PDA

View Full Version : Spybot Crashes during check FM.Toolbar



plug_it_in
2011-03-16, 22:32
Environment :
Windows 7 Professional Service Pack 1
Spybot 1.6.2

Problem :
Spybot crashes whilst running its check . Always at the same point 29392/790198 FM.Toolbar .

Actions to-date :
1. Ran Symantec End Point Protection full anti virus scan - ran clean
2. Malware bytes runs clean
3. Trend Micro HouseCall runs clean
4. Kaspersky Online scanner not available so tried using the trial version. This would not install as it said I had a virus. Ran their Virus Removal tool in Safe Mode. After that the Trial Antivirus installed and ran clean.
5. Used Bootrec /FixBoot and /FixMbr
6. Used Mbrcheck.exe and found Disk 1 - USB External HDD reported bad Member so replaced with default.
7. Used TFC.exe to balst awat temorary files
8. Reinstalled Spybot and still fails

DDS Output:
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Pete Rawlings at 20:15:25.53 on 16/03/2011
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4030.1674 [GMT 0:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Symantec Endpoint Protection *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Symantec Endpoint Protection *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Tablet\Pen\Pen_TouchService.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Smc.exe
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe
C:\Program Files (x86)\AweSync\AweSync.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe
C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\C4ebreg\isamtray.exe
C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\ThinkPad\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Lotus\EasySync Pro\XTNDPC.exe
C:\Windows\system32\CISVC.EXE
C:\Program Files (x86)\Common Files\XCPCSync.OEM\Lotus.211.101\Translators\WinMobile\AUTODE~1.EXE
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110119-0200\program\soffice.bin
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\system32\inetsrv\inetinfo.exe
C:\Program Files (x86)\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\notes\SUService.exe
C:\notes\nsd.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\AT&T Network Client\netcfgsvr.exe
C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe
C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\ProtectionUtilSurrogate.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Tablet\Pen\Pen_Tablet.exe
C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\System32\alg.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Raxco\PerfectDisk\PDAgentS1.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\3 Mobile Broadband\3Connect\Wilog.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\cidaemon.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\IBM_ADMIN\Desktop\Spybot Output\dds.com
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/ig?hl=en&source=iglk
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
mWinlogon: Userinit=userinit.exe,
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
TB: Spb Wallet: {2913d3dd-9363-4c21-b205-c19a584a0674} - C:\Program Files (x86)\Spb Wallet\SpbWalletToolbar.dll
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [NetSP - restore settings on power failure] "C:\Program Files (x86)\AT&T Network Client\NetSP.exe" -show
uRun: [Google Update] "C:\Users\IBM_ADMIN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [DymoQuickPrint] "C:\Program Files (x86)\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup
uRun: [AweSync] C:\Program Files (x86)\AweSync\AweSync.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [stgclean] c:\sdwork\w32maing.exe /cleanup
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [SAOB Monitor] C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Isamtray] "C:\Program Files (x86)\C4ebreg\isamtray.exe"
mRun: [DLSService] "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
mRun: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start
mRun: [ccApp] "C:\Program Files (x86)\Common Files\Symantec Shared\ccApp.exe"
mRun: [C4EBReg] "C:\Program Files (x86)\C4ebreg\c4ebreg.exe" /q
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [IBM Lotus Notes Preloader] "C:\notes\nntspreld.exe"
mRun: [IBM Lotus EasySync Pro] "C:\Program Files (x86)\Lotus\EasySync Pro\SyncLauncher.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [NotesSODCPreLoad] C:\notes\framework\shared\eclipse\plugins\com.ibm.symphony.brand.win32_3.0.0.20110119-0200\program\preload.exe C:\notes\Data\workspace\SYMPHO~1\
mRun: [Google Desktop Search] "C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\IBM_AD~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\OFFICE11\ONENOTEM.EXE
StartupFolder: C:\Users\IBM_ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk.disabled
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\START3~1.LNK - C:\Program Files\3Dconnexion\3Dconnexion 3DxSoftware\3DxWare64\3dxsrv.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Stickies.lnk - C:\Program Files (x86)\stickies\stickies.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableInstallerDetection = 0 (0x0)
