Spybot 1.6.2 will not run to completion, crashes. DDS.txt File

[plug_it_in]

Sorry about the confusion Im new to this forum .

Here is my DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Pete Rawlings at 11:51:41.64 on 14/09/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1402 [GMT 1:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

============== Running Processes ===============

C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\svchost.exe -k HPService
C:\Program Files\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\Notes\nsd.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
C:\Program Files\AT&T Network Client\NetClientSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\vmnat.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
C:\WINDOWS\system32\vmnetdhcp.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\vptray.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\vsnp2std.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\c4ebreg\isamtray.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\myiHome\app\myiHome-server.exe
C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\Program Files\AT&T Network Client\NetClient.exe
C:\Program Files\AT&T Network Client\NetMsg.exe
C:\Notes\NLNOTES.EXE
C:\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\notes2.exe
C:\Notes\swiftsrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Notes\ntaskldr.EXE
C:\Program Files\Sophos\Sophos Anti-Rootkit\sargui.exe
F:\$Downloads\Windows\SysinternalsSuite\procexp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\lmnvnp.exe
F:\$Downloads\Recovery\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 9\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\tfswshx.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - c:\program files\spb wallet\SpbWalletToolbar.dll
TB: QT TabBar: {d2bf470e-ed1c-487f-a333-2bd8835eb6ce} - mscoree.dll
TB: QT Tab Standard Buttons: {d2bf470e-ed1c-487f-a666-2bd8835eb6ce} - mscoree.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 9\SnagitIEAddin.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [TPKMAPMN] c:\program files\thinkpad\utilities\TpKmapMn.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~2\symant~2\\vptray.exe
mRun: [WD Button Manager] WDBtnMgr.exe
mRun: [vmware-tray] "c:\program files\vmware\vmware workstation\vmware-tray.exe"
mRun: [UltraNav Keyboard] c:\program files\lenovo\ultranav keyboard\SkdUNav.exe
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimageechoenterpriseserver\TrueImageMonitor.exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TPHOTKEY] c:\program files\lenovo\hotkey\TPOSDSVC.exe
mRun: [TPFNF7] c:\program files\lenovo\npdirect\TPFNF7SP.exe /r
mRun: [Tpam.exe] "c:\program files\ibm\personal communications\tpam.exe"
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [snp2std] c:\windows\vsnp2std.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [OSSelectorReinstall] c:\program files\common files\acronis\acronis disk director\oss_reinstall.exe
mRun: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [ISSI Service] "c:\sdwork\issimsvc.exe"
mRun: [Isamtray] "c:\program files\c4ebreg\isamtray.exe"
mRun: [IBM Lotus EasySync Pro] "c:\program files\lotus\easysync pro\SyncLauncher.exe"
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [DLSService] "c:\program files\dymo\dymo label software\DLSService.exe"
mRun: [dla] c:\windows\system32\dla\tfswctrl.exe
mRun: [C4EBReg] "c:\program files\c4ebreg\c4ebreg.exe" /q
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [AcronisTimounterMonitor] c:\program files\acronis\trueimageechoenterpriseserver\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\myihom~1.lnk - c:\program files\myihome\app\myiHome-server.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\start3~1.lnk - c:\program files\3dconnexion\3dconnexion 3dxsoftware\3dxware\3dxsrv.exe
uPolicies-explorer: NoDevMgrUpdate = 1 (0x1)
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\thinkpad\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
DPF: Microsoft XML Parser for Java
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/C/B/F/CBF23A2C-3E55-4664-BC5C-762780D79BA0/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
TCP: {CAD550CF-E36D-4DF5-A998-908611C8D4A9} = 9.64.162.21,9.64.163.21
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
Notify: atmgrtok - atmgrtok.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
Notify: pcsinst - pcsinst.dll
Notify: tpfnf2 - c:\program files\lenovo\hotkey\notifyf2.dll
Notify: tphotkey - c:\program files\lenovo\hotkey\tphklock.dll
AppInit_DLLs: c:\progra~1\google\google~2\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 relog_ap
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-9-13 28552]
R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2008-5-14 19496]
R1 SAVRT;SAVRT;c:\program files\symantec client security\symantec antivirus\savrt.sys [2006-9-6 337592]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec client security\symantec antivirus\Savrtpel.sys [2006-9-6 54968]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-6 169312]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-11-21 192104]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2006-11-21 202344]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-11-21 169576]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-7-16 10384]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\at&t network client\NetClientSvc.exe [2009-10-7 263520]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-7-13 94208]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec client security\symantec antivirus\Rtvscan.exe [2007-3-14 1816768]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-3-6 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-8-1 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2010-8-1 539184]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-3-6 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [2010-2-6 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-9-13 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [2010-2-8 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2009-7-13 81280]
R3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\naveng.sys [2010-9-13 85424]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100913.004\navex15.sys [2010-9-13 1362608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\google\update\GoogleUpdate.exe [2009-8-1 133104]
S2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [2007-11-2 40960]
S2 LogWatch;Event Log Watch;"c:\program files\ca\sharedcomponents\ca_lic\logwatnt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpsvc.exe --> c:\program files\lenovo\thinkpad usb keyboard with trackpoint\ltpSvc.exe [?]
S2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [2007-11-2 70656]
S3 cpuz132;cpuz132;\??\c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\admini~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-7-27 30192]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [2009-10-23 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eeye digital security\retina 5\scanner\ret55.sys --> c:\program files\eeye digital security\retina 5\scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\admini~1\locals~1\temp\rrmon.sys --> c:\docume~1\admini~1\locals~1\temp\rrmon.sys [?]
S3 SavRoam;SAVRoam;c:\program files\symantec client security\symantec antivirus\SavRoam.exe [2007-3-14 116416]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-11-7 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\vboxnetflt.sys --> c:\windows\system32\drivers\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-3-6 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 CA_LIC_CLNT;CA License Client;"c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe" --> c:\program files\ca\sharedcomponents\ca_lic\\lic98rmt.exe [?]
S4 csrcmds;csrcmds;c:\program files\ibm\personal communications\csrcmds.exe [2007-11-2 49152]
S4 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [2007-11-2 36864]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2010-2-21 583640]
S4 WindowsScheduler;System Scheduler Service;c:\progra~1\system~1\WService.exe [2009-9-16 13312]
S4 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\system~1\WSLogon.exe [2009-9-16 52224]

