Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Win7 Antivirus 2012?! and malware corruption (corrected)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Win7 Antivirus 2012?! and malware corruption (corrected)

Unread postby NephTheLiveWire » January 6th, 2012, 6:25 pm

Shortly after the new year I began having issues with my Lenovo V570 (my personal) laptop. This program (Win7 Antivirus 2012) began by giving me malware, spyware, firewall, and vulnerability warnings which it was in fact causing. It began infecting various programs and parts of my registry and disabling nearly everything I could do while in normal run mode. After restarting and going into safe mode I ran a multitude of programs (ESET Smart Security 5, Malwarebytes Anti-Malware, Spybot Search & Destroy, SUPERantispyware free edition, and lastly I restarted the PC and ran HiJackThis in safe mode with networking) and believe the issue to be gone but I really want to be sure that there is nothing left over. Some of the information on my laptop is extremely sensitive and I would greatly appreciate any advice you may be able to provide. Below you will find the log from the final scan.

--------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:15 PM, on 1/6/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
O4 - HKLM\..\Run: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
O4 - HKLM\..\Run: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
O4 - HKLM\..\Run: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
O4 - HKLM\..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
O4 - HKLM\..\Run: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Best Buy pc app.lnk = C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe (User 'Default user')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
O23 - Service: EgisTec Service Help - Egis Technology Inc. - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\windows\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel(R) Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11122 bytes
NephTheLiveWire
Active Member
 
Posts: 3
Joined: January 6th, 2012, 1:31 pm
Advertisement
Register to Remove

Re: Win7 Antivirus 2012?! and malware corruption (corrected)

Unread postby maxi » January 9th, 2012, 12:41 pm

Hello NephTheLiveWire,

Welcome to the forum!

My name is maxi and I'll be helping you with any malware problems.

Currently I am working under the guidance of the MRU teachers and everything I post to you, must first be approved by them.
This additional review process can add some extra time to my responses, but I will post back with instructions for you as soon as possible.


Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process. This adds more items to be researched.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!"
    Absence of symptoms does not mean that everything is clear.


Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf, you have any questions or problems, executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

DDS
Please download DDS by sUBs from one of the links below, save it to your Desktop (Note: It must be in this location).
Please disable any anti-malware program that will block scripts from running before running DDS.

  • Right-Click on dds.scr And select " Run as administrator "... and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

In your next reply please include.
Both logs from DDS.

Regards maxi :)
User avatar
maxi
Retired Graduate
 
Posts: 1262
Joined: September 25th, 2009, 10:17 am
Location: Cork, Ireland.

Re: Win7 Antivirus 2012?! and malware corruption (corrected)

Unread postby NephTheLiveWire » January 9th, 2012, 1:27 pm

Thank you for getting back to me in such a timely manner. I would like to again make you aware of the corrective steps I have taken prior to seeking help on here. All the steps I've taken have been listed in the first post. As you've asked, below is the dds.txt file and attached you will find the attach.zip file.

