xBA4DC000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4E0000 ini910u.sys
0xBA0F8000 ql1240.sys
0xBA108000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA118000 ultra.sys
0xB9DE6000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA128000 ql1080.sys
0xBA138000 ql1280.sys
0xBA148000 ql12160.sys
0xBA388000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4E4000 cbidf2k.sys
0xB9DBA000 dac2w2k.sys
0xBA158000 disk.sys
0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9D9A000 fltmgr.sys
0xB9D88000 sr.sys
0xB9D73000 drvmcdb.sys
0xBA178000 PxHelp20.sys
0xB9D5C000 KSecDD.sys
0xB9CCF000 Ntfs.sys
0xB9CA2000 NDIS.sys
0xB9C37000 timntr.sys
0xBA188000 Combo-Fix.sys
0xBA198000 viaagp.sys
0xBA398000 ApsHM86.sys
0xB9C17000 snman380.sys
0xBA1A8000 sisagp.sys
0xB9BF9000 Apsx86.sys
0xBA3A0000 risdptsk.sys
0xBA1B8000 ohci1394.sys
0xBA1C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9BDF000 Mup.sys
0xBA1D8000 alim1541.sys
0xBA1E8000 amdagp.sys
0xBA1F8000 agp440.sys
0xBA208000 agpCPQ.sys
0xBA268000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9B7F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8D38000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8D24000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8CE3000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CBF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8C97000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8920000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB890C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB88FB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB88E7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB8895000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB9B6F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B0000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xB8869000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9B5F000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9A5D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8855000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9A59000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB9B4F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB883C000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB9A51000 \SystemRoot\system32\drivers\pfc.sys
0xB9B3F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9419000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8819000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9A49000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB87E3000 \SystemRoot\system32\DRIVERS\agnfilt.sys
0xB86F2000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB9A41000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xB9409000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5D8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB86B1000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys
0xBA713000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5DA000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB93F9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A3D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB869A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB93E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB93D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA400000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB85F2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB93C9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85D5000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8577000 \SystemRoot\system32\DRIVERS\update.sys
0xB9538000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9534000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB93B9000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB9530000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xB952C000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\btport.sys
0xB9528000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA430000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xB9399000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9389000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB7498000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB7474000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xB73BA000 \SystemRoot\system32\drivers\AEAudio.sys
0xB7386000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7294000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB71E1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8682000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB70F9000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
0xB70D7000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB70C3000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6F4F000 \SystemRoot\System32\Drivers\LenovoRd.sys
0xB867A000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8672000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA5E8000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA2A8000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xBA440000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA708000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA448000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA450000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8563000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6EF4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB6E9B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6E60000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB6E3A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2D8000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA468000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xBA2F8000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xB6DC1000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xBA308000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xB6D7A000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100915.004\symidsco.sys