============== File Associations ===============

.scr=AutoCADScriptFile
.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-09-14 10:29:56 24064 ----a-w- c:\documents and settings\administrator\Ian Paterson 100914 Workload DB Import.XLS
2010-09-14 08:45:36 0 d-----w- c:\program files\Sophos
2010-09-14 08:21:06 0 d-----w- c:\docume~1\admini~1\applic~1\smkits
2010-09-14 00:13:37 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09:23 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09:23 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:09:23 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09:23 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:48:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-09-12 23:47:40 0 d-----w- c:\program files\Panda Security
2010-09-12 01:31:16 0 d-----w- c:\program files\mSoftware
2010-09-12 01:09:51 0 d-----w- c:\program files\Aspecto Software
2010-09-11 19:21:43 0 d-----w- C:\TTN7
2010-09-11 13:14:33 0 d-----w- c:\program files\SDA
2010-09-10 14:38:46 0 d-----w- c:\program files\Lotus
2010-09-10 14:38:46 0 d-----w- c:\program files\common files\XCPCSync.OEM
2010-09-10 13:38:32 0 d--h--w- c:\documents and settings\administrator\InstallAnywhere
2010-09-09 21:42:18 361 ----a-w- C:\RapiConfigOut.xml
2010-09-09 21:21:33 0 d-----w- c:\program files\NetDragon
2010-09-08 23:35:41 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 23:23:17 282624 ----a-w- c:\windows\system32\acomte445.ocx
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29:28 0 d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29:28 0 d-----w- c:\docume~1\alluse~1\applic~1\AGNS
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:38:14 130669 ----a-w- c:\windows\system32\nvModes.001
2010-09-08 15:38:05 36836 ----a-w- c:\windows\system32\nvwsapps.nvb
2010-09-08 15:21:13 190706 ----a-w- c:\windows\system32\nvapps.xml
2010-09-08 15:21:13 110415 ----a-w- c:\windows\system32\nvwsapps.xml
2010-09-08 15:20:56 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20:56 18725 ----a-w- c:\windows\system32\nvdisp.nvu
2010-09-08 15:20:56 0 d-----w- c:\windows\nview
2010-09-08 15:20:55 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49:20 0 d-----w- C:\ET_ROOT
2010-09-08 11:33:46 0 d-----w- c:\docume~1\admini~1\applic~1\Realtime Soft
2010-09-08 11:33:40 0 d-----w- c:\program files\common files\Realtime Soft
2010-09-08 11:33:39 0 d-----w- c:\program files\UltraMon
2010-09-08 11:33:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Realtime Soft
2010-09-07 13:35:03 0 d-----w- c:\docume~1\admini~1\applic~1\Sierra Wireless
2010-09-07 10:41:46 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09:26 0 d-----w- c:\program files\JRE
2010-09-06 17:38:30 1721 ----a-w- c:\documents and settings\administrator\.recently-used.xbel
2010-09-06 13:50:34 24064 ----a-w- c:\documents and settings\administrator\EMEA Workload DB Import.XLS
2010-09-04 21:18:21 0 d-----w- c:\docume~1\admini~1\applic~1\Nokia Ovi Suite
2010-09-04 20:52:38 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52:30 0 d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51:15 0 d-----w- c:\docume~1\alluse~1\applic~1\NokiaInstallerCache
2010-09-04 14:53:03 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51:53 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51:53 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-09-02 15:13:49 2840 ----a-w- c:\documents and settings\administrator\pseudovalindbmt.xls
2010-09-02 11:33:39 585216 ----a-w- c:\documents and settings\administrator\NationalRequirements_30501033-200712.doc
2010-08-29 18:50:43 3283 ----a-w- c:\windows\system32\wbem\Outlook_01cb47ab159fdb6e.mof
2010-08-28 17:44:51 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44:50 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44:49 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44:43 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44:17 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43:32 0 d-----w- c:\program files\common files\VMware
2010-08-16 13:20:58 0 d-----w- c:\program files\myiHome
2010-08-16 11:14:29 0 d-----w- c:\program files\Siber Systems
2010-08-15 13:25:04 1026 ----a-w- c:\windows\dirscan
2010-08-15 13:16:55 0 d-----w- c:\program files\Disk Size Manager 2.0