--------------------------------------------------------------------------------------------------------------------------------
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_22
Run by Neph at 12:20:21 on 2012-01-09
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6058.4372 [GMT -5:00]
.
AV: ESET Smart Security 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\TPHDEXLG64.exe
C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
C:\windows\system32\wbem\unsecapp.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\WUDFHost.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Stardock\ObjectDockPlus2\Dock64.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe
C:\windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDockTray.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\svchost.exe -k WbioSvcGroup
C:\windows\system32\igfxsrvc.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\DllHost.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain ... &bmod=LENN
mStart Page = about:blank
mWinlogon: Userinit=userinit.exe,
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: EgisPBIE Class: {7b51ccbe-4af9-44a6-bdab-d7f7e4c4e6f9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
StartupFolder: C:\Users\Neph\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA}\0484F6D65653634434 : DhcpNameServer = 209.18.47.61 209.18.47.62 0.0.0.0
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA}\25F636B637471627 : DhcpNameServer = 192.168.2.1 209.18.47.61 209.18.47.62
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA}\4727565686F6573756339376 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA}\47F646169757478696E6B613 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D42E492F-4D31-4473-BA56-013FDC49E6DA}\D69745F65736860243740284F6473707F647 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
LSA: Notification Packages = scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO-X64: EgisPBIE - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun-x64: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun-x64: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun-x64: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe /run
mRun-x64: [PLTSR] "C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe"
mRun-x64: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun-x64: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun-x64: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun-x64: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Neph\AppData\Roaming\Mozilla\Firefox\Profiles\mivnpkfy.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\windows\system32\DRIVERS\epfwwfp.sys --> C:\windows\system32\DRIVERS\epfwwfp.sys [?]
R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?]
R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\windows\system32\DRIVERS\ApsHM64.sys --> C:\windows\system32\DRIVERS\ApsHM64.sys [?]
R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?]
R1 EgisTecFF;EgisTecFF;C:\windows\system32\DRIVERS\EgisTecFF.sys --> C:\windows\system32\DRIVERS\EgisTecFF.sys [?]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\system32\DRIVERS\EpfwLWF.sys --> C:\windows\system32\DRIVERS\EpfwLWF.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2011-6-14 498688]
R2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys --> C:\windows\system32\DRIVERS\eamonm.sys [?]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-8-9 974944]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-9-3 2656280]
R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2011-6-14 986112]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?]
R3 bpenum;Intel(R) Centrino(R) WiMAX Enumerator;C:\windows\system32\DRIVERS\bpenum.sys --> C:\windows\system32\DRIVERS\bpenum.sys [?]
R3 bpmp;Intel(R) Centrino(R) WiMAX 6050 Series;C:\windows\system32\DRIVERS\bpmp.sys --> C:\windows\system32\DRIVERS\bpmp.sys [?]
R3 bpusb;Intel(R) Centrino(R) WiMAX 6050 Series Function Driver;C:\windows\system32\Drivers\bpusb.sys --> C:\windows\system32\Drivers\bpusb.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETwNs64.sys --> C:\windows\system32\DRIVERS\NETwNs64.sys [?]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vm331avs;Digital Camera 1;C:\windows\system32\Drivers\vm331avs.sys --> C:\windows\system32\Drivers\vm331avs.sys [?]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\system32\Drivers\vmuvcflt.sys --> C:\windows\system32\Drivers\vmuvcflt.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\windows\system32\DRIVERS\WDKMD.sys --> C:\windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-3 136176]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-5 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-9-3 136176]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-11-2 340240]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\system32\drivers\TsUsbGD.sys --> C:\windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-01-08 17:15:52 -------- d-----w- C:\off phone