0xBA470000 \SystemRoot\system32\drivers\bfturboh.sys
0xB6D52000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA478000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA318000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB719D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6CD6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB6CB4000 \SystemRoot\System32\drivers\afd.sys
0xBA480000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB9BCF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA488000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xBA490000 \SystemRoot\System32\drivers\Tppwrif.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xB6C32000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB9BBF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB6B17000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6A7F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9BAF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB865A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB6A21000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB8652000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB6A04000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB6F37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9B8F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6B66000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8642000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA278000 \SystemRoot\system32\drivers\drvnddm.sys
0xB6C22000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xBA6E8000 \SystemRoot\system32\dla\tfsndres.sys
0xB5586000 \SystemRoot\system32\dla\tfsnifs.sys
0xB56C0000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA60E000 \SystemRoot\system32\dla\tfsnpool.sys
0xB556F000 \SystemRoot\system32\DRIVERS\WudfPf.sys
0xB5522000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xB863A000 \SystemRoot\system32\dla\tfsnboio.sys
0xB6C02000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA6ED000 \SystemRoot\system32\dla\tfsndrct.sys
0xB54B9000 \SystemRoot\system32\dla\tfsnudf.sys
0xB54A0000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB8632000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0xB862A000 \SystemRoot\system32\DRIVERS\agnwifi.sys
0xB554B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5547000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB4D5B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4ED0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4DB0000 \??\C:\WINDOWS\system32\drivers\hcmon.sys
0xB4FF0000 \SystemRoot\System32\drivers\klognt.sys
0xBA656000 \SystemRoot\System32\drivers\nstrcnt.sys
0xB51A4000 \SystemRoot\System32\Drivers\TVicPort.SYS
0xB4EA0000 \??\C:\WINDOWS\system32\Drivers\vmci.sys
0xBA660000 \??\C:\WINDOWS\system32\Drivers\VMparport.sys
0xB4B76000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0xB4A7B000 \SystemRoot\System32\drivers\AppnBase.sys
0xB4A62000 \SystemRoot\system32\DRIVERS\llc2.sys
0xBA662000 \SystemRoot\System32\drivers\pdlncbas.sys
0xB4FE0000 \SystemRoot\System32\drivers\pdlnebas.sys
0xB4FDC000 \SystemRoot\System32\drivers\pdlnemsg.sys
0xB6E0A000 \SystemRoot\System32\drivers\anydlc.sys
0xB4920000 \SystemRoot\System32\drivers\appn.sys
0xB490D000 \SystemRoot\System32\drivers\pdlnacom.sys
0xB6E02000 \SystemRoot\System32\drivers\pdlnepkt.sys
0xB4C85000 \SystemRoot\System32\drivers\pdlnatcm.sys
0xB6DFA000 \SystemRoot\System32\drivers\pdlndint.sys
0xB4C75000 \SystemRoot\System32\drivers\pdlnecfg.sys
0xB4C65000 \SystemRoot\System32\drivers\pdlnatdl.sys
0xB48E5000 \SystemRoot\System32\drivers\pdlncfwk.sys
0xB48D0000 \SystemRoot\System32\drivers\pdlndlpb.sys
0xB48BE000 \SystemRoot\System32\drivers\pdlndqll.sys
0xB48AA000 \SystemRoot\System32\drivers\pdlndsdl.sys
0xB4899000 \SystemRoot\System32\drivers\pdlndtdl.sys
0xB4C55000 \SystemRoot\System32\drivers\pdlnshay.sys
0xB866A000 \SystemRoot\System32\drivers\pdlnslea.sys
0xB4C45000 \SystemRoot\System32\drivers\pdlnsv25.sys
0xB4FB8000 \SystemRoot\System32\drivers\pdlnsx25.sys
0xB4F98000 \SystemRoot\System32\drivers\pdlnafac.sys
0xB4888000 \SystemRoot\System32\drivers\pdlnemap.sys
0xB486A000 \SystemRoot\System32\drivers\appnapi.sys
0xB54FA000 \SystemRoot\System32\drivers\aspi32.sys
0xBA5F4000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xBA610000 \SystemRoot\system32\DRIVERS\isamfilter.sys
0xBA7EC000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB442B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB448A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB54EA000 \SystemRoot\System32\drivers\pdlnctdl.sys
0xB437B000 \SystemRoot\System32\drivers\pdlndoem.sys
0xBA66C000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xB412F000 \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
0xB8622000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0xB43EB000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0xB3DB0000 \SystemRoot\System32\drivers\pdlndldl.sys
0xB3D73000 \SystemRoot\System32\drivers\pdlndldl6.sys
0xB400B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB4003000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
0xB6E22000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB3918000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB6DEA000 \??\C:\ComboFix\catchme.sys
0xBA608000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB459A000 \SystemRoot\system32\DRIVERS\usb8023x.sys
0xB864A000 \SystemRoot\system32\DRIVERS\RNDISMPX.SYS
0xB28B9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB276D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\navex15.sys
0xB2759000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\naveng.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 123):
0 System Idle Process
4 System
2024 C:\WINDOWS\system32\smss.exe
388 csrss.exe
428 C:\WINDOWS\system32\winlogon.exe
492 C:\WINDOWS\system32\services.exe
576 C:\WINDOWS\system32\lsass.exe
768 C:\WINDOWS\system32\ibmpmsvc.exe
796 C:\WINDOWS\system32\svchost.exe