mPolicies-system: EnableSecureUIAPaths = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: FilterAdministratorToken = 1 (0x1)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 9\Mm8InternetExplorer.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
Trusted Zone: lansweeper.com\www
Trusted Zone: T61P
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1ACECAFE-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {838E60C4-414E-4B38-806B-4B8C5157EFC7} = 217.171.132.1 217.171.135.1
TCP: {9D4A2DD5-1400-4E6C-8754-497ABD77121F} = 87.194.255.155,87.194.255.154
TCP: {F77F256B-52AE-4886-8CA4-8E729659CBD4} = 9.64.162.21,9.64.163.21
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\PROGRA~2\Google\GOOGLE~1\GO36F4~1.DLL
LSA: Notification Packages = scecli ACGina
BHO-X64: SnagIt Toolbar Loader: {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\IBM\Java60\jre\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\IBM\Java60\jre\bin\jp2ssv.dll
TB-X64: Snagit: {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll
TB-X64: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [TpShocks] TpShocks.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
mRun-x64: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe
mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\IBM_AD~1\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/ig?hl=en&source=iglk
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50626
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - component: C:\Program Files (x86)\Spb Wallet\toolbar\components\spbwallettoolbarff.dll
FF - component: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\IBM_ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\2ziq4yrx.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\IBM\Java60\jre\bin\new_plugin\npjp2.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npcpsweb.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwdplugin821.dll
FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\IBM\Java60\jre\bin\new_plugin\npjp2.dll
FF - plugin: C:\Users\IBM_ADMIN\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\System32\drivers\DZHDD64.SYS [2010-12-23 30320]
R0 pavboot;pavboot;C:\Windows\System32\drivers\pavboot64.sys [2011-3-16 33800]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);C:\Windows\System32\drivers\tdrpm273.sys [2010-11-4 1263200]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2010-6-16 23664]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-1-4 15472]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-2-22 3246040]
R2 BecHelperService;BecHelperService;C:\Program Files (x86)\3 Mobile Broadband\3Connect\BecHelperService.exe [2011-3-15 1737464]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-11-3 93032]
R2 LNSUSvc;Lotus Notes Smart Upgrade Service;C:\notes\SUService.exe [2011-1-25 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;C:\notes\nsd.exe -svcinvoke -ini "c:\notes\notes.ini" --> C:\notes\nsd.exe -svcinvoke -ini c:\notes\notes.ini [?]
R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]
R2 MSSQL$ACRONIS;SQL Server (ACRONIS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 MSSQL$SQLLANSWEEPER2K8;SQL Server (SQLLANSWEEPER2K8);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\sqlservr.exe [2010-9-17 42773336]
R2 NetClientSvc;AT&T Global Network Client Service;C:\Program Files (x86)\AT&T Network Client\NetClientSvc.exe [2010-9-9 349536]
R2 NetLogSvc;AT&T Global Network Client Logging Service;C:\Program Files (x86)\AT&T Network Client\NetLogSvc.exe [2010-9-9 79200]
R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-5-25 2139400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-3-16 1153368]
R2 Symantec AntiVirus;Symantec Endpoint Protection;C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\Rtvscan.exe [2010-7-1 1832072]
R2 TabletServicePen;TabletServicePen;C:\Program Files\Tablet\Pen\Pen_Tablet.exe [2010-11-16 5788016]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-11-30 2222376]
R2 TouchServicePen;Wacom Consumer Touch Service;C:\Program Files\Tablet\Pen\Pen_TouchService.exe [2010-11-16 484720]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2011-2-22 285280]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2006-12-21 300032]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-3-16 132656]
R3 LenovoRd;LenovoRd;C:\Windows\System32\drivers\LenovoRd.sys [2010-11-2 118016]
R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\System32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 NETwLv64; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETwLv64.sys [2010-10-7 7533568]
R3 nvoclk64;NVIDIA Enthusiasts Platform KDM;C:\Windows\System32\drivers\nvoclk64.sys [2009-9-15 42088]
S2 DB2MGMTSVC_DB2COPY1;DB2 Management Service (DB2COPY1);C:\Program Files (x86)\IBM\SQLLIB\BIN\db2mgmtsvc.exe [2009-11-19 37736]
S2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\HOTKEY\cammute.exe [2010-11-2 54632]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-11-2 35104]
S3 cstrcser;IBM Command Line Trace;C:\Windows\SysWOW64\drivers\cstrcser.exe [2010-5-26 36864]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2010-12-23 164200]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\Windows\System32\drivers\e1k60x64.sys [2009-6-10 220672]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2010-11-3 30192]
S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-11-2 56344]
S3 iaNvStor;iaNvStor;C:\Windows\System32\drivers\iaNvStor.sys [2010-11-2 344600]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\System32\drivers\LEqdUsb.sys [2010-8-24 74320]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\System32\drivers\LHidEqd.sys [2010-8-24 13392]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2010-11-10 341856]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2010-11-10 4162784]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\System32\drivers\massfilter.sys [2011-3-15 11776]
S3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2010-3-18 7525376]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 27136]
S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-12-23 75112]
S3 QCFilterlno;Lenovo USB Composite Device Filter Driver;C:\Windows\System32\drivers\qcfilterlno.sys [2010-11-2 8832]
S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2010-11-2 61952]
S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2010-11-2 55808]
S3 SRS_HDAL_Service;HD Audio Lab;C:\Windows\System32\drivers\SRS_HDAL_amd64.sys [2010-7-2 525040]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 SWUMX01;Sierra Wireless USB MUX Driver (UMTS01);C:\Windows\System32\drivers\swumx01.sys [2010-11-2 85760]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392]
S3 VPREMOTE;VPRemote Install Bootstrap Service;C:\TEMP\Clt-Inst\vpremote.exe --> C:\TEMP\Clt-Inst\vpremote.exe [?]
S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\System32\drivers\wacmoumonitor.sys [2010-11-16 18288]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-6-29 1255736]
S3 WMSVC;Web Management Service;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-14 23040]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files (x86)\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-9-19 47128]
S4 SQLAgent$SQLLANSWEEPER2K8;SQL Server Agent (SQLLANSWEEPER2K8);C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.SQLLANSWEEPER2K8\MSSQL\Binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== File Associations ===============
.
.txt=UltraEdit.txt
.
=============== Created Last 30 ================
.
2011-03-16 19:54:37 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2011-03-16 17:15:55 -------- d-----w- C:\Windows\System32\SPReview
2011-03-16 17:15:26 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-16 17:11:59 3584 ----a-w- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
2011-03-16 17:10:59 754176 ----a-w- C:\Windows\System32\wbem\WmiPrvSD.dll
2011-03-16 17:09:59 833024 ----a-w- C:\Windows\SysWow64\user32.dll
2011-03-16 17:08:59 624128 ----a-w- C:\Windows\System32\qedit.dll
2011-03-16 17:07:59 73216 ----a-w- C:\Windows\System32\unimdmat.dll
2011-03-16 17:06:59 33280 ----a-w- C:\Windows\System32\drivers\kbdhid.sys
2011-03-16 17:05:50 323072 ----a-w- C:\Windows\SysWow64\drvstore.dll
2011-03-16 17:05:50 257024 ----a-w- C:\Windows\SysWow64\dpx.dll
2011-03-16 17:05:45 606208 ----a-w- C:\Windows\SysWow64\wbem\fastprox.dll
2011-03-16 17:05:45 363008 ----a-w- C:\Windows\SysWow64\wbemcomn.dll
2011-03-16 17:03:22 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-16 17:03:22 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-16 17:03:22 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-16 17:03:13 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-16 17:03:07 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-16 17:02:43 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-16 17:02:43 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-03-16 16:28:53 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-16 16:28:52 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-16 16:28:52 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-16 16:28:51 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-16 16:28:51 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-16 16:28:47 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-16 16:28:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-16 16:23:07 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-03-16 16:22:50 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-03-16 16:21:49 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-16 16:21:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-16 16:21:48 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-03-16 16:21:47 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-03-16 16:21:46 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-16 16:21:46 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-16 16:21:45 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-16 16:21:45 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-16 16:21:44 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-16 16:21:44 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-16 16:21:43 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-16 16:21:43 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-16 14:34:54 -------- d-----w- C:\Users\IBM_AD~1\AppData\Roaming\f-secure
2011-03-16 13:43:32 -------- d-----w- C:\Program Files (x86)\Safer Networking
2011-03-16 13:16:29 189520 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
2011-03-16 12:38:32 785368 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-16 12:38:32 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-16 12:38:32 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-16 12:38:32 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-16 12:38:32 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-16 12:38:32 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-16 12:38:32 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-16 12:38:32 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-16 12:17:20 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-03-16 12:17:20 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-03-15 10:11:22 -------- d-----w- C:\Users\IBM_AD~1\AppData\Roaming\Birdstep Technology
2011-03-15 10:11:18 -------- d-----w- C:\PROGRA~3\Birdstep Technology
2011-03-15 10:11:01 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbser6k.sys
2011-03-15 10:11:01 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbnmea.sys
2011-03-15 10:11:01 119680 ----a-w- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
2011-03-15 10:11:01 11776 ----a-w- C:\Windows\System32\drivers\massfilter.sys
2011-03-15 10:10:52 -------- d-----w- C:\Program Files (x86)\ZTE_1.2059.0.8
2011-03-15 10:10:49 10240 ----a-w- C:\Windows\SysWow64\drivers\mdvrmng.sys
2011-03-15 10:10:48 -------- d-----w- C:\Program Files (x86)\3 Mobile Broadband
2011-02-22 21:20:29 -------- d-----w- C:\Program Files (x86)\WinPcap
2011-02-22 21:04:48 285280 ----a-w- C:\Windows\System32\drivers\afcdp.sys
2011-02-22 21:04:48 -------- d-----w- C:\Users\IBM_AD~1\AppData\Roaming\EE421384-DBB6-4C01-B1E5-6C454C528BEF
2011-02-22 21:04:40 970336 ----a-w- C:\Windows\System32\drivers\timntr.sys
2011-02-22 15:26:07 -------- d-----w- C:\ChartKit
2011-02-20 05:22:34 -------- d-----w- C:\Program Files (x86)\JMHL Loader
2011-02-20 05:07:34 -------- d-----w- C:\Program Files (x86)\Design Science
2011-02-20 05:00:10 -------- d-----w- C:\Program Files (x86)\Code Visual to Flowchart
2011-02-20 04:54:31 253648 ------w- C:\Windows\Setup1.exe
2011-02-20 04:54:30 77016 ----a-w- C:\Windows\ST6UNST.EXE
2011-02-17 21:57:22 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2011-02-17 19:53:05 -------- d-----w- C:\Users\IBM_AD~1\AppData\Local\HP
2011-02-17 12:11:05 50200 ----a-w- C:\Windows\SysWow64\perf-SQLAgent$SQLLANSWEEPER2K8-sqlagtctr10.2.4000.0.dll
2011-02-17 12:10:50 72536 ----a-w- C:\Windows\SysWow64\perf-MSSQL$SQLLANSWEEPER2K8-sqlctr10.2.4000.0.dll
2011-02-17 12:07:51 -------- d-----w- C:\Windows\SysWow64\1033
2011-02-17 12:07:51 -------- d-----w- C:\Windows\System32\1033
2011-02-16 14:45:40 -------- d-----w- C:\Users\IBM_AD~1\AppData\Roaming\Mael
2011-02-16 12:20:24 -------- d-----w- C:\Program Files (x86)\HxD
2011-02-16 12:18:22 -------- d-----w- C:\Users\IBM_AD~1\AppData\Local\DuplicateCleaner
2011-02-16 11:05:04 -------- d-----w- C:\Users\IBM_AD~1\AppData\Local\Reasonable_Software_House
2011-02-16 11:04:46 -------- d-----w- C:\Users\IBM_AD~1\AppData\Roaming\Reasonable Software House Ltd
2011-02-14 23:40:40 -------- d-----w- C:\Program Files (x86)\MING Bandwidth Monitor
2011-02-14 23:40:40 -------- d-----w- C:\Program Files (x86)\Common Files\Borland Shared
2011-02-14 23:26:33 -------- d-----w- C:\Program Files (x86)\NET Traffic Meter
.
==================== Find3M ====================
.
2011-03-16 17:23:08 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-16 17:23:08 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-16 12:01:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-02-22 21:04:43 1263200 ----a-w- C:\Windows\System32\drivers\tdrpm273.sys
2011-02-07 09:25:41 67 ----a-w- C:\Windows\twin.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-12-28 16:22:48 645 ----a-w- C:\Windows\uninstallstickies.bat
2010-12-22 10:57:57 95512 ----a-w- C:\Windows\cursors\Superpack\Uninstal.exe
2010-12-22 10:55:34 352797 ----a-w- C:\Windows\cursors\cursor_superpack_setuo.exe
2010-12-20 18:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 20:16:01.96 ===============

ken545
2011-03-24, 02:22
:snwelcome:


Please read Before You Post (http://forums.spybot.info/showthread.php?t=288)
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

Until we deem your system clean I am going to ask you not to install or uninstall any software or hardware except for the programs we may run.


Is this a company computer ?

plug_it_in
2011-03-24, 19:02
No its mine , but I use it for work as well .

ken545
2011-03-24, 23:13
I am looking at Symantec Corporate Edition Antivirus install along with an IP address for IBM. Running scans and posting the logs can reveal sensitive company data. I would suggest that you contact your IT department for help.