Spybot 1.6.2 will not run to completion, crashes. DDS.txt File

**jmw3** · 2010-09-25, 01:22

Hi

I don't see any references to it in your logs, but do you have Spybot's TeaTimer disabled when you run a scan with Spybot?

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

Advanced SystemCare 3

If some programs listed are not present, please do not panic

You should also remove the following outdated version of Java, as it is open to exploitation:
Java(TM) 6 Update 13

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code:

File::
c:\windows\neoqaz2.dll
c:\windows\Tasks\AWC Update.job
Folder::
c:\program files\IObit
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000000
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000000
Driver::
LogWatch
CA_LIC_CLNT
MEMSWEEP2
RRMONX
DDS::
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}
uInternet Settings,ProxyOverride = <local>;<local>
Trusted Zone: o2.co.uk\*.broadband
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

MBRCheck
Download MBRCheck from Here & save it to your desktop.
Disable your security programs so they do not interfere with the tool.

Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt if enabled)
A window will open on your desktop
If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program
If nothing unusual is found just press Enter
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop
Post the contents of that file in your next reply

To post in next reply:
ComboFix log
MBRCheck log

**plug_it_in** · 2010-09-25, 13:15

ComboFix 10-09-23.01 - Pete Rawlings 24/09/2010 19:17:51.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.2320 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *disabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Desktop\Pilot Install.EXE
c:\documents and settings\Administrator\My Documents\DPE.DUS
c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
C:\Documents
c:\windows\system\VI30AUT.DLL
c:\windows\system32\Cache
c:\windows\system32\winsusrm.dll
c:\windows\system32\winsusrx.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-24 to 2010-09-24 )))))))))))))))))))))))))))))))
.

2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-24 18:30 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-24 18:30 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-24 18:30 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-24 18:29 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-24 18:26 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-24 17:36 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2008-09-29 08:12 . 2008-09-29 08:12 108 --sha-r- c:\windows\neoqaz2.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 LogWatch;Event Log Watch;"c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe" --> c:\program files\CA\SharedComponents\CA_LIC\LogWatNT.exe [?]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 CA_LIC_CLNT;CA License Client;"c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe" --> c:\program files\CA\SharedComponents\CA_LIC\\lic98rmt.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\3644.tmp --> c:\windows\system32\3644.tmp [?]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 RRMONX;RRMONX;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\rrmon.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]

2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]

2010-09-24 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-07-16 10:08]

2010-09-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-24 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
uInternet Settings,ProxyOverride = <local>;<local>
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: o2.co.uk\*.broadband
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-atmgrtok - atmgrtok.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-SLABCOMM&10C4&EA60 - c:\windows\system32\Silabs\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-24 19:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\3644.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(436)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\program files\IBM\Personal Communications\atmgrtok.dll
c:\program files\IBM\Personal Communications\MILLUTIL.DLL
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(588)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(8464)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\mslbui.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\WTouch\WTouchUser.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\program files\Raxco\PerfectDisk10\PDAgentS1.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-24 19:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-24 18:37

Pre-Run: 19,832,352,768 bytes free
Post-Run: 19,511,652,352 bytes free

- - End Of File - - FB4F8E3B8F33D3036A0ABD0D2723FC75

**plug_it_in** · 2010-09-25, 13:18

Note : I have a HD with two partitions and on second Partition is Windows 7 and it created a dual boot environment.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0200003c