840 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1304 C:\Program Files\WTouch\WTouchService.exe
1328 C:\WINDOWS\system32\svchost.exe
1456 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
880 svchost.exe
1056 svchost.exe
1520 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1552 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
2012 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
304 C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
1440 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
1264 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
2296 C:\WINDOWS\system32\spoolsv.exe
3848 C:\WINDOWS\system32\drivers\trcboot.exe
3976 C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
4064 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
4088 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1188 C:\WINDOWS\system32\bgsvcgen.exe
1388 C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
2160 C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
2172 C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
2208 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3076 C:\WINDOWS\system32\svchost.exe
3116 C:\WINDOWS\system32\svchost.exe
3172 C:\Program Files\c4ebreg\c4ebreg.exe
3236 C:\sdwork\issimsvc.exe
3420 C:\Program Files\Java\jre6\bin\jqs.exe
1360 C:\Notes\nsd.exe
2740 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2776 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
3064 C:\WINDOWS\system32\svchost.exe
2976 C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
3368 C:\Program Files\AT&T Network Client\NetClientSvc.exe
3452 C:\WINDOWS\system32\nvsvc32.exe
3716 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
3784 C:\WINDOWS\system32\svchost.exe
3864 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3928 C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
1828 C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
2604 C:\WINDOWS\system32\Pen_Tablet.exe
2716 C:\WINDOWS\system32\TPHDEXLG.exe
2772 C:\WINDOWS\system32\TpKmpSvc.exe
2860 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
2980 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
3016 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
3024 C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
2452 C:\WINDOWS\system32\Pen_Tablet.exe
3220 C:\WINDOWS\system32\vmnat.exe
3572 C:\PROGRA~1\SYSTEM~1\WService.exe
3868 C:\PROGRA~1\SYSTEM~1\WSLogon.exe
996 C:\PROGRA~1\SYSTEM~1\WScheduler.exe
1252 C:\Program Files\RealVNC\VNC4\winvnc4.exe
2728 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
3384 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
3544 C:\WINDOWS\system32\vmnetdhcp.exe
3556 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
1296 C:\WINDOWS\system32\drivers\ldlcserv.exe
944 C:\WINDOWS\system32\drivers\ldlcserv6.exe
1808 C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
3816 wmiprvse.exe
1816 alg.exe
5236 C:\WINDOWS\system32\WDBtnMgr.exe
5248 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
5260 C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
5276 C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
5788 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
5800 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
5836 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
5864 C:\Program Files\IBM\Personal Communications\tpam.exe
3884 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3896 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
2416 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4336 C:\Program Files\Analog Devices\Core\smax4pnp.exe
5028 C:\WINDOWS\vsnp2std.exe
5164 C:\WINDOWS\system32\rundll32.exe
4580 C:\WINDOWS\system32\rundll32.exe
2372 C:\Program Files\c4ebreg\isamtray.exe
5712 C:\WINDOWS\system32\svchost.exe
5728 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1864 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
5960 C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
6064 C:\WINDOWS\system32\dla\tfswctrl.exe
2880 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4596 C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
4704 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
5012 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
5936 C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
5956 C:\WINDOWS\system32\ctfmon.exe
3764 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
4788 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
4864 C:\PROGRA~1\MICROS~3\rapimgr.exe
5440 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
5676 C:\Program Files\CompanionLink\CompanionLink.exe
5888 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
2580 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4800 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4128 C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
3284 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
628 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4816 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1372 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5220 C:\WINDOWS\explorer.exe
9404 C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
9092 wmiprvse.exe
4856 C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
10172 C:\WINDOWS\system32\svchost.exe
6132 C:\Program Files\WTouch\WTouchUser.exe
4620 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
9768 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
6472 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPC32.exe
4632 C:\Program Files\Mozilla Firefox\firefox.exe
6060 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00008000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`23d00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: HITACHIHTS722010K9SA00, Rev: DC2ZC75A
PhysicalDrive1 Model Number: BUFFALOExternal HDD, Rev:
Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.
Enter your choice:
Done!
plug_it_in
2010-09-25, 14:19
Sorry missed that Drive F is USB drive , that I do not boot from.
Hi
That ComboFix log you just posted is the from the first run. Please follow the instructions I posted to run ComboFix with the CFScript.
plug_it_in
2010-09-25, 17:45
Sorry bout that must have lost it
plug_it_in
2010-09-25, 17:57
No I posted wrong log , now deleted older stuff
ComboFix 10-09-24.03 - Pete Rawlings 25/09/2010 1:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1844 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
FILE ::
"c:\windows\neoqaz2.dll"
"c:\windows\Tasks\AWC Update.job"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\Update\asc-setup-pro-patch.exe
c:\program files\IObit\Advanced SystemCare 3\UpdateLog.txt
c:\program files\IObit\Game Booster\EULA.rtf
c:\program files\IObit\Game Booster\٨٨
c:\program files\IObit\Game Booster\GameBooster.exe
c:\program files\IObit\Game Booster\GameBooster.ini
c:\program files\IObit\Game Booster\gbinit.exe
c:\program files\IObit\Game Booster\gbtray.exe
c:\program files\IObit\Game Booster\Language\Arabic.lng
c:\program files\IObit\Game Booster\Language\Belarusian.lng
c:\program files\IObit\Game Booster\Language\Brasil.lng
c:\program files\IObit\Game Booster\Language\Bulgarian.lng
c:\program files\IObit\Game Booster\Language\Catalan.lng
c:\program files\IObit\Game Booster\Language\ChineseSimp.lng
c:\program files\IObit\Game Booster\Language\ChineseTrad.lng
c:\program files\IObit\Game Booster\Language\Croatian.lng
c:\program files\IObit\Game Booster\Language\Czech.lng
c:\program files\IObit\Game Booster\Language\Dansk.lng
c:\program files\IObit\Game Booster\Language\Dutch.lng
c:\program files\IObit\Game Booster\Language\English.lng
c:\program files\IObit\Game Booster\Language\Estonian.lng
c:\program files\IObit\Game Booster\Language\Finnish.lng
c:\program files\IObit\Game Booster\Language\French.lng
c:\program files\IObit\Game Booster\Language\Georgian.lng
c:\program files\IObit\Game Booster\Language\German.lng
c:\program files\IObit\Game Booster\Language\Greek.lng
c:\program files\IObit\Game Booster\Language\Hebrew.lng
c:\program files\IObit\Game Booster\Language\Hungarian.lng
c:\program files\IObit\Game Booster\Language\Indonesian.lng
c:\program files\IObit\Game Booster\Language\Italiano.lng
c:\program files\IObit\Game Booster\Language\Japanese.lng
c:\program files\IObit\Game Booster\Language\Korean.lng
c:\program files\IObit\Game Booster\Language\Latvian.lng
c:\program files\IObit\Game Booster\Language\Lithuanian.lng
c:\program files\IObit\Game Booster\Language\Macedonian.lng
c:\program files\IObit\Game Booster\Language\Norwegian.lng
c:\program files\IObit\Game Booster\Language\Persian.lng
c:\program files\IObit\Game Booster\Language\Polish.lng
c:\program files\IObit\Game Booster\Language\Portugal.lng
c:\program files\IObit\Game Booster\Language\Romanian.lng
c:\program files\IObit\Game Booster\Language\Russian.lng
c:\program files\IObit\Game Booster\Language\Serbian (Cyrillic).lng
c:\program files\IObit\Game Booster\Language\Serbian (Latin).lng
c:\program files\IObit\Game Booster\Language\Serbian.lng
c:\program files\IObit\Game Booster\Language\Slovak.lng
c:\program files\IObit\Game Booster\Language\Slovenian.lng
c:\program files\IObit\Game Booster\Language\Spanish.lng
c:\program files\IObit\Game Booster\Language\Swedish.lng
c:\program files\IObit\Game Booster\Language\Thai.lng
c:\program files\IObit\Game Booster\Language\Turkish.lng
c:\program files\IObit\Game Booster\Language\Ukrainian.lng
c:\program files\IObit\Game Booster\Language\Urdu.lng
c:\program files\IObit\Game Booster\Language\Vietnamese.lng
c:\program files\IObit\Game Booster\unins000.dat
c:\program files\IObit\Game Booster\unins000.exe
c:\program files\IObit\Game Booster\unins000.msg
c:\program files\IObit\Game Booster\What's new.txt
c:\program files\IObit\IObit Security 360\Downloaded\windowsxp-kb958470-x86-enu.exe
c:\program files\IObit\IObit Security 360\IS360DataBase.db
c:\program files\IObit\IObit Security 360\license.dat
c:\program files\IObit\IObit Security 360\log\Scan\2009-09-08 21-29-21.log
c:\program files\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files\IObit\IObit Security 360\UpdateLog.txt
c:\windows\neoqaz2.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_LOGWATCH
-------\Legacy_MEMSWEEP2
-------\Legacy_RRMONX
-------\Service_CA_LIC_CLNT
-------\Service_LogWatch
-------\Service_MEMSWEEP2
-------\Service_RRMONX
((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.
2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 01:03 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-25 01:03 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-25 01:03 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-25 01:02 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-25 01:00 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-25 00:45 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 00:32 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]
2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]
2010-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]
2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]
2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]
2010-09-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Game Booster_is1 - c:\program files\IObit\Game Booster\unins000.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 02:04
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(428)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll
- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\relog_ap.dll
- - - - - - - > 'explorer.exe'(5220)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-25 02:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-25 01:11
ComboFix2.txt 2010-09-24 18:37
Pre-Run: 19,442,487,296 bytes free
Post-Run: 19,401,273,344 bytes free
- - End Of File - - 1AAC85F0AF017DDA48B26D4DA40D0959
Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner< (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html)
Read through the requirements and privacy statement and click on Accept button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
When the downloads have finished, click on Settings
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan
Once the scan is complete, it will display the results. Click on View Scan Report
You will see a list of infected items there. Click on Save Report As...
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
Please post this log in your next replyPictured tutorial if required (http://i275.photobucket.com/albums/jj285/Bleeping/KAS/KAS9.gif).
This scan will take quite some time to update & scan, so be patient with it.
plug_it_in
2010-09-26, 02:16
Tried run of Kaspersky , as I had to Unload Symantec got it downloaded and started scan after pulling out network plug.
Ran for 4:35:43 hrs 9% complete 7 Threats and 12 Objects found , system locked up scan said it was on file hpzhl696.cab
Rebooted into Safe Mode with Networking will try from here.
Hi
If the Kaspersky Online Scan is causing that much trouble, don't worry about it. There has been a few problems with it of late.
Try this one instead:
ESET Online Scanner
Go here (http://www.eset.com/onlinescan/) to run an online scannner from ESET.
Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic
plug_it_in
2010-09-26, 03:22
Tried to run eset in IE no joy , keeps looping on Start screen where you tick yes to EULA and hit start . Only once got message to Allow activeX and then page closed by IE . REset security and cleared all cookies cache etc , still no joy. One thing I have noticed in SpyBot I dont get the tool to see BHO , and I wonder why, can see any way to enable that .....
Anyway after all this waffle , you can run eset from other browsers using a download so running that ........
plug_it_in
2010-09-26, 03:44
Forget the Spybot comment it was a Doh moment , click on Tools and there is option to show Activex and BHO etc ....
plug_it_in
2010-09-26, 16:22
C:\WINDOWS\FixCamera.exe a variant of Win32/KillProc.A application
F:\$Downloads\HTC TouchPro2\Rhodium-HardSPL_V2_00R3_185HSPL.zip a variant of Win32/HackTool.PDAunlock.A application
F:\Android Software Collection 7-24-10\The Apps\PdaNet (2.41)\PdaNet4Android.v2.41.patch.exe.zip probably a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0201-0201ppc\0205ppc\phoneAlarm.v1.65.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0201-0201ppc\0208ppc\Pocket_Hack_Master_UniPatch_LXP.zip a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0201-0201ppc\0212ppc\phoneAlarm.v1.66.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0213-0221ppc\0217ppc\AraPoKey.zip probably a variant of Win32/Keylogger.Ardamax.LPNIKSW application
F:\RSS Downloads\February\0213-0221ppc\0217ppc\Aya.Blackberry.3GP.Mobile.Video.Converter.v1.0.3.Patch-AHCU.zip Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0213-0221ppc\0218ppc\SpaceTime.v3.0.Update.7-1.PPC.zip probably a variant of Win32/Agent.EGHVKHS trojan
F:\RSS Downloads\February\0213-0221ppc\0219ppc\CloneDVD.mobile.1.1.6.1_CRK-FFF.zip a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\February\0222-0225ppc\0222ppc\CompeGPS.Pocket.Air.v2.71.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.BBIOTXT trojan
F:\RSS Downloads\February\0222-0225ppc\0222ppc\CompeGPS.Pocket.PRO.v2.71.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.MCLBPLA trojan
F:\RSS Downloads\February\0222-0225ppc\0223ppc\Track.This.Out.TrackyPro.v3.3.XScale.WM2003.WM5.Incl.Keymaker-COREPDA.zip probably a variant of Win32/PSW.OnLineGames.IVVXYEP trojan
F:\RSS Downloads\February\0222-0225ppc\0224ppc\phoneAlarm.v1.66.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.IFCISBY trojan
F:\RSS Downloads\February\0226-0229ppc\0227ppc\PathAway.PRO.v4.00.79.WM2003.WM5.KeyMaker.Only-carpi.DVTPDA.zip probably a variant of Win32/Agent.JVVSIWU trojan
F:\RSS Downloads\February\0226-0229ppc\0228ppc\ChessGenius.v2.0.Beta.PPC.incl.keygen.zip probably a variant of Win32/Agent.BKODANA trojan
F:\RSS Downloads\February\0226-0229ppc\0228ppc\PSH.Formula1.2008.v2.1.PPC.incl.keygen.zip probably a variant of Win32/Agent.KUDCDDH trojan
F:\RSS Downloads\PerfectDisk 11 + Keygen\PerfectDisk 11 - Keygen.exe a variant of Win32/Keygen.AK application
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\Opera Mobile 8.65 Pro.rar probably a variant of Win32/Agent.KTFGXVW trojan
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\SOTI Pocket Controller Pro. v6.01.rar a variant of Win32/HackTool.Patcher.A application
F:\RSS Downloads\Pocket PC Essentials - Feb 2010\Pocket PC Essentials\Spb.Keyboard.v4.1.0.Build.2612.rar probably a variant of Win32/TrojanDownloader.Agent.JMVOTGA trojan
F:\Videos\Office2003.iso probably a variant of Win32/Agent.CNVAOQK trojan
F:\Videos\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL.rar probably a variant of Win32/HackTool.Patcher.A application
F:\Videos\Google SketchUp Pro 7.1.4871 + Patch-ISMAIL\Patch-ismail\google.sketchup.pro.7.1.4871.0-ismail.exe probably a variant of Win32/HackTool.Patcher.A application
F:\Videos\IDM UltraEdit 15.00.0.1033\IDM UltraEdit 15.00.0.1033\CORE\keygen.exe a variant of Win32/Keygen.AG application
plug_it_in
2010-09-26, 16:27
I have deleted all the F:\ related files
Hi
View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK
Upload Files for Scanning
Go to VirusTotal (http://www.virustotal.com/) & upload the following File/s for scanning.
Click Browse
Copy & paste the following File & Path in the text box next to File name: then click Open
C:\WINDOWS\FixCamera.exe
Click Send File
If confronted with two options, choose Reanalyse file now
Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply
plug_it_in
2010-09-26, 18:42
http://www.virustotal.com/file-scan/report.html?id=16204ff683c992bee4776c2716476ba61c432d674966bed3b350b099af8a2975-1285515626
Hi
A couple of hits. Could be just heuristics. Is that process something you use?
How's the computer running now?
plug_it_in
2010-09-26, 19:07
Dont really use it , if I remember it was installed with a USB Microsocope. I can delete it np.
Spybot still wont run.
Im just running Kaspersky on Critical areas and its found some stuff , just waiting for it to finish.
plug_it_in
2010-09-26, 19:12
Is there a way to fuind out why Spybot is crashing ? Wouldnt that give a clue ?
plug_it_in
2010-09-26, 19:13
Well running Kaspersky again as I accidentally stopped it at 51% this was the story so far
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 26, 2010 07:39:16
Records in database: 4240748
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - Critical areas:
C:\Documents and Settings\Administrator\Desktop\Start Menu\Programs\Startup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
C:\Program Files
C:\WINDOWS
Scan statistics:
Objects scanned: 80457
Threats found: 3
Infected objects found: 4
Suspicious objects found: 0
Scan duration: 01:52:02
File name / Threat / Threats count
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\Remote Desktop Control\apc_Admin.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.a 1
C:\Program Files\SystemScheduler\WSProc.dll Infected: not-a-virus:Monitor.Win32.Hooker.at 1
Scanning stopped by the user.
They appear to be false positives - flagged due to the nature of the programs.