==================== Find3M ====================

2010-09-07 18:56:22 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-08-10 11:26:36 237320 ----a-w- c:\windows\system32\PDBoot.exe
2010-08-01 11:55:38 70704 ----a-w- c:\windows\system32\drivers\vmci.sys
2010-08-01 11:55:36 854064 ----a-w- c:\windows\system32\drivers\vmx86.sys
2010-08-01 11:54:52 14896 ----a-w- c:\windows\system32\drivers\vmparport.sys
2010-08-01 11:53:02 51248 ----a-w- c:\windows\system32\vmnetbridge.dll
2010-08-01 11:53:02 32688 ----a-w- c:\windows\system32\drivers\vmnetbridge.sys
2010-08-01 10:39:06 32304 ----a-w- c:\windows\system32\drivers\hcmon.sys
2010-08-01 10:12:36 252464 ----a-w- c:\windows\system32\vmnc.dll
2010-08-01 08:18:24 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-08-01 08:18:24 18736 ----a-w- c:\windows\system32\drivers\vmnet.sys
2010-08-01 08:18:24 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-07-27 19:53:07 64792 ----a-w- c:\windows\isamunin.exe
2010-07-25 14:54:28 0 ---ha-w- c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-25 14:37:05 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_user_01_09_00.Wdf
2010-07-22 11:37:29 108480 ----a-w- c:\windows\system32\drivers\AnyDVD.sys
2010-07-17 04:00:04 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2010-03-31 12:22:40 56079 --sh--r- c:\program files\DLS8Uninstall.log
2009-09-26 21:38:44 437 ----a-w- c:\program files\Shortcut to O2.lnk
2008-09-29 08:12:04 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58:10 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00:48 23 --sha-w- c:\windows\system32\edacded0.dat

============= FINISH: 11:52:44.93 ===============


Thanks

[jmw3]

Hello & Welcome to Safer-Networking

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

In the meantime please note the following:

• Any recommendations made are for your computer problems only and should NOT be used on any other computer.
• Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
  1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
  2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
• If you get stuck or are unsure of something please ask for a further explanation, do not guess.
• It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.

Please note that the forum is very busy and if I don't hear from you within four days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

You also need to know that I will not help remove malware from computers that have filesharing software (P2P) installed (such as Limewire, Bit Torrent, μTorrent etc. ). So if you want my help, please uninstall any such programs now & reboot.

Thanks

DDS
As your logs are now a few days old, please run DDS again, copy the contents of both logs & post in your next reply.

Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.

• Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
• If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  
  
  Click the image to enlarge it
  
• In the right panel, you will see several boxes that have been checked. Uncheck the following ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish
• Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
• Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.

• Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
• Double click the gmer.exe file
• The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
• After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply

To post in next reply:
Contents of New DDS log
Contents of New Attach.txt
Contents of Gmer log

[plug_it_in]

Data posted below .

I had problems running GMER with BSOD's . In the end I used msconfig disabled all but Microsoft Servies and disabled all Startup and on the 5th attempt ran to completion. Note GMER Log in two parts. When it starts it does a quick scan and that the first log. The second list is after hitting the scan button (this is where it crashed usually in its own driver)


I tried posting all the input you wanted but it exceeds the input capacaty so I have attached a zip of all files

[jmw3]

Hi

While I'm going through this lot, please also run the following:

Rootkit Unhooker
Download Rootkit Unhooker from Here & save it on your desktop.

• Disable your security programs
• Double click RKUnhookerLE.exe to run it
• Click the Report tab, then click Scan
• Check Drivers and Stealth Code, uncheck the rest, then click OK
• When prompted to Select Disks for Scan, make sure C:\ is checked then click OK
• Wait till the scanner has finished then go File > Save Report
• Save the report somewhere you can find it such as your desktop then click Close
• Copy/paste the entire contents of the report & post it in your next reply

Note - You may get the following warning - it is ok - just ignore it:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

[jmw3]

View Hidden Files & Folders Windows XP
To view Hidden Files & Folders do the following:
Click Start
Open My Computer
Select the Tools menu and click Folder Options
Select the View Tab
Under the Hidden files and folders heading select Show hidden files and folders
Uncheck the Hide protected operating system files (recommended) option
Click Yes to confirm
Click OK

Upload Files for Scanning
Go to VirusTotal & upload the following File/s for scanning.