Kernel Drivers (total 300):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0A8000 isapnp.sys
0xBA4BC000 compbatt.sys
0xBA4C0000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA5AC000 aliide.sys
0xBA5AE000 cmdide.sys
0xBA5B0000 toside.sys
0xBA5B2000 viaide.sys
0xBA5B4000 intelide.sys
0xB9F4A000 pcmcia.sys
0xBA0B8000 MountMgr.sys
0xB9F2B000 ftdisk.sys
0xBA5B6000 dmload.sys
0xB9F05000 dmio.sys
0xBA330000 PartMgr.sys
0xBA4C4000 ACPIEC.sys
0xBA671000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xBA0C8000 VolSnap.sys
0xBA4C8000 cpqarray.sys
0xB9EED000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xB9E17000 iaStor.sys
0xB9DFF000 atapi.sys
0xBA4CC000 aha154x.sys
0xBA338000 sparrow.sys
0xBA4D0000 symc810.sys
0xBA0D8000 aic78xx.sys
0xBA4D4000 dac960nt.sys
0xBA0E8000 ql10wnt.sys
0xBA4D8000 amsint.sys
0xBA340000 asc.sys
0xBA4DC000 asc3550.sys
0xBA348000 mraid35x.sys
0xBA350000 i2omp.sys
0xBA4E0000 ini910u.sys
0xBA0F8000 ql1240.sys
0xBA108000 aic78u2.sys
0xBA358000 symc8xx.sys
0xBA360000 sym_hi.sys
0xBA368000 sym_u3.sys
0xBA370000 ABP480N5.SYS
0xBA378000 asc3350p.sys
0xBA5B8000 cd20xrnt.sys
0xBA118000 ultra.sys
0xB9DE6000 adpu160m.sys
0xBA380000 dpti2o.sys
0xBA128000 ql1080.sys
0xBA138000 ql1280.sys
0xBA148000 ql12160.sys
0xBA388000 perc2.sys
0xBA5BA000 perc2hib.sys
0xBA390000 hpn.sys
0xBA4E4000 cbidf2k.sys
0xB9DBA000 dac2w2k.sys
0xBA158000 disk.sys
0xBA168000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9D9A000 fltmgr.sys
0xB9D88000 sr.sys
0xB9D73000 drvmcdb.sys
0xBA178000 PxHelp20.sys
0xB9D5C000 KSecDD.sys
0xB9CCF000 Ntfs.sys
0xB9CA2000 NDIS.sys
0xB9C37000 timntr.sys
0xBA188000 Combo-Fix.sys
0xBA198000 viaagp.sys
0xBA398000 ApsHM86.sys
0xB9C17000 snman380.sys
0xBA1A8000 sisagp.sys
0xB9BF9000 Apsx86.sys
0xBA3A0000 risdptsk.sys
0xBA1B8000 ohci1394.sys
0xBA1C8000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xB9BDF000 Mup.sys
0xBA1D8000 alim1541.sys
0xBA1E8000 amdagp.sys
0xBA1F8000 agp440.sys
0xBA208000 agpCPQ.sys
0xBA268000 \SystemRoot\system32\DRIVERS\nic1394.sys
0xB9B7F000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8D38000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8D24000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB8CE3000 \SystemRoot\system32\DRIVERS\e1e5132.sys
0xBA4A0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB8CBF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA4A8000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xB8C97000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xB8920000 \SystemRoot\system32\DRIVERS\NETw5x32.sys
0xB890C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0xB88FB000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0xB88E7000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0xB8895000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0xB9B6F000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA4B0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA3B0000 \??\C:\WINDOWS\system32\drivers\VMkbd.sys
0xB8869000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xBA5D4000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xBA3C8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xB9B5F000 \SystemRoot\system32\DRIVERS\serial.sys
0xB9A5D000 \SystemRoot\system32\DRIVERS\serenum.sys
0xB8855000 \SystemRoot\system32\DRIVERS\parport.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\atmeltpm.sys
0xB9A59000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\ibmpmdrv.sys
0xB9B4F000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB883C000 \SystemRoot\System32\Drivers\AnyDVD.sys
0xB9A51000 \SystemRoot\system32\drivers\pfc.sys
0xB9B3F000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xB9419000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8819000 \SystemRoot\system32\DRIVERS\ks.sys
0xB9A49000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xB87E3000 \SystemRoot\system32\DRIVERS\agnfilt.sys
0xB86F2000 \SystemRoot\system32\DRIVERS\btkrnl.sys
0xB9A41000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0xB9409000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xBA3E0000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA5D8000 \SystemRoot\system32\DRIVERS\serscan.sys
0xB86B1000 \SystemRoot\system32\drivers\srs_sscfilter_i386.sys
0xBA713000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA5DA000 \SystemRoot\System32\Drivers\RootMdm.sys
0xBA3E8000 \SystemRoot\System32\Drivers\Modem.SYS
0xB93F9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xB9A3D000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB869A000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB93E9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB93D9000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3F0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBA3F8000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA400000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB85F2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xB93C9000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB85D5000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0xBA5DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8577000 \SystemRoot\system32\DRIVERS\update.sys
0xB9538000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB9534000 \SystemRoot\system32\drivers\WmBEnum.sys
0xB93B9000 \SystemRoot\system32\drivers\WmXlCore.sys
0xB9530000 \SystemRoot\system32\DRIVERS\vmnetadapter.sys
0xB952C000 \SystemRoot\system32\DRIVERS\VMNET.SYS
0xBA408000 \SystemRoot\system32\DRIVERS\btport.sys
0xB9528000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xBA430000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0xB9399000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB9389000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xB7498000 \SystemRoot\system32\drivers\ADIHdAud.sys
0xB7474000 \SystemRoot\system32\drivers\portcls.sys
0xBA228000 \SystemRoot\system32\drivers\drmk.sys
0xB73BA000 \SystemRoot\system32\drivers\AEAudio.sys
0xB7386000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xB7294000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xB71E1000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xB8682000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xB70F9000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys
0xB70D7000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
0xB70C3000 \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys
0xBA410000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB6F4F000 \SystemRoot\System32\Drivers\LenovoRd.sys
0xB867A000 \SystemRoot\System32\Drivers\SMCLIB.SYS
0xBA428000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xB8672000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xBA5E8000 \SystemRoot\system32\drivers\sscdbhk5.sys
0xBA2A8000 \SystemRoot\System32\Drivers\cdrbsdrv.SYS
0xBA440000 \??\C:\WINDOWS\system32\SAVRKBootTasks.sys
0xBA5EC000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xBA708000 \SystemRoot\System32\Drivers\Null.SYS
0xBA5EE000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA448000 \SystemRoot\system32\drivers\ssrtln.sys
0xBA450000 \SystemRoot\System32\drivers\vga.sys
0xBA5F0000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA5F2000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xBA458000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBA460000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8563000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB6EF4000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xBA2B8000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB6E9B000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB6E60000 \SystemRoot\System32\Drivers\SYMTDI.SYS
0xB6E3A000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xBA2C8000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xBA2D8000 \SystemRoot\System32\Drivers\SYMREDRV.SYS
0xBA2E8000 \SystemRoot\system32\DRIVERS\arp1394.sys
0xBA468000 \SystemRoot\System32\Drivers\SYMDNS.SYS
0xBA2F8000 \SystemRoot\System32\Drivers\SYMNDIS.SYS
0xB6DC1000 \SystemRoot\System32\Drivers\SYMFW.SYS
0xBA308000 \SystemRoot\System32\Drivers\SYMIDS.SYS
0xB6D7A000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20100915.004\symidsco.sys
0xBA470000 \SystemRoot\system32\drivers\bfturboh.sys
0xB6D52000 \SystemRoot\system32\DRIVERS\netbt.sys
0xBA478000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xBA318000 \SystemRoot\system32\DRIVERS\WDFLDR.SYS
0xB719D000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xB6CD6000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB6CB4000 \SystemRoot\System32\drivers\afd.sys
0xBA480000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB9BCF000 \SystemRoot\system32\DRIVERS\netbios.sys
0xBA488000 \SystemRoot\System32\drivers\TSMAPIP.SYS
0xBA490000 \SystemRoot\System32\drivers\Tppwrif.sys
0xBA498000 \SystemRoot\system32\DRIVERS\TPHKDRV.sys
0xB6C32000 \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
0xB9BBF000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0xB6B17000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB6A7F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB9BAF000 \SystemRoot\System32\Drivers\Fips.SYS
0xB865A000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
0xB6A21000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
0xB8652000 \SystemRoot\system32\DRIVERS\usbprint.sys
0xB6A04000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
0xB6F37000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xB9B8F000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB6B66000 \SystemRoot\System32\drivers\Dxapi.sys
0xB8642000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA7A7000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xBA278000 \SystemRoot\system32\drivers\drvnddm.sys
0xB6C22000 \SystemRoot\system32\DRIVERS\tifsfilt.sys
0xBA6E8000 \SystemRoot\system32\dla\tfsndres.sys
0xB5586000 \SystemRoot\system32\dla\tfsnifs.sys
0xB56C0000 \SystemRoot\system32\dla\tfsnopio.sys
0xBA60E000 \SystemRoot\system32\dla\tfsnpool.sys
0xB556F000 \SystemRoot\system32\DRIVERS\WudfPf.sys