So the only problem you're experiencing is that Spybot won't run. Have you tried an uninstall/reinstall?
plug_it_in
2010-09-27, 03:57
First thing I did was remove Spybot and reinstall. Is there more to do to makse sure its really gone .
btw I got Kaspersky to run on all of C Drive and here it is :
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, September 27, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 26, 2010 11:11:47
Records in database: 4242833
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - Folder:
C:\
Scan statistics:
Objects scanned: 232949
Threats found: 7
Infected objects found: 11
Suspicious objects found: 0
Scan duration: 05:29:09
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00004.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E0000A.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00010.VBN Infected: Trojan-GameThief.Win32.OnLineGames.umal 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00012.VBN Infected: Trojan-GameThief.Win32.OnLineGames.umal 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00014.VBN Infected: Trojan-GameThief.Win32.OnLineGames.uowc 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00015.VBN Infected: Trojan.Win32.Genome.aeeu 1
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\19E00025.VBN Infected: Trojan-Downloader.Win32.Agent.csiz 1
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.ad 1
C:\Program Files\Remote Desktop Control\apc_Admin.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.a 1
C:\Program Files\SystemScheduler\WSProc.dll Infected: not-a-virus:Monitor.Win32.Hooker.at 1
Selected area has been scanned.
What about trying to run Spybot with all other Security programs disabled? What happens if you try to run it from Safe Mode?
Download Security Check by screen317 from one of the following links & save it to your desktop:
Link 1 (http://screen317.spywareinfoforum.org/SecurityCheck.exe)
Link 2 (http://screen317.changelog.fr/SecurityCheck.exe) Double click SecurityCheck.exe to run it then press any key at the prompt to continue
Once the tool has finished a Notepad document should open named checkup.txt
Copy/paste the contents of checkup.txt & post in your next reply
plug_it_in
2010-09-27, 11:25
Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
IBM 32-bit Runtime Environment for Java 2, v5.0
Java(TM) 6 Update 21
IBM 32-bit Runtime Environment for Java 2, v5.0
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.4
````````````````````````````````
Process Check:
objlist.exe by Laurent
Symantec Client Security Symantec AntiVirus DefWatch.exe
Symantec Client Security Symantec AntiVirus SavRoam.exe
Symantec Client Security Symantec AntiVirus Rtvscan.exe
Symantec Client Security Symantec Client Firewall ISSVC.exe
Symantec Client Security Symantec Client Firewall SymSPort.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)
``````````End of Log````````````
Hi
Is there a way to fuind out why Spybot is crashing ? Wouldnt that give a clue ?Possibly. I'll get back to you that.
There's something else I want to check out.
Can you just confirm it is only Spybot that won't run. Your other security programs - Symantec AV & Firewall are fine. And that there are no other problems.
plug_it_in
2010-09-27, 21:47
I cant thank you enough for all your time and effort.
I reinstalled Spybot again, but this time to a different directory than the default, just in case it was referenced anywhere. I also enabled TeaTimer which I dont normally run. First I ran with no update and YEAH it ran . Found 45 errors. Then updated and ran again . Again ran fine. Turned off TeaTimer and is running fine. It always failed when it jumps from out 9K 10k entry to 24k entry.
So something you took me through must have fixed it.
All the very best .
Good stuff :bigthumb:
Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following coded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here (http://oldtimer.geekstogo.com/OTC.exe) & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
TFC.exe
RKUnhookerLE.exe
The Gmer.exe file (it will be randomly named .exe file)
MBRCheck.exe
SecurityCheck.exe
Any logs that may have been saved to your desktop
You can remove the Kaspersky & Eset Online Scanners if present. This can be done via Add or Remove Programs
All Clean
Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.
Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.
Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates
Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here (http://thespykiller.co.uk/index.php/topic,5946.0.html). Keep it updated & run it regularly.
SpywareBlaster
Download and install Javacools SpywareBlaster from here (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.
Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here (http://mvps.org/winhelp2002/hosts.htm)
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE (http://www.mvps.org/winhelp2002/hosts2.htm)
Install WinPatrol
Download it here (http://www.winpatrol.com/download.html)
You can find information about how WinPatrol works here (http://www.winpatrol.com/features.html)
Read some information here (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) on how to prevent Malware.
Hopefully these steps will help keep your computer clean.
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include fresh DDS & Attach logs and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or Moderator a private message (pm). A valid, working link to the closed topic is also required.