• Click Browse
• Copy & paste the following File & Path in the text box next to File name: then click Open
  Code:

  c:\windows\neoqaz2.dll

• Click Send File
• If confronted with two options, choose Reanalyse file now
• Wait for scans to finish then copy & paste the URL from your browser address bar in your next reply

[plug_it_in]

http://www.virustotal.com/file-scan/...858-1285333222

[plug_it_in]

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xB8DF2000 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 6623232 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Miniport Driver, Version 178.74 )
0xBF012000 C:\WINDOWS\System32\nv4_disp.dll 6287360 bytes (NVIDIA Corporation, NVIDIA Compatible Windows 2000 Display driver, Version 178.74 )
0xB89DA000 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys 3633152 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2150400 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2150400 bytes
0x804D7000 RAW 2150400 bytes
0x804D7000 WMIxWDM 2150400 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xB2C9B000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100923.003\navex15.sys 1359872 bytes (Symantec Corporation, AV Engine)
0xB4854000 C:\WINDOWS\System32\drivers\appn.sys 1318912 bytes (IBM Corporation, APPN library)
0xB73EE000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0xB87AC000 C:\WINDOWS\system32\DRIVERS\btkrnl.sys 987136 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0xB9E17000 iaStor.sys 876544 bytes (Intel Corporation, Intel Matrix Storage Manager driver)
0xB49E2000 C:\WINDOWS\system32\Drivers\vmx86.sys 847872 bytes (VMware, Inc., VMware kernel driver)
0xB733B000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xB9CE1000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB69E0000 C:\WINDOWS\system32\DRIVERS\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0xB6B9F000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xB9C49000 timntr.sys 438272 bytes (Acronis, Acronis True Image Backup Archive Explorer)
0xB33AA000 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 401408 bytes (Symantec Corporation, SPBBC Driver)
0xB6B19000 C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 385024 bytes (Symantec Corporation, Symantec Eraser Control Driver)
0xB8631000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB6E15000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xB7073000 C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys 360448 bytes (Symantec Corporation, AutoProtect)
0xB435F000 C:\WINDOWS\system32\DRIVERS\srv.sys 356352 bytes (Microsoft Corporation, Server driver)
0xB894F000 C:\WINDOWS\system32\DRIVERS\rixdptsk.sys 335872 bytes (REDC, RICOH XD SM Driver)
0xB7552000 C:\WINDOWS\system32\drivers\ADIHdAud.sys 323584 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0xB6CF4000 C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100915.004\symidsco.sys 290816 bytes (Symantec Corporation, IDS Core Driver)
0xBFFA0000 C:\WINDOWS\System32\ATMFD.DLL 286720 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xB8D9D000 C:\WINDOWS\system32\DRIVERS\e1e5132.sys 266240 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 5.2 deserialized driver)
0xB149F000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xB876B000 C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys 266240 bytes (-, SRS WOW HD, TSXT, CSII, Mobile HD Standalone driver)
0xB6DDA000 C:\WINDOWS\System32\Drivers\SYMTDI.SYS 241664 bytes (Symantec Corporation, Network Dispatch Driver)
0xB889D000 C:\WINDOWS\system32\DRIVERS\agnfilt.sys 221184 bytes (AT&T, Net Firewall)
0xB74E0000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xB49AF000 C:\WINDOWS\System32\drivers\AppnBase.sys 208896 bytes (IBM Corporation, APPNBASE library)
0xB86AC000 C:\WINDOWS\system32\DRIVERS\rdpdr.sys 196608 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0xB9F79000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xB9CB4000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB9DBA000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xB8923000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 180224 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xB1101000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xB6C0F000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB6D3B000 C:\WINDOWS\System32\Drivers\SYMFW.SYS 167936 bytes (Symantec Corporation, Firewall Filter Driver)
0xB8D51000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xB6CCC000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB4819000 C:\WINDOWS\System32\drivers\pdlncfwk.sys 163840 bytes (IBM Corporation, PDLNCFWK.SYS)
0xB9F05000 dmio.sys 155648 bytes (Microsoft Corp., Veritas Software, NT Disk Manager I/O Driver)
0xB6DB4000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xB54FE000 C:\WINDOWS\System32\Drivers\DefragFS.SYS 151552 bytes (Raxco Software, Inc., Defragmentation Support Driver)
0xB752E000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xB8D79000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xB88D3000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB2E0F000 C:\WINDOWS\System32\Drivers\RDPWD.SYS 143360 bytes (Microsoft Corporation, RDP Terminal Stack Driver (US/Canada Only, Not for Export))
0xB6CAA000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xB7051000 C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 139264 bytes (Symantec Corporation, Symantec Event Library)
0x806E4000 ACPI_HAL 134400 bytes
0x806E4000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xB9D9A000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xB9C29000 snman380.sys 131072 bytes (Acronis, Acronis Snapshot API)
0xB9F2B000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xB479E000 C:\WINDOWS\System32\drivers\appnapi.sys 122880 bytes (IBM Corporation, APPNAPI library)
0xB9C0B000 Apsx86.sys 122880 bytes (Lenovo., Shockproof Disk Driver)
0xB9F4A000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0xB6AFC000 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 118784 bytes (Symantec Corporation, Symantec Eraser Utility Driver)
0xB868F000 C:\WINDOWS\system32\DRIVERS\mcdbus.sys 118784 bytes (MagicISO, Inc., MagicISO SCSI Host Controller)
0xB7514000 C:\WINDOWS\system32\drivers\AEAudio.sys 106496 bytes (Andrea Electronics Corporation, Audio Noise Filtering Driver (32-bit))
0xB9BF1000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xB9DE6000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xB88F6000 C:\WINDOWS\System32\Drivers\AnyDVD.sys 102400 bytes (SlySoft, Inc., AnyDVD Filter Driver)
0xB4996000 C:\WINDOWS\system32\DRIVERS\llc2.sys 102400 bytes (IBM Corporation, LLC2 library)
0xB5495000 C:\WINDOWS\system32\dla\tfsnudf.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB547C000 C:\WINDOWS\system32\dla\tfsnudfa.sys 102400 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9DFF000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xB9EED000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xB9D6E000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xB8754000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xB554B000 C:\WINDOWS\system32\DRIVERS\WudfPf.sys 94208 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xB5562000 C:\WINDOWS\system32\dla\tfsnifs.sys 90112 bytes (Sonic Solutions, Drive Letter Access Component)
0xB9D85000 drvmcdb.sys 86016 bytes (Sonic Solutions, Device Driver)
0xB3A27000 C:\WINDOWS\System32\drivers\pdlndldl6.sys 86016 bytes (IBM Corporation, PDLNDLDL6.SYS)
0xB4804000 C:\WINDOWS\System32\drivers\pdlndlpb.sys 86016 bytes (IBM Corporation, PDLNDLPB.SYS)
0xB4C6F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xB6EC9000 C:\WINDOWS\System32\Drivers\LenovoRd.sys 81920 bytes (Lenovo, Smart Card Reader Driver)
0xB2C87000 C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100923.003\naveng.sys 81920 bytes (Symantec Corporation, AV Engine)
0xB890F000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xB47DE000 C:\WINDOWS\System32\drivers\pdlndsdl.sys 81920 bytes (IBM Corporation, PDLNDSDL.SYS)
0xB89A1000 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0xB703D000 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys 81920 bytes (Symantec Corporation, SAVRTPEL)
0xB89C6000 C:\WINDOWS\system32\DRIVERS\sdbus.sys 81920 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0xB8DDE000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB6E6E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xB4841000 C:\WINDOWS\System32\drivers\pdlnacom.sys 77824 bytes (IBM Corporation, PDLNACOM.SYS)
0xB3ADC000 C:\WINDOWS\System32\drivers\pdlndldl.sys 77824 bytes (IBM Corporation, PDLNDLDL.SYS)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xB47F2000 C:\WINDOWS\System32\drivers\pdlndqll.sys 73728 bytes (IBM Corporation, PDLNDQLL.SYS)
0xB9F68000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xB47CD000 C:\WINDOWS\System32\drivers\pdlndtdl.sys 69632 bytes (IBM Corporation, PDLNDTDL.SYS)
0xB47BC000 C:\WINDOWS\System32\drivers\pdlnemap.sys 69632 bytes (IBM Corporation, PDLNEMAP.SYS)
0xB89B5000 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys 69632 bytes (REDC, RICOH SD Driver)
0xBA2F8000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xB9BB1000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xBA278000 C:\WINDOWS\system32\DRIVERS\nic1394.sys 65536 bytes (Microsoft Corporation, IEEE1394 Ndis Miniport and Call Manager)
0xBA1A8000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xB9BD1000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xB4CE4000 C:\WINDOWS\system32\Drivers\vmci.sys 65536 bytes (VMware, Inc., VMware kernel driver)
0xBA268000 C:\WINDOWS\system32\DRIVERS\arp1394.sys 61440 bytes (Microsoft Corporation, IP/1394 Arp Client)
0xB9493000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xB4C84000 C:\WINDOWS\System32\drivers\pdlnshay.sys 61440 bytes (IBM Corporation, PDLNSHAY.SYS)
0xB4B41000 C:\WINDOWS\System32\drivers\pdlnsx25.sys 61440 bytes (IBM Corporation, PDLNSX25.SYS)
0xB9BA1000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xB4F4C000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xB94A3000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xB94D3000 C:\WINDOWS\system32\drivers\WmXlCore.sys 61440 bytes (Logitech Inc., Logitech WingMan Translation Driver)
0xBA1B8000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xBA108000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xBA0D8000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xB5074000 C:\WINDOWS\System32\drivers\pdlnsv25.sys 57344 bytes (IBM Corporation, PDLNSV25.SYS)
0xBA168000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB9BE1000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xB428F000 C:\WINDOWS\System32\drivers\pdlndoem.sys 53248 bytes (IBM Corporation, PDLNDOEM.SYS)
0xB4CA4000 C:\WINDOWS\System32\drivers\pdlnecfg.sys 53248 bytes (IBM Corporation, PDLNECFG.SYS)
0xB9B81000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xBA2B8000 C:\WINDOWS\System32\Drivers\SCDEmu.SYS 53248 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0xBA0C8000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xBA2E8000 C:\WINDOWS\system32\DRIVERS\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xBA148000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA138000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB9B61000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xBA298000 C:\WINDOWS\System32\Drivers\SYMIDS.SYS 49152 bytes (Symantec Corporation, IDS Filter Driver)
0xBA1E8000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xBA1F8000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xBA1C8000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xBA1D8000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xBA2C8000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xB9BC1000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xBA0B8000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xB9B71000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xBA288000 C:\WINDOWS\System32\Drivers\SYMNDIS.SYS 45056 bytes (Symantec Corporation, NDIS Filter Driver)
0xBA188000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xBA218000 C:\WINDOWS\system32\drivers\drvnddm.sys 40960 bytes (Sonic Solutions, Device Driver Manager)
0xB4D14000 C:\WINDOWS\system32\drivers\hcmon.sys 40960 bytes (VMware, Inc., VMware USB monitor)
0xBA0A8000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xB94B3000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xB4CB4000 C:\WINDOWS\System32\drivers\pdlnatcm.sys 40960 bytes (IBM Corporation, PDLNATCM.SYS)
0xB4C94000 C:\WINDOWS\System32\drivers\pdlnatdl.sys 40960 bytes (IBM Corporation, PDLNATDL.SYS)
0xBA178000 PxHelp20.sys 40960 bytes (Sonic Solutions, Px Engine Device Driver for Windows 2000/XP)
0xBA128000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xBA0F8000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xBA198000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xBA258000 C:\WINDOWS\System32\Drivers\SYMREDRV.SYS 40960 bytes (Symantec Corporation, Redirector Filter Driver)
0xB9B51000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xB9443000 C:\WINDOWS\system32\DRIVERS\tifsfilt.sys 40960 bytes (Acronis, Acronis True Image File System Filter)
0xBA228000 C:\WINDOWS\System32\Drivers\cdrbsdrv.SYS 36864 bytes (B.H.A Corporation, CD-ROM Filter Driver for Windows2000/xp)
0xBA158000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xB9B91000 C:\WINDOWS\system32\DRIVERS\HIDCLASS.SYS 36864 bytes (Microsoft Corporation, Hid Class Library)
0xBA318000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 36864 bytes (Microsoft Corporation, Processor Device Driver)
0xBA238000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xBA2A8000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xB1397000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB4B31000 C:\WINDOWS\System32\drivers\pdlnafac.sys 36864 bytes (IBM Corporation, PDLNAFAC.SYS)
0xBA0E8000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xB6ADC000 C:\WINDOWS\system32\dla\tfsncofs.sys 36864 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA118000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise Ultra66 Miniport Driver)
0xBA248000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xBA398000 ApsHM86.sys 32768 bytes (Lenovo., ThinkVantage Active Protection System HID Digitizer Activity Monitor Driver)
0xBA3C8000 C:\WINDOWS\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0xBA400000 C:\WINDOWS\system32\DRIVERS\btport.sys 32768 bytes (Broadcom Corporation., Bluetooth BTPORT Driver for Windows 2000)
0xB8724000 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys 32768 bytes (Logitech, Inc., Logitech HID Filter Driver.)
0xB871C000 C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys 32768 bytes (Logitech, Inc., Logitech Mouse Filter Driver.)
0xBA3E0000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xBA450000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xB6DA4000 C:\WINDOWS\System32\drivers\pdlnctdl.sys 32768 bytes (IBM Corporation, PDLNCTDL.SYS)
0xB6D84000 C:\WINDOWS\System32\drivers\pdlndint.sys 32768 bytes (IBM Corporation, PDLNDINT.SYS)
0xB3DA7000 C:\WINDOWS\system32\DRIVERS\RNDISMPX.SYS 32768 bytes (Microsoft Corporation, Remote NDIS Miniport)
0xBA358000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xBA368000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xBA410000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xBA4A0000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xBA408000 C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys 32768 bytes (Wacom Technology, Wacom Mouse Filter Driver)
0xBA340000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xBA3D8000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xBA390000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xBA328000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xBA388000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xBA3A0000 risdptsk.sys 28672 bytes (REDC, RICOH SD/MMC Driver)
0xBA460000 C:\WINDOWS\System32\Drivers\SYMDNS.SYS 28672 bytes (Symantec Corporation, DNS Filter Driver)
0xBA360000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xB86FC000 C:\WINDOWS\system32\dla\tfsnboio.sys 28672 bytes (Sonic Solutions, Drive Letter Access Component)
0xB8714000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xBA438000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xB86EC000 C:\WINDOWS\system32\DRIVERS\vmnetbridge.sys 28672 bytes (VMware, Inc., VMware bridge driver (32-bit))
0xBA370000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xB6D94000 C:\WINDOWS\System32\drivers\anydlc.sys 24576 bytes (IBM Corporation, ANYDLC.DLL(9X)/ANYDLC.SYS(NT))
0xBA378000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xBA4A8000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xBA3B0000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB6D6C000 C:\WINDOWS\System32\drivers\pdlnslea.sys 24576 bytes (IBM Corporation, PDLNSLEA.SYS)
0xBA428000 C:\WINDOWS\system32\drivers\ssrtln.sys 24576 bytes (Sonic Solutions, Shared Driver Component)
0xB54C6000 C:\WINDOWS\System32\Drivers\TDTCP.SYS 24576 bytes (Microsoft Corporation, TCP Transport Driver)
0xBA498000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xBA430000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xB86E4000 C:\WINDOWS\system32\DRIVERS\agnwifi.sys 20480 bytes (AT&T, Wi-Fi Driver)
0xB54DE000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xBA490000 C:\WINDOWS\system32\drivers\bfturboh.sys 20480 bytes (BUFFALO INC., USB Turbo Driver for HDD)
0xBA380000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xBA480000 C:\WINDOWS\System32\Drivers\ElbyCDIO.sys 20480 bytes (Elaborate Bytes AG, ElbyCD Windows NT/2000/XP I/O driver)
0xBA350000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xBA3D0000 C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys 20480 bytes (Lenovo., ThinkPad Power Management Driver)
0xB6D74000 C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys 20480 bytes (-, -)
0xBA348000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xBA448000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xBA330000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xB6D8C000 C:\WINDOWS\System32\drivers\pdlnepkt.sys 20480 bytes (IBM Corporation, PDLNEPKT.SYS)
0xBA3F0000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xBA3F8000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xBA420000 C:\WINDOWS\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0xBA338000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xBA3E8000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xBA478000 C:\WINDOWS\system32\DRIVERS\TPHKDRV.sys 20480 bytes (Lenovo Group Limited, ThinkPad Hotkey Driver)
0xBA470000 C:\WINDOWS\System32\drivers\Tppwrif.sys 20480 bytes
0xBA468000 C:\WINDOWS\System32\drivers\TSMAPIP.SYS 20480 bytes
0xBA4B0000 C:\WINDOWS\system32\drivers\VMkbd.sys 20480 bytes (VMware, Inc., VMware keyboard filter driver (32-bit))
0xB54E6000 C:\WINDOWS\system32\drivers\vmnetuserif.sys 20480 bytes (VMware, Inc., VMware network application interface driver (32-bit))
0xB8704000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xBA4CC000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xBA4DC000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xBA4C0000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xBA4E4000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xB9A67000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xBA4C8000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xBA4D4000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xBA4E0000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xB6E81000 C:\WINDOWS\system32\DRIVERS\kbdhid.sys 16384 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB4347000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0xB95AB000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xB545C000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xB4D90000 C:\WINDOWS\System32\drivers\pdlnemsg.sys 16384 bytes (IBM Corporation, PDLNEMSG.SYS)
0xB9A6F000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB8629000 C:\WINDOWS\System32\Drivers\SMCLIB.SYS 16384 bytes (Microsoft Corporation, Smard Card Driver Library)
0xBA4D0000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xB6C3A000 C:\WINDOWS\system32\dla\tfsnopio.sys 16384 bytes (Sonic Solutions, Drive Letter Access Component)
0xB27FB000 C:\WINDOWS\system32\DRIVERS\usb8023x.sys 16384 bytes (Microsoft Corporation, Remote NDIS USB Driver)
0xB402F000 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys 16384 bytes (VMware, Inc., VMware Virtual Storage Volume Driver)
0xB95A7000 C:\WINDOWS\system32\drivers\WmBEnum.sys 16384 bytes (Logitech Inc., Logitech WingMan Virtual Bus Enumerator Driver)
0xBA4C4000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controller Driver)
0xBA4D8000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xBA4B8000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xBA4BC000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xB6C52000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xB861D000 C:\WINDOWS\system32\DRIVERS\hidusb.sys 12288 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0xB8738000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xB5440000 C:\WINDOWS\System32\drivers\klognt.sys 12288 bytes (IBM Corporation, KLOGNT DLL)
0xB959B000 C:\WINDOWS\system32\DRIVERS\mouhid.sys 12288 bytes (Microsoft Corporation, HID Mouse Filter Driver)
0xB9A4B000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xB4D94000 C:\WINDOWS\System32\drivers\pdlnebas.sys 12288 bytes (IBM Corporation, PDLNEBAS.SYS)
0xB9A5F000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xB8611000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xB5450000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 12288 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xB553F000 C:\WINDOWS\System32\Drivers\TVicPort.SYS 12288 bytes (EnTech Taiwan, TVicPort Driver for Windows NT/2000/XP)
0xB400F000 C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys 12288 bytes (Realtime Soft Ltd, UltraMon Utility Driver)
0xB959F000 C:\WINDOWS\system32\DRIVERS\VMNET.SYS 12288 bytes (VMware, Inc., VMware virtual network driver (32-bit))
0xB95A3000 C:\WINDOWS\system32\DRIVERS\vmnetadapter.sys 12288 bytes (VMware, Inc., VMware virtual network adapter driver (32-bit))
0xB9A4F000 C:\WINDOWS\system32\DRIVERS\wacomvhid.sys 12288 bytes (Wacom Technology, Virtual Hid Device)
0xB9A57000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xB7113000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xBA5AC000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xBA5F0000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xBA5B8000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xBA5AE000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE Bus Driver)
0xBA5B6000 dmload.sys 8192 bytes (Microsoft Corp., Veritas Software., NT Disk Manager Startup Driver)
0xBA624000 C:\WINDOWS\SYSTEM32\EGATHDRV.SYS 8192 bytes (IBM Corporation, IBM eGatherer Kernel Module)
0xBA5EE000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xBA5B4000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0xBA5EA000 C:\WINDOWS\system32\DRIVERS\isamfilter.sys 8192 bytes (IBM Corp., IBM Standard Asset Manager Filter)
0xBA5A8000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xBA5F2000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xBA5F8000 C:\WINDOWS\System32\drivers\nstrcnt.sys 8192 bytes (IBM Corporation, NSTRCNT.SYS)
0xBA608000 C:\WINDOWS\System32\drivers\pdlncbas.sys 8192 bytes (IBM Corporation, PDLNCBAS.SYS)
0xBA5BA000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xBA656000 C:\WINDOWS\system32\drivers\PMEMNT.SYS 8192 bytes (Microsoft Corporation, Physical Memory Driver)
0xBA5F6000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xBA5DC000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xBA5E8000 C:\WINDOWS\system32\drivers\sscdbhk5.sys 8192 bytes (Sonic Solutions, Shared Driver Component)
0xBA5DE000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xBA612000 C:\WINDOWS\system32\dla\tfsnpool.sys 8192 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA5B0000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE Controller)
0xBA5D8000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xBA5B2000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA602000 C:\WINDOWS\system32\Drivers\VMparport.sys 8192 bytes (VMware, Inc., VMware parallel port driver)
0xBA5AA000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xBA6D8000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xBA71F000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xBA704000 C:\WINDOWS\System32\Drivers\LBeepKE.sys 4096 bytes (Logitech, Inc., Logitech Consumer Control Filter Driver.)
0xBA7C9000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xBA671000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xBA670000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xBA6CD000 C:\WINDOWS\system32\dla\tfsndrct.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
0xBA6A5000 C:\WINDOWS\system32\dla\tfsndres.sys 4096 bytes (Sonic Solutions, Drive Letter Access Component)
==============================================
>Stealth
==============================================
0x05B70000 Hidden Image-->Google.GData.Client.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 176128 bytes
0x03790000 Hidden Image-->Google.GData.AccessControl.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 28672 bytes
0x03760000 Hidden Image-->Google.GData.Calendar.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 45056 bytes
0x05AF0000 Hidden Image-->msvcm80.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 507904 bytes
0x02B10000 Hidden Image-->ClxGoogleCalendar.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 73728 bytes
0x037C0000 Hidden Image-->Google.GData.Extensions.dll [ EPROCESS 0x86E025C8 ] PID: 4480, 86016 bytes

[jmw3]

Hi

I think I'd like an Expert to have a look at that file.

Can you go to c:\windows\neoqaz2.dll, right click the file, select Send to compressed(zip) folders. That will make a zipped copy of the file.
Then upload that to http://www.thespykiller.co.uk/index.php?board=1.0 so I can get the file examined.

Just create a new topic, name it something like Files for jmw3, fill in the needed details & give a link to your post here, then click the Browse button & navigate to & select the zipped file. When the file is listed in the window click Send to upload the file (see the "Instructions for uploading files" there for help, if needed).

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.

• Save any unsaved work. TFC Cleaner will close all open application windows
• Double-click TFC.exe to run the program, your desktop will temporarily disappear
• If prompted, click Yes to reboot

Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  A guide to do this can be found here
• Double click on ComboFix.exe & follow the prompts
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

• Click on Yes, to continue scanning for malware.
• When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

To post in next reply:
ComboFix log
Update on how the computer is running

[plug_it_in]

http://thespykiller.co.uk/index.php/....html#msg37862

[plug_it_in]

Ran combo fix after TFC . Ran Spybot after this and still fails to run to completion

ComboFix 10-09-23.01 - Pete Rawlings 24/09/2010 19:17:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2320 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Desktop\Pilot Install.EXE
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
C:\Documents
c:\windows\system\VI30AUT.DLL
c:\windows\system32\Cache
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:30 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-24 18:30 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-24 18:30 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-24 18:29 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-24 18:26 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-24 17:36 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-29 08:12 . 2008-09-29 08:12 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]

2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]

2010-09-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-16 10:08]

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-atmgrtok - atmgrtok.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3644.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(436)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(8464)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-24 19:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 18:37

Pre-Run: 19,832,352,768 bytes free
Post-Run: 19,511,652,352 bytes free

- - End Of File - - FB4F8E3B8F33D3036A0ABD0D2723FC75