0xB5522000 \SystemRoot\System32\Drivers\DefragFS.SYS
0xB863A000 \SystemRoot\system32\dla\tfsnboio.sys
0xB6C02000 \SystemRoot\system32\dla\tfsncofs.sys
0xBA6ED000 \SystemRoot\system32\dla\tfsndrct.sys
0xB54B9000 \SystemRoot\system32\dla\tfsnudf.sys
0xB54A0000 \SystemRoot\system32\dla\tfsnudfa.sys
0xB8632000 \SystemRoot\system32\DRIVERS\vmnetbridge.sys
0xB862A000 \SystemRoot\system32\DRIVERS\agnwifi.sys
0xB554B000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB5547000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xB4D5B000 \SystemRoot\system32\drivers\wdmaud.sys
0xB4ED0000 \SystemRoot\system32\drivers\sysaudio.sys
0xB4DB0000 \??\C:\WINDOWS\system32\drivers\hcmon.sys
0xB4FF0000 \SystemRoot\System32\drivers\klognt.sys
0xBA656000 \SystemRoot\System32\drivers\nstrcnt.sys
0xB51A4000 \SystemRoot\System32\Drivers\TVicPort.SYS
0xB4EA0000 \??\C:\WINDOWS\system32\Drivers\vmci.sys
0xBA660000 \??\C:\WINDOWS\system32\Drivers\VMparport.sys
0xB4B76000 \??\C:\WINDOWS\system32\Drivers\vmx86.sys
0xB4A7B000 \SystemRoot\System32\drivers\AppnBase.sys
0xB4A62000 \SystemRoot\system32\DRIVERS\llc2.sys
0xBA662000 \SystemRoot\System32\drivers\pdlncbas.sys
0xB4FE0000 \SystemRoot\System32\drivers\pdlnebas.sys
0xB4FDC000 \SystemRoot\System32\drivers\pdlnemsg.sys
0xB6E0A000 \SystemRoot\System32\drivers\anydlc.sys
0xB4920000 \SystemRoot\System32\drivers\appn.sys
0xB490D000 \SystemRoot\System32\drivers\pdlnacom.sys
0xB6E02000 \SystemRoot\System32\drivers\pdlnepkt.sys
0xB4C85000 \SystemRoot\System32\drivers\pdlnatcm.sys
0xB6DFA000 \SystemRoot\System32\drivers\pdlndint.sys
0xB4C75000 \SystemRoot\System32\drivers\pdlnecfg.sys
0xB4C65000 \SystemRoot\System32\drivers\pdlnatdl.sys
0xB48E5000 \SystemRoot\System32\drivers\pdlncfwk.sys
0xB48D0000 \SystemRoot\System32\drivers\pdlndlpb.sys
0xB48BE000 \SystemRoot\System32\drivers\pdlndqll.sys
0xB48AA000 \SystemRoot\System32\drivers\pdlndsdl.sys
0xB4899000 \SystemRoot\System32\drivers\pdlndtdl.sys
0xB4C55000 \SystemRoot\System32\drivers\pdlnshay.sys
0xB866A000 \SystemRoot\System32\drivers\pdlnslea.sys
0xB4C45000 \SystemRoot\System32\drivers\pdlnsv25.sys
0xB4FB8000 \SystemRoot\System32\drivers\pdlnsx25.sys
0xB4F98000 \SystemRoot\System32\drivers\pdlnafac.sys
0xB4888000 \SystemRoot\System32\drivers\pdlnemap.sys
0xB486A000 \SystemRoot\System32\drivers\appnapi.sys
0xB54FA000 \SystemRoot\System32\drivers\aspi32.sys
0xBA5F4000 \??\C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
0xBA610000 \SystemRoot\system32\DRIVERS\isamfilter.sys
0xBA7EC000 \SystemRoot\System32\Drivers\LBeepKE.sys
0xB442B000 \SystemRoot\system32\DRIVERS\srv.sys
0xB448A000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xB54EA000 \SystemRoot\System32\drivers\pdlnctdl.sys
0xB437B000 \SystemRoot\System32\drivers\pdlndoem.sys
0xBA66C000 \??\C:\WINDOWS\system32\drivers\PMEMNT.SYS
0xB412F000 \??\C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys
0xB8622000 \??\C:\WINDOWS\system32\drivers\vmnetuserif.sys
0xB43EB000 \??\C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
0xB3DB0000 \SystemRoot\System32\drivers\pdlndldl.sys
0xB3D73000 \SystemRoot\System32\drivers\pdlndldl6.sys
0xB400B000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xB4003000 \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\mbr.sys
0xB6E22000 \SystemRoot\System32\Drivers\TDTCP.SYS
0xB3918000 \SystemRoot\System32\Drivers\RDPWD.SYS
0xB6DEA000 \??\C:\ComboFix\catchme.sys
0xBA608000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
0xB459A000 \SystemRoot\system32\DRIVERS\usb8023x.sys
0xB864A000 \SystemRoot\system32\DRIVERS\RNDISMPX.SYS
0xB28B9000 \SystemRoot\System32\Drivers\HTTP.sys
0xB276D000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\navex15.sys
0xB2759000 \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100924.004\naveng.sys
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 123):
0 System Idle Process
4 System
2024 C:\WINDOWS\system32\smss.exe
388 csrss.exe
428 C:\WINDOWS\system32\winlogon.exe
492 C:\WINDOWS\system32\services.exe
576 C:\WINDOWS\system32\lsass.exe
768 C:\WINDOWS\system32\ibmpmsvc.exe
796 C:\WINDOWS\system32\svchost.exe
840 svchost.exe
1272 C:\WINDOWS\system32\svchost.exe
1304 C:\Program Files\WTouch\WTouchService.exe
1328 C:\WINDOWS\system32\svchost.exe
1456 C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
880 svchost.exe
1056 svchost.exe
1520 C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
1552 C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
2012 C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
304 C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
1440 C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
1264 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
2296 C:\WINDOWS\system32\spoolsv.exe
3848 C:\WINDOWS\system32\drivers\trcboot.exe
3976 C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
4064 C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
4088 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1188 C:\WINDOWS\system32\bgsvcgen.exe
1388 C:\Program Files\IBM\SQLLIB\BIN\db2jds.exe
2160 C:\Program Files\IBM\SQLLIB\BIN\db2sec.exe
2172 C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
2208 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
3076 C:\WINDOWS\system32\svchost.exe
3116 C:\WINDOWS\system32\svchost.exe
3172 C:\Program Files\c4ebreg\c4ebreg.exe
3236 C:\sdwork\issimsvc.exe
3420 C:\Program Files\Java\jre6\bin\jqs.exe
1360 C:\Notes\nsd.exe
2740 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
2776 C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
3064 C:\WINDOWS\system32\svchost.exe
2976 C:\PROGRA~1\AT&TNE~2\netcfgsvr.exe
3368 C:\Program Files\AT&T Network Client\NetClientSvc.exe
3452 C:\WINDOWS\system32\nvsvc32.exe
3716 C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
3784 C:\WINDOWS\system32\svchost.exe
3864 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
3928 C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
1828 C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
2604 C:\WINDOWS\system32\Pen_Tablet.exe
2716 C:\WINDOWS\system32\TPHDEXLG.exe
2772 C:\WINDOWS\system32\TpKmpSvc.exe
2860 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
2980 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
3016 C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
3024 C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
2452 C:\WINDOWS\system32\Pen_Tablet.exe
3220 C:\WINDOWS\system32\vmnat.exe
3572 C:\PROGRA~1\SYSTEM~1\WService.exe
3868 C:\PROGRA~1\SYSTEM~1\WSLogon.exe
996 C:\PROGRA~1\SYSTEM~1\WScheduler.exe
1252 C:\Program Files\RealVNC\VNC4\winvnc4.exe
2728 C:\Program Files\ThinkPad\Utilities\PWMDBSVC.exe
3384 C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
3544 C:\WINDOWS\system32\vmnetdhcp.exe
3556 C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
1296 C:\WINDOWS\system32\drivers\ldlcserv.exe
944 C:\WINDOWS\system32\drivers\ldlcserv6.exe
1808 C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
3816 wmiprvse.exe
1816 alg.exe
5236 C:\WINDOWS\system32\WDBtnMgr.exe
5248 C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
5260 C:\Program Files\Lenovo\UltraNav Keyboard\SkdUNav.exe
5276 C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe
5788 C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
5800 C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
5836 C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
5864 C:\Program Files\IBM\Personal Communications\tpam.exe
3884 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
3896 C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
2416 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
4336 C:\Program Files\Analog Devices\Core\smax4pnp.exe
5028 C:\WINDOWS\vsnp2std.exe
5164 C:\WINDOWS\system32\rundll32.exe
4580 C:\WINDOWS\system32\rundll32.exe
2372 C:\Program Files\c4ebreg\isamtray.exe
5712 C:\WINDOWS\system32\svchost.exe
5728 C:\Program Files\HP\HP Software Update\hpwuschd2.exe
1864 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
5960 C:\Program Files\DYMO\DYMO Label Software\DLSService.exe
6064 C:\WINDOWS\system32\dla\tfswctrl.exe
2880 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
4596 C:\Program Files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe
4704 C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
5012 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
5936 C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
5956 C:\WINDOWS\system32\ctfmon.exe
3764 C:\Program Files\Microsoft ActiveSync\wcescomm.exe
4788 C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
4864 C:\PROGRA~1\MICROS~3\rapimgr.exe
5440 C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
5676 C:\Program Files\CompanionLink\CompanionLink.exe
5888 C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
2580 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
4800 C:\Program Files\Logitech\SetPoint\SetPoint.exe
4128 C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe
3284 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
628 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
4816 C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
1372 C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
2512 C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
5220 C:\WINDOWS\explorer.exe
9404 C:\Program Files\Raxco\PerfectDisk10\PDAgentS1.exe
9092 wmiprvse.exe
4856 C:\Program Files\Microsoft ActiveSync\WCESMgr.exe
10172 C:\WINDOWS\system32\svchost.exe
6132 C:\Program Files\WTouch\WTouchUser.exe
4620 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe
9768 C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
6472 C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPC32.exe
4632 C:\Program Files\Mozilla Firefox\firefox.exe
6060 C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00008000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000012`23d00000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: HITACHIHTS722010K9SA00, Rev: DC2ZC75A
PhysicalDrive1 Model Number: BUFFALOExternal HDD, Rev:

Size Device Name MBR Status
--------------------------------------------
93 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

**plug_it_in** · 2010-09-25, 13:19

Sorry missed that Drive F is USB drive , that I do not boot from.

**jmw3** · 2010-09-25, 13:23

Hi

That ComboFix log you just posted is the from the first run. Please follow the instructions I posted to run ComboFix with the CFScript.

**plug_it_in** · 2010-09-25, 16:45

Sorry bout that must have lost it

**plug_it_in** · 2010-09-25, 16:57

No I posted wrong log , now deleted older stuff

ComboFix 10-09-24.03 - Pete Rawlings 25/09/2010 1:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3070.1844 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
FW: Symantec Client Firewall *enabled* {5CB76A43-5FAD-476B-B9FF-26FA61F13187}

FILE ::
"c:\windows\neoqaz2.dll"
"c:\windows\Tasks\AWC Update.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\IObit
c:\program files\IObit\Advanced SystemCare 3\License.dat
c:\program files\IObit\Advanced SystemCare 3\Update\asc-setup-pro-patch.exe
c:\program files\IObit\Advanced SystemCare 3\UpdateLog.txt
c:\program files\IObit\Game Booster\EULA.rtf
c:\program files\IObit\Game Booster\Ÿ®Ÿ®
c:\program files\IObit\Game Booster\GameBooster.exe
c:\program files\IObit\Game Booster\GameBooster.ini
c:\program files\IObit\Game Booster\gbinit.exe
c:\program files\IObit\Game Booster\gbtray.exe
c:\program files\IObit\Game Booster\Language\Arabic.lng
c:\program files\IObit\Game Booster\Language\Belarusian.lng
c:\program files\IObit\Game Booster\Language\Brasil.lng
c:\program files\IObit\Game Booster\Language\Bulgarian.lng
c:\program files\IObit\Game Booster\Language\Catalan.lng
c:\program files\IObit\Game Booster\Language\ChineseSimp.lng
c:\program files\IObit\Game Booster\Language\ChineseTrad.lng
c:\program files\IObit\Game Booster\Language\Croatian.lng
c:\program files\IObit\Game Booster\Language\Czech.lng
c:\program files\IObit\Game Booster\Language\Dansk.lng
c:\program files\IObit\Game Booster\Language\Dutch.lng
c:\program files\IObit\Game Booster\Language\English.lng
c:\program files\IObit\Game Booster\Language\Estonian.lng
c:\program files\IObit\Game Booster\Language\Finnish.lng
c:\program files\IObit\Game Booster\Language\French.lng
c:\program files\IObit\Game Booster\Language\Georgian.lng
c:\program files\IObit\Game Booster\Language\German.lng
c:\program files\IObit\Game Booster\Language\Greek.lng
c:\program files\IObit\Game Booster\Language\Hebrew.lng
c:\program files\IObit\Game Booster\Language\Hungarian.lng
c:\program files\IObit\Game Booster\Language\Indonesian.lng
c:\program files\IObit\Game Booster\Language\Italiano.lng
c:\program files\IObit\Game Booster\Language\Japanese.lng
c:\program files\IObit\Game Booster\Language\Korean.lng
c:\program files\IObit\Game Booster\Language\Latvian.lng
c:\program files\IObit\Game Booster\Language\Lithuanian.lng
c:\program files\IObit\Game Booster\Language\Macedonian.lng
c:\program files\IObit\Game Booster\Language\Norwegian.lng
c:\program files\IObit\Game Booster\Language\Persian.lng
c:\program files\IObit\Game Booster\Language\Polish.lng
c:\program files\IObit\Game Booster\Language\Portugal.lng
c:\program files\IObit\Game Booster\Language\Romanian.lng
c:\program files\IObit\Game Booster\Language\Russian.lng
c:\program files\IObit\Game Booster\Language\Serbian (Cyrillic).lng
c:\program files\IObit\Game Booster\Language\Serbian (Latin).lng
c:\program files\IObit\Game Booster\Language\Serbian.lng
c:\program files\IObit\Game Booster\Language\Slovak.lng
c:\program files\IObit\Game Booster\Language\Slovenian.lng
c:\program files\IObit\Game Booster\Language\Spanish.lng
c:\program files\IObit\Game Booster\Language\Swedish.lng
c:\program files\IObit\Game Booster\Language\Thai.lng
c:\program files\IObit\Game Booster\Language\Turkish.lng
c:\program files\IObit\Game Booster\Language\Ukrainian.lng
c:\program files\IObit\Game Booster\Language\Urdu.lng
c:\program files\IObit\Game Booster\Language\Vietnamese.lng
c:\program files\IObit\Game Booster\unins000.dat
c:\program files\IObit\Game Booster\unins000.exe
c:\program files\IObit\Game Booster\unins000.msg
c:\program files\IObit\Game Booster\What's new.txt
c:\program files\IObit\IObit Security 360\Downloaded\windowsxp-kb958470-x86-enu.exe
c:\program files\IObit\IObit Security 360\IS360DataBase.db
c:\program files\IObit\IObit Security 360\license.dat
c:\program files\IObit\IObit Security 360\log\Scan\2009-09-08 21-29-21.log
c:\program files\IObit\IObit Security 360\Quarantine Zone\info.db
c:\program files\IObit\IObit Security 360\UpdateLog.txt
c:\windows\neoqaz2.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_LOGWATCH
-------\Legacy_MEMSWEEP2
-------\Legacy_RRMONX
-------\Service_CA_LIC_CLNT
-------\Service_LogWatch
-------\Service_MEMSWEEP2
-------\Service_RRMONX

((((((((((((((((((((((((( Files Created from 2010-08-25 to 2010-09-25 )))))))))))))))))))))))))))))))
.

2010-09-23 11:46 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-23 11:46 . 2010-09-23 11:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-23 11:46 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-22 18:07 . 2010-09-22 18:07 34 ---ha-w- c:\windows\system32\Converter_sysquict.dat
2010-09-22 18:07 . 2010-09-22 18:14 -------- d-----w- c:\program files\Agree Free OGG to MP3 AMR WAV Converter
2010-09-22 15:25 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2010-09-22 15:25 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2010-09-22 15:25 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2010-09-22 15:25 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2010-09-22 15:25 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2010-09-20 13:27 . 2010-09-20 14:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\documents and settings\LocalService\Application Data\DroidExplorer
2010-09-20 13:26 . 2010-09-20 13:26 -------- d-----w- c:\program files\Droid Explorer
2010-09-19 17:37 . 2008-03-21 12:57 14640 ------w- c:\windows\system32\spmsgXP_2k3.dll
2010-09-19 16:04 . 2010-09-19 16:04 581192 ----a-w- c:\windows\system32\WinUSBCoInstaller.dll
2010-09-19 16:04 . 2010-09-19 16:04 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-09-18 15:36 . 2010-09-18 15:36 -------- d-----w- c:\program files\Astraware
2010-09-17 11:01 . 2010-09-17 11:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sprite Software
2010-09-17 11:00 . 2010-09-17 11:00 -------- d-----w- c:\program files\Sprite Software
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\documents and settings\Administrator\Application Data\Blender Foundation
2010-09-15 13:53 . 2010-09-15 13:53 -------- d-----w- c:\program files\Blender Foundation
2010-09-15 12:48 . 2010-09-15 12:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\3Dconnexion_Inc
2010-09-14 13:52 . 2010-05-26 09:45 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2010-09-14 08:45 . 2010-09-14 08:45 -------- d-----w- c:\program files\Sophos
2010-09-14 00:13 . 2010-09-14 00:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-13 19:09 . 2010-09-13 19:09 48768 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-09-13 19:09 . 2010-09-13 19:09 110952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-09-12 23:47 . 2010-09-14 13:51 -------- d-----w- c:\program files\Panda Security
2010-09-12 23:06 . 2010-09-23 15:59 -------- d-----w- c:\program files\ERUNT
2010-09-12 01:31 . 2010-09-12 01:31 -------- d-----w- c:\program files\mSoftware
2010-09-12 01:09 . 2010-09-12 01:09 -------- d-----w- c:\program files\Aspecto Software
2010-09-11 19:21 . 2010-09-11 23:02 -------- d-----w- C:\TTN7
2010-09-11 13:14 . 2010-09-11 13:14 -------- d-----w- c:\program files\SDA
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Lotus
2010-09-10 14:38 . 2010-09-10 14:38 -------- d-----w- c:\program files\Common Files\XCPCSync.OEM
2010-09-10 13:38 . 2010-09-10 13:38 -------- d--h--w- c:\documents and settings\Administrator\InstallAnywhere
2010-09-09 21:42 . 2010-09-09 21:42 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\WM PCSuite
2010-09-09 21:21 . 2010-09-09 21:21 -------- d-----w- c:\program files\NetDragon
2010-09-08 23:35 . 2010-09-08 23:35 3755929 ----a-w- C:\TrayNotify.reg
2010-09-08 18:31 . 2010-09-08 18:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AGNS
2010-09-08 18:29 . 2010-09-08 18:31 -------- d-----w- c:\program files\AT&T Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\program files\AT&T Global Network Client
2010-09-08 18:29 . 2010-09-08 18:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AGNS
2010-09-08 15:46 . 2010-09-08 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-09-08 15:38 . 2010-09-24 15:49 167493 ----a-w- c:\windows\system32\nvModes.dat
2010-09-08 15:20 . 2010-09-08 15:42 -------- d-----w- c:\windows\nview
2010-09-08 15:20 . 2009-01-07 10:28 453152 ----a-w- c:\windows\system32\nvuninst.exe
2010-09-08 15:20 . 2009-01-14 16:37 453152 ----a-w- c:\windows\system32\nvudisp.exe
2010-09-08 13:49 . 2010-09-08 13:49 -------- d-----w- C:\ET_ROOT
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\Administrator\Application Data\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\Common Files\Realtime Soft
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\program files\UltraMon
2010-09-08 11:33 . 2010-09-08 11:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Realtime Soft
2010-09-07 13:35 . 2010-09-07 13:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Sierra Wireless
2010-09-07 11:26 . 2010-09-07 11:26 -------- d-----w- c:\program files\Common Files\Java
2010-09-07 10:41 . 2009-10-07 16:41 19328 ----a-w- c:\windows\agnwifi.sys
2010-09-07 09:09 . 2010-09-07 09:09 -------- d-----w- c:\program files\JRE
2010-09-06 18:48 . 2010-09-06 18:48 -------- d-----w- c:\program files\7-Zip
2010-09-04 21:18 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia Ovi Suite
2010-09-04 21:09 . 2010-09-09 17:48 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\NokiaAccount
2010-09-04 21:09 . 2010-09-04 21:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Nokia
2010-09-04 20:52 . 2008-08-26 09:26 18816 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2010-09-04 20:52 . 2010-09-04 20:52 -------- d-----w- c:\program files\PC Connectivity Solution
2010-09-04 20:51 . 2010-09-04 20:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache
2010-09-04 14:53 . 2010-05-25 10:26 91304 ----a-w- c:\windows\system32\drivers\btserial.sys
2010-09-03 18:51 . 2010-06-01 12:51 56992 ----a-w- c:\windows\system32\drivers\btwhid.sys
2010-09-03 18:51 . 2010-06-01 12:51 37032 ----a-w- c:\windows\system32\drivers\btwmodem.sys
2010-08-28 18:20 . 2010-09-18 15:44 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\VMware
2010-08-28 17:44 . 2010-08-01 11:55 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-08-28 17:44 . 2010-08-01 11:55 399920 ----a-w- c:\windows\system32\vmnat.exe
2010-08-28 17:44 . 2010-08-01 11:52 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-08-28 17:44 . 2010-08-01 11:55 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-08-28 17:44 . 2010-08-01 11:54 24624 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-08-28 17:43 . 2010-08-28 17:43 -------- d-----w- c:\program files\Common Files\VMware
2010-08-28 17:05 . 2010-09-05 19:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Download Manager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 01:03 . 2009-07-15 18:27 -------- d-----w- c:\documents and settings\All Users\Application Data\VMware
2010-09-25 01:03 . 2009-07-15 18:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\VMware
2010-09-25 01:03 . 2010-03-06 17:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\WTablet
2010-09-25 01:02 . 2010-05-04 14:40 -------- d-----w- c:\program files\c4ebreg
2010-09-25 01:00 . 2007-03-05 22:09 40 ----a-w- c:\windows\system32\profile.dat
2010-09-25 00:45 . 2009-07-20 14:35 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-09-25 00:32 . 2009-10-11 07:41 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-24 14:28 . 2010-05-04 14:42 -------- d-----w- c:\program files\wst
2010-09-24 10:42 . 2010-09-24 10:42 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-09-24 10:42 . 2010-05-09 22:32 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-09-24 10:42 . 2009-07-14 00:07 -------- d-----w- c:\program files\DivX
2010-09-24 10:42 . 2010-09-24 10:42 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-09-24 10:42 . 2010-08-29 14:08 185640 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\finishPlugin.dll
2010-09-24 10:42 . 2010-08-29 13:31 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-09-24 10:42 . 2010-06-11 21:13 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-09-24 10:42 . 2010-06-11 21:13 850200 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-09-23 09:57 . 2010-07-04 12:39 509960 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2010-09-21 13:41 . 2010-04-06 21:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\HPAppData
2010-09-21 12:55 . 2009-11-19 11:40 -------- d-----w- c:\program files\QuickTime
2010-09-21 12:54 . 2009-11-19 11:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-09-20 13:26 . 2010-09-20 13:26 1868800 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{B4346951-3962-4C93-9A49-79A62AD8A632}\AppIcon.exe
2010-09-19 17:39 . 2010-09-19 17:39 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2010-09-19 17:38 . 2010-09-19 17:38 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2010-09-18 15:44 . 2009-07-16 12:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\VMware
2010-09-18 14:17 . 2010-02-22 18:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\gtk-2.0
2010-09-17 11:00 . 2005-04-05 19:45 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-09-15 10:35 . 2009-07-14 00:53 -------- d-----w- c:\program files\Google
2010-09-14 00:21 . 2009-07-13 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-13 19:09 . 2009-07-20 14:35 -------- d-----w- c:\program files\Symantec
2010-09-13 19:09 . 2010-09-13 19:09 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-09-13 19:09 . 2010-09-13 19:09 8014 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-09-13 19:08 . 2009-07-20 14:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-09-13 19:08 . 2007-03-05 22:07 -------- d-----w- c:\program files\Symantec Client Security
2010-09-12 12:30 . 2010-06-13 16:14 -------- d-----w- c:\program files\AllToAVI
2010-09-12 01:28 . 2009-07-13 18:31 -------- d-----w- c:\program files\Microsoft ActiveSync
2010-09-12 01:10 . 2010-09-12 01:10 3638 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F5A7052F-2AF4-4CBA-8951-26B91476BDAB}\_6FEFF9B68218417F98F549.exe
2010-09-11 13:14 . 2009-07-13 18:49 -------- d-----w- c:\program files\Panasonic
2010-09-11 12:54 . 2009-09-20 10:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\XCPCSync.OEM
2010-09-10 14:03 . 2009-10-12 16:03 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-09 21:57 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Suite
2010-09-08 18:29 . 2007-09-05 21:03 -------- d-----w- c:\program files\AT&T Network Client Install
2010-09-08 14:55 . 2009-07-13 14:50 -------- d-----w- c:\program files\Lenovo
2010-09-08 14:36 . 2010-07-31 01:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-09-07 21:03 . 2009-08-18 11:06 1 ----a-w- c:\documents and settings\Administrator\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-07 18:56 . 2009-11-28 00:03 1952024 ----a-w- c:\windows\system32\AutoPartNt.exe
2010-09-07 12:42 . 2009-08-21 11:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\FileZilla
2010-09-07 11:23 . 2010-09-07 11:23 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcp71.dll
2010-09-07 11:23 . 2010-09-07 11:23 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\jmc.dll
2010-09-07 11:23 . 2010-09-07 11:23 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-5735bed8-n\msvcr71.dll
2010-09-07 11:23 . 2010-09-07 11:23 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-sse.dll
2010-09-07 11:23 . 2010-09-07 11:23 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-74cdeb3f-n\decora-d3d.dll
2010-09-07 11:23 . 2009-08-09 12:00 -------- d-----w- c:\program files\Java
2010-09-07 10:38 . 2009-08-21 11:30 -------- d-----w- c:\program files\FileZilla FTP Client
2010-09-07 10:11 . 2005-04-04 18:17 69128 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 10:06 . 2009-09-07 09:44 69128 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-07 09:09 . 2009-08-18 10:58 -------- d-----w- c:\program files\OpenOffice.org 3
2010-09-06 18:17 . 2009-08-12 12:53 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-04 21:18 . 2010-07-25 14:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nokia
2010-09-04 20:53 . 2010-07-25 14:28 -------- d-----w- c:\program files\Common Files\Nokia
2010-09-04 20:52 . 2010-07-25 14:27 -------- d-----w- c:\program files\Nokia
2010-09-04 20:51 . 2010-09-04 20:51 12212040 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 13930312 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-09-04 20:51 . 2010-09-04 20:51 77824 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-09-04 20:51 . 2010-09-04 20:51 50000 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-09-04 20:51 . 2010-09-04 20:51 38912 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-09-04 20:50 . 2010-09-04 20:51 102914512 ----a-w- c:\documents and settings\All Users\Application Data\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-09-04 20:20 . 2010-07-25 14:27 36365624 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_eng_web.exe
2010-09-04 13:40 . 2009-08-04 01:25 -------- d-----w- c:\program files\SystemScheduler
2010-08-31 14:11 . 2009-07-13 23:00 -------- d-----w- c:\program files\jv16 PowerTools 2009
2010-08-31 14:11 . 2010-04-30 17:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-08-30 13:34 . 2010-09-03 17:03 1496064 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-08-30 13:33 . 2010-09-03 17:03 43008 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-08-30 13:33 . 2010-09-03 17:03 338944 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-08-30 13:33 . 2010-09-03 17:03 346112 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-08-29 14:08 . 2010-08-29 14:08 56997 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 57691 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 84063 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-08-29 14:08 . 2010-08-29 14:08 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 17:46 . 2010-03-17 16:03 921608 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-08-28 17:46 . 2010-03-17 16:03 629296 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-08-28 17:42 . 2010-03-17 15:57 -------- d-----w- c:\program files\VMware
2010-08-28 17:40 . 2010-03-17 16:03 356352 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-08-28 17:40 . 2010-03-17 16:03 581632 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-08-28 17:40 . 2010-03-17 16:03 360448 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-08-28 17:40 . 2010-03-17 16:03 968752 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-08-28 17:40 . 2010-03-17 16:03 932400 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-08-28 17:40 . 2010-03-17 16:03 760368 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-08-28 17:40 . 2010-03-17 16:03 707120 ----a-w- c:\documents and settings\All Users\Application Data\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-08-18 20:12 . 2010-03-27 14:03 -------- d-----w- c:\program files\Scan2CADv7
2010-08-17 13:17 . 2004-08-04 05:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-16 13:21 . 2010-08-16 13:20 -------- d-----w- c:\program files\myiHome
2010-08-16 11:14 . 2010-08-16 11:14 -------- d-----w- c:\program files\Siber Systems
2010-08-15 13:16 . 2010-08-15 13:16 -------- d-----w- c:\program files\Disk Size Manager 2.0
2010-08-14 16:37 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft Universal Player
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\documents and settings\Administrator\Application Data\Haihaisoft
2010-08-14 16:36 . 2010-08-14 16:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-08-14 11:35 . 2009-07-18 10:52 -------- d-----w- c:\program files\Common Files\ArcSoft
2010-08-14 11:30 . 2010-08-14 11:30 2485883 ----a-w- c:\documents and settings\All Users\Application Data\ArcSoft\Global Deploy\CheckUpdate\ArcConnect.exe
2010-02-12 22:46 . 2010-02-12 22:46 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-07-22 16:58 . 2009-07-22 16:58 2 --shatr- c:\windows\winstart.bat
2009-07-13 23:00 . 2009-07-13 23:00 23 --sha-w- c:\windows\system32\edacded0.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TPKMAPMN"="c:\program files\ThinkPad\Utilities\TpKmapMn.exe" [2007-09-21 49152]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-01 39408]
"SRS Audio Sandbox"="c:\program files\SRS Labs\Audio Sandbox\SRSSSC.exe" [2010-01-07 3216664]
"Google Update"="c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-10-29 135664]
"FreeRAM XP"="c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-22 1591808]
"CompanionLink"="c:\program files\companionlink\companionlink.exe" [2009-09-17 13737984]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WD Button Manager"="WDBtnMgr.exe" [2009-09-29 364544]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2010-08-01 129584]
"UltraNav Keyboard"="c:\program files\Lenovo\UltraNav Keyboard\SkdUNav.exe" [2007-02-09 258048]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TrueImageMonitor.exe" [2009-01-18 1285512]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2007-01-09 868352]
"TPHOTKEY"="c:\program files\Lenovo\HOTKEY\TPOSDSVC.exe" [2008-03-24 68464]
"TPFNF7"="c:\program files\Lenovo\NPDIRECT\TPFNF7SP.exe" [2008-07-31 60192]
"Tpam.exe"="c:\program files\IBM\Personal Communications\tpam.exe" [2007-11-02 28672]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-10 110592]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-10 512000]
"stgclean"="c:\sdwork\w32maing.exe" [2010-08-30 279552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-07-13 1036288]
"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]
"PWRMGRTR"="c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2008-07-29 331776]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"OSSelectorReinstall"="c:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224]
"nwiz"="nwiz.exe" [2009-01-14 1630208]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-14 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-14 13549568]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-12-18 76304]
"ISSI Service"="c:\sdwork\issimsvc.exe" [2010-09-16 242928]
"Isamtray"="c:\program files\c4ebreg\isamtray.exe" [2010-07-27 290072]
"IBM Lotus EasySync Pro"="c:\program files\Lotus\EasySync Pro\SyncLauncher.exe" [2009-12-14 40960]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-02-12 30192]
"DLSService"="c:\program files\DYMO\DYMO Label Software\DLSService.exe" [2010-01-27 55808]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-11-21 52840]
"C4EBReg"="c:\program files\c4ebreg\c4ebreg.exe" [2010-07-27 486680]
"BLOG"="c:\progra~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2008-07-29 208896]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AcronisTimounterMonitor"="c:\program files\Acronis\TrueImageEchoEnterpriseServer\TimounterMonitor.exe" [2009-01-18 884928]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-01-18 140568]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\ThinkPad\Bluetooth Software\BTTray.exe [2010-5-25 607584]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-10-16 214360]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-7-16 809488]
Start 3DxWare.lnk - c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-7-30 120832]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-18 23:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
2007-11-02 10:45 49152 ----a-w- c:\windows\system32\pcsinst.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2006-09-06 16:37 34344 ----a-w- c:\program files\Lenovo\HOTKEY\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2008-03-17 16:02 34080 ----a-w- c:\program files\Lenovo\HOTKEY\tphklock.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\g:\0pdboot.exe\0autocheck autochk *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Desktop^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk]
path=c:\documents and settings\Administrator\Desktop\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
backup=c:\windows\pss\ERUNT AutoBackup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Ergocizer.lnk]
backup=c:\windows\pss\Ergocizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^myiHome Server.lnk.disabled]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\myiHome Server.lnk.disabled
backup=c:\windows\pss\myiHome Server.lnk.disabledCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CfgWzSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"FixCamera"=c:\windows\FixCamera.exe
"TpShocks"=TpShocks.exe
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"MyHelpService"=c:\program files\IBM\My Help\workspace\service\delayStart.exe
"pmonmh"=c:\program files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe
"Start WingMan Profiler"=c:\program files\Logitech\Gaming Software\LWEMon.exe /noui
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"IBMconfig"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VMware\\VMware Workstation\\vmware-authd.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"427:UDP"= 427:UDP:SLP_Port(427)
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [14/05/2008 17:21 19496]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [14/09/2010 14:52 18816]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [06/09/2009 06:06 169312]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [16/07/2009 14:11 10384]
R2 ldlcserv6;IBM Enterprise Extender (IPv6);c:\windows\system32\drivers\ldlcserv6.exe [02/11/2007 05:09 40960]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> c:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 NetClientSvc;AT&T Global Network Client Service;c:\program files\AT&T Network Client\NetClientSvc.exe [07/10/2009 12:36 263520]
R2 pdlndldl6;IBM Enterprise Extender (HPR/IPv6);c:\windows\system32\drivers\pdlndldl6.sys [02/11/2007 05:09 70656]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\ThinkPad\Utilities\PWMDBSVC.exe [13/07/2009 15:48 94208]
R2 SavRoam;SAVRoam;c:\program files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [14/03/2007 19:48 116416]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [06/03/2010 18:47 4497704]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [14/11/2008 02:11 17184]
R2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [01/08/2010 12:55 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [01/08/2010 11:39 539184]
R2 WindowsScheduler;System Scheduler Service;c:\progra~1\SYSTEM~1\WService.exe [16/09/2009 12:40 13312]
R2 WindowsSchedulerLogon;System Scheduler Logon;c:\progra~1\SYSTEM~1\WSLogon.exe [16/09/2009 12:40 52224]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [06/03/2010 18:47 113448]
R3 bfturboh;BUFFALO TurboUSB for HD Filter;c:\windows\system32\drivers\bfturboh.sys [06/02/2010 18:57 17152]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [13/09/2010 20:26 102448]
R3 IsamFilter;IsamFilter;c:\windows\system32\drivers\isamfilter.sys [08/02/2010 16:45 6400]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [13/07/2009 15:02 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate1ca12c614ff7fd6;Google Update Service (gupdate1ca12c614ff7fd6);c:\program files\Google\Update\GoogleUpdate.exe [01/08/2009 17:35 133104]
S2 ltpSvc;TrackPoint Scroll Service;c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe --> c:\program files\Lenovo\ThinkPad USB Keyboard with TrackPoint\ltpSvc.exe [?]
S3 csrcmds;csrcmds;c:\program files\IBM\Personal Communications\csrcmds.exe [02/11/2007 05:09 49152]
S3 cstrcser;IBM Command Line Trace;c:\windows\system32\drivers\cstrcser.exe [02/11/2007 05:09 36864]
S3 DroidExplorerService;DroidExplorer Service;c:\program files\Droid Explorer\DroidExplorer.Service.exe [21/08/2010 23:14 253952]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [27/07/2009 09:13 30192]
S3 npusbio;npusbio;c:\windows\system32\drivers\npusbio.sys [23/10/2009 18:49 36384]
S3 RET55;RET55 NDIS Protocol Driver;\??\c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys --> c:\program files\eEye Digital Security\Retina 5\Scanner\RET55.sys [?]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [07/11/2009 18:04 95376]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [06/03/2010 18:47 16168]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 --> c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [?]
S4 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [21/02/2010 17:08 583640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-09-15 c:\windows\Tasks\3DxSoftware Create Process (ID 287142392505).job
- c:\program files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare\3dxsrv.exe [2010-07-30 15:41]