2012-01-07 00:00:56 -------- d-sh--w- C:\windows\System32\%APPDATA%
2012-01-06 00:17:35 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-05 21:57:09 -------- d-----w- C:\Users\Neph\AppData\Local\ODUI
2012-01-05 21:57:03 -------- d-----w- C:\Users\Neph\AppData\Local\Stardock
2012-01-05 21:50:51 -------- dc-h--w- C:\ProgramData\{0F4A7EFE-5950-4389-BF36-1E625D72456B}
2012-01-05 21:50:51 -------- d-----w- C:\ProgramData\Stardock
2012-01-05 21:50:51 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2012-01-05 21:44:25 -------- d-----w- C:\Users\Neph\AppData\Roaming\Stardock
2012-01-05 21:44:20 -------- dc-h--w- C:\ProgramData\{A87EB928-0C6C-4071-AEF1-59E32BAEDF1B}
2012-01-05 21:44:19 -------- d-----w- C:\Program Files (x86)\Stardock
2012-01-05 21:44:00 -------- d-----w- C:\Users\Neph\AppData\Local\PackageAware
2012-01-05 20:50:29 -------- d-----w- C:\Users\Neph\AppData\Roaming\ESET
2012-01-05 20:50:29 -------- d-----w- C:\Users\Neph\AppData\Local\ESET
2012-01-05 20:49:41 -------- d-----w- C:\Program Files\ESET
2012-01-05 19:15:17 -------- d-----w- C:\ProgramData\Energy Management
2012-01-05 17:41:52 -------- d-----w- C:\Users\Neph\AppData\Roaming\SUPERAntiSpyware.com
2012-01-05 17:41:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-01-05 17:41:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-01-05 17:13:10 -------- d-----w- C:\Users\Neph\AppData\Roaming\IObit
2012-01-05 17:13:09 -------- d-----w- C:\Program Files (x86)\IObit
2012-01-05 17:02:16 -------- d-----w- C:\Users\Neph\AppData\Local\VS Revo Group
2012-01-05 17:02:13 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2012-01-05 17:02:12 -------- d-----w- C:\Program Files\VS Revo Group
2012-01-05 16:49:18 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-01-05 16:49:18 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-01-05 16:08:03 -------- d-----w- C:\Users\Neph\AppData\Roaming\Malwarebytes
2012-01-05 16:07:42 39984 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2012-01-05 16:07:42 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-05 16:07:39 23152 ----a-w- C:\windows\System32\drivers\mbam.sys
2012-01-05 16:07:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-05 15:52:51 388096 ----a-r- C:\Users\Neph\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-01-05 15:52:51 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-01-05 15:47:42 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BF750DC8-5DAA-458B-961E-111C5F66892F}\mpengine.dll
2012-01-02 15:21:23 -------- d-----w- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2012-01-02 15:17:57 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8
2011-12-31 19:42:35 -------- d-----w- C:\Users\Neph\AppData\Local\Microsoft Help
2011-12-31 19:27:05 -------- d-----w- C:\windows\SysWow64\spool
2011-12-27 04:26:37 -------- d-----w- C:\Users\Neph\AppData\Local\{AE778DB9-8048-452B-88F9-013691883CBC}
2011-12-27 01:12:33 -------- d-----w- C:\Program Files\Diner Dash Flo on the Go
2011-12-27 01:12:23 -------- d-----w- C:\Users\Neph\AppData\Local\jZip
2011-12-27 01:11:45 -------- d-----w- C:\Program Files (x86)\jZip
2011-12-19 17:07:01 2382848 ----a-w- C:\windows\System32\mshtml.tlb
2011-12-19 17:07:00 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2011-12-19 17:07:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2011-12-19 17:07:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2011-12-19 01:54:43 -------- d-----w- C:\Users\Neph\AppData\Local\{B6DFD2AE-DD18-4895-9316-C627C1FD869C}
2011-12-19 01:54:43 -------- d-----w- C:\Users\Neph\AppData\Local\{08AE3EA5-B2B1-406F-9448-7036F36E0118}
2011-12-19 01:15:58 43520 ----a-w- C:\windows\System32\csrsrv.dll
2011-12-19 01:15:55 723456 ----a-w- C:\windows\System32\EncDec.dll
2011-12-19 01:15:55 534528 ----a-w- C:\windows\SysWow64\EncDec.dll
2011-12-19 01:15:54 3145216 ----a-w- C:\windows\System32\win32k.sys
2011-12-19 01:15:31 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-12-19 01:15:31 2048 ----a-w- C:\windows\System32\tzres.dll
.
==================== Find3M ====================