2010-09-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-09-24 c:\windows\Tasks\At1.job
- c:\program files\IBM\IPM Client Migration Utility\ipmcmu.exe [2010-08-09 14:16]

2010-09-25 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-01 16:34]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-01 16:35]

2010-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1473679540-3749852400-1765190492-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-07 04:43]

2010-09-25 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2009-07-13 00:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uInternet Connection Wizard,ShellNext = hxxp://w3.ibm.com/
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Send to &Bluetooth Device... - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\ThinkPad\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
TCP: {D40D8AB3-DFA5-4A53-AAF5-D3A525F28F1E} = 87.194.255.155,87.194.255.154,4.2.2.2,4.2.2.3
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1434207&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\subr512p.default\extensions\bpaddtonab@firefox-extensions.ibm.com\plugins\npaddtonab.dll
FF - plugin: c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1636.7222\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwdplugin821.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
AddRemove-Game Booster_is1 - c:\program files\IObit\Game Booster\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-25 02:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x804D7000]<< >>UNKNOWN [0xBA168000]<< >>UNKNOWN [0xBA158000]<< >>UNKNOWN [0xB9F79000]<< >>UNKNOWN [0x806E4000]<< >>UNKNOWN [0xB9DFF000]<< >>UNKNOWN [0xBA670000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> 0xba16cf28
\Driver\ACPI -> 0xb9f7fcb8
\Driver\atapi -> 0xb9e05852
\Driver\iaStor -> 0xb9e29b58
IoDeviceObjectType -> SecurityProcedure -> 0x80583d4a
\Device\Harddisk0\DR0 -> SecurityProcedure -> 0x80583d4a
NDIS: Intel(R) Wireless WiFi Link 4965AG -> SendCompleteHandler -> 0xb9cb7bb0
PacketIndicateHandler -> 0xb9ca6a0d
SendHandler -> 0xb9cbab40
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1473679540-3749852400-1765190492-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,6c,36,8a,b7,9a,92,96,48,93,a2,12,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(428)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
c:\program files\Lenovo\HOTKEY\tphklock.dll
c:\windows\system32\pcsinst.dll
c:\windows\system32\msi.dll

- - - - - - - > 'lsass.exe'(576)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(5220)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\dfshim.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Common Files\Symantec Shared\ccProxy.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\windows\system32\Drivers\trcboot.exe
c:\program files\IBM\Personal Communications\PCS_AGNT.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\IBM\SQLLIB\BIN\db2jds.exe
c:\program files\IBM\SQLLIB\BIN\db2sec.exe
c:\program files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\notes\nsd.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\progra~1\AT&TNE~2\netcfgsvr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Raxco\PerfectDisk10\PDAgent.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
c:\windows\System32\TPHDEXLG.exe
c:\windows\system32\TpKmpSVC.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\windows\system32\vmnat.exe
c:\progra~1\SYSTEM~1\WScheduler.exe
c:\program files\RealVNC\VNC4\WinVNC4.exe
c:\program files\VMware\VMware Workstation\vmware-authd.exe
c:\windows\system32\vmnetdhcp.exe
c:\program files\ThinkPad\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Drivers\ldlcserv.exe
c:\program files\Raxco\PerfectDisk10\PDEngine.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\WDBtnMgr.exe
c:\program files\Lenovo\HOTKEY\TPONSCR.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MICROS~3\rapimgr.exe
c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-09-25 02:11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-25 01:11
ComboFix2.txt 2010-09-24 18:37

Pre-Run: 19,442,487,296 bytes free
Post-Run: 19,401,273,344 bytes free

- - End Of File - - 1AAC85F0AF017DDA48B26D4DA40D0959

**jmw3** · 2010-09-25, 17:16

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

Read through the requirements and privacy statement and click on Accept button
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
When the downloads have finished, click on Settings
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan
Once the scan is complete, it will display the results. Click on View Scan Report
You will see a list of infected items there. Click on Save Report As...
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
Please post this log in your next reply

Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

**plug_it_in** · 2010-09-26, 01:16

Tried run of Kaspersky , as I had to Unload Symantec got it downloaded and started scan after pulling out network plug.

Ran for 4:35:43 hrs 9% complete 7 Threats and 12 Objects found , system locked up scan said it was on file hpzhl696.cab

Rebooted into Safe Mode with Networking will try from here.

**jmw3** · 2010-09-26, 01:31

Hi

If the Kaspersky Online Scan is causing that much trouble, don't worry about it. There has been a few problems with it of late.

Try this one instead:

ESET Online Scanner
Go here to run an online scannner from ESET.

Note: You will need to use Internet explorer for this scan
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic

Thread: Spybot 1.6.2 will not run to completion, crashes. DDS.txt File

Thread Tools

Display

Combo Fix Report

MBRChex Report

Little more info

Ooops

Combofix.txt

Running Kaspersky .... failing so far

Posting Permissions