.
2011-12-09 13:47:29 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-11-04 01:53:39 2309120 ----a-w- C:\windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\windows\System32\inetcpl.cpl
2011-11-03 22:47:42 1798144 ----a-w- C:\windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\windows\SysWow64\wininet.dll
2011-10-21 22:41:32 510232 ----a-w- C:\windows\System32\igfxsrvc.exe
2011-10-21 22:41:32 167704 ----a-w- C:\windows\System32\igfxtray.exe
2011-10-21 22:41:30 416024 ----a-w- C:\windows\System32\igfxpers.exe
2011-10-21 22:41:28 239896 ----a-w- C:\windows\System32\igfxext.exe
2011-10-21 22:41:26 392472 ----a-w- C:\windows\System32\hkcmd.exe
2011-10-21 22:41:24 4378392 ----a-w- C:\windows\System32\GfxUI.exe
2011-10-21 22:41:24 184600 ----a-w- C:\windows\System32\difx64.exe
2011-10-21 22:36:12 90112 ----a-w- C:\windows\System32\igfxCoIn_v2559.dll
2011-10-21 22:30:04 8313856 ----a-w- C:\windows\System32\igdumd64.dll
2011-10-21 22:30:04 12310112 ----a-w- C:\windows\System32\drivers\igdkmd64.sys
2011-10-21 22:27:54 217536 ----a-w- C:\windows\SysWow64\igfcg600m.bin
2011-10-21 22:27:54 217536 ----a-w- C:\windows\System32\igfcg600m.bin
2011-10-21 22:27:48 75776 ----a-w- C:\windows\System32\igdde64.dll
2011-10-21 22:25:02 6323712 ----a-w- C:\windows\SysWow64\igdumd32.dll
2011-10-21 22:22:54 56832 ----a-w- C:\windows\SysWow64\igdde32.dll
2011-10-21 22:21:44 581120 ----a-w- C:\windows\SysWow64\igdumdx32.dll
2011-10-21 22:19:24 14592512 ----a-w- C:\windows\System32\igd10umd64.dll
2011-10-21 22:13:56 12340224 ----a-w- C:\windows\SysWow64\igd10umd32.dll
2011-10-21 22:08:10 18651648 ----a-w- C:\windows\System32\ig4icd64.dll
2011-10-21 22:03:04 13903872 ----a-w- C:\windows\SysWow64\ig4icd32.dll
2011-10-21 21:58:58 286720 ----a-w- C:\windows\System32\igfxrnld.lrc
2011-10-21 21:58:58 286720 ----a-w- C:\windows\System32\igfxrcsy.lrc
2011-10-21 21:58:58 285696 ----a-w- C:\windows\System32\igfxrdan.lrc
2011-10-21 21:58:56 285184 ----a-w- C:\windows\System32\igfxrara.lrc
2011-10-21 21:58:56 282624 ----a-w- C:\windows\System32\igfxrcht.lrc
2011-10-21 21:58:56 282624 ----a-w- C:\windows\System32\igfxrchs.lrc
2011-10-21 21:58:54 126976 ----a-w- C:\windows\System32\igfxcpl.cpl
2011-10-21 21:58:24 375808 ----a-w- C:\windows\System32\igfxpph.dll
2011-10-21 21:58:20 378368 ----a-w- C:\windows\System32\igfxTMM.dll
2011-10-21 21:58:14 28672 ----a-w- C:\windows\System32\igfxexps.dll
2011-10-21 21:57:58 62464 ----a-w- C:\windows\System32\igfxsrvc.dll
2011-10-21 21:57:24 110080 ----a-w- C:\windows\System32\hccutils.dll
2011-10-21 21:57:16 146432 ----a-w- C:\windows\System32\gfxSrvc.dll
2011-10-21 21:57:14 4096 ----a-w- C:\windows\System32\IGFXDEVLib.dll
2011-10-21 21:57:14 390144 ----a-w- C:\windows\System32\igfxdev.dll
2011-10-21 21:56:36 285696 ----a-w- C:\windows\System32\igfxrenu.lrc
2011-10-21 21:56:30 9014784 ----a-w- C:\windows\System32\igfxress.dll
2011-10-21 21:56:30 142336 ----a-w- C:\windows\System32\igfxdo.dll
2011-10-21 21:52:52 24576 ----a-w- C:\windows\SysWow64\igfxexps32.dll
2011-10-21 21:52:04 294400 ----a-w- C:\windows\SysWow64\igfxdv32.dll
2011-10-21 21:50:00 98304 ----a-w- C:\windows\SysWow64\iglhcp32.dll
2011-10-21 21:50:00 98304 ----a-w- C:\windows\System32\iglhcp64.dll
2011-10-21 21:50:00 376832 ----a-w- C:\windows\SysWow64\iglhsip32.dll
2011-10-21 21:50:00 376832 ----a-w- C:\windows\System32\iglhsip64.dll
2011-10-21 21:50:00 2177536 ----a-w- C:\windows\System32\igfxcmjit64.dll
2011-10-21 21:50:00 171520 ----a-w- C:\windows\SysWow64\igfxcmrt32.dll
2011-10-21 21:50:00 1663488 ----a-w- C:\windows\SysWow64\igfxcmjit32.dll
2011-10-21 21:50:00 148480 ----a-w- C:\windows\System32\igfxcmrt64.dll
.
============= FINISH: 12:21:15.53 ===============
You do not have the required permissions to view the files attached to this post.
NephTheLiveWire
Active Member
 
Posts: 3
Joined: January 6th, 2012, 1:31 pm

Re: Win7 Antivirus 2012?! and malware corruption (corrected)

Unread postby Cypher » January 10th, 2012, 1:09 pm

Business Use / Business Networked Computer
It appears you are using your computer for business purposes or connecting to a business network.

May I draw your attention to the topic: ALL USERS OF THIS FORUM MUST READ THIS FIRST, which you should have read before posting for help.

The section here explains why we do not offer help for such computers. Thank you for your understanding.

This topic is now closed.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 149 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware