Jump to content


Photo
- - - - -

Discovered I have PUM.Hijack.Startmenu


  • This topic is locked This topic is locked
2 replies to this topic

#1 arkbuilder

arkbuilder

    New Member

  • Members
  • Pip
  • 2 posts

Posted 30 March 2012 - 02:54 AM

Hello,

I've discovered, via Malwarebytes Anti-Malware that I managed to get myself infected with PUM.Hijack.Startmenu. I'm assuming it was running under Smart HDD; which was what had popped up after I closed about 30-40 generic / bland hard drive writing errors and it's splash screen showed up and started it's fantastic scanning process of my system. I researched about getting rid of Smart HDD, which led me to use rkill, and an app Unhide Non System Files. The Unhide Non System Files still didn't work appropriately, about only 1/3 of icons on my desktop re-appeared, and my wallpaper did not return. Eventually I downloaded Malwarebytes Anti-Malware to a flash drive via a laptop, and installed / ran it on my infected computer. I ran it 2x, the first time 2 errors popped up, but I didn't pay much attention to them, just did the run through of having the program delete / quarantine them and restarted my infected computer to see if that would work. Upon restart, everything was back to the original infected state; black wallpaper and only the Recycle Bin on the desktop. Ran the Anti-Malware program again to get the name, searched for solutions online by the name, ran across another forum posted about this specific malware on this forum....

http://forums.malwar...howtopic=107001

I attempted to follow it up to using ComboFix, didn't use it because I could not figure out how to temporarily disable. Anyhow, I've decided to follow suit from the topic I've listed and here's what DDS popped out:

DDS
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30
Run by Ark at 1:19:54 on 2012-03-30
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4087.2454 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe
C:\Program Files (x86)\Skype\Updater\Updater.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\system32\WTablet\Wacom_TabletUser.exe
C:\Windows\system32\Wacom_Tablet.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\Explorer.EXE
C:\ProgramData\vQKjDyPeBbSvEb.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\ProgramData\zmWswfiV9MBg1O.exe
C:\Windows\SysWOW64\attrib.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [vQKjDyPeBbSvEb.exe] C:\ProgramData\vQKjDyPeBbSvEb.exe
mRun: [<NO NAME>]
dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
TCP: Interfaces\{4E9B3883-E200-477B-AE89-389ED5C66271} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [(Default)]
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Ark\AppData\Roaming\Mozilla\Firefox\Profiles\uhkhm4oh.default\
FF - prefs.js: browser.startup.homepage - www.msn.com
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]
R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-16 913752]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]
R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]
R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]
R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-16 17152]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-9 2348352]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-16 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-17 1038088]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]
.
=============== Created Last 30 ================
.
2012-03-29 18:43:37 232448 ----a-w- C:\ProgramData\zmWswfiV9MBg1O.exe
2012-03-29 18:38:00 317952 ----a-w- C:\ProgramData\vQKjDyPeBbSvEb.exe
2012-03-24 15:21:33 -------- d--h--w- C:\Users\Ark\AppData\Local\TERA
2012-03-22 19:51:32 -------- d--h--w- C:\Users\Ark\AppData\Local\CrashDumps
2012-03-22 19:14:53 -------- d-sh--w- C:\ProgramData\SecuROM
2012-03-17 18:06:40 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-03-17 18:06:40 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-03-14 16:16:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-14 16:16:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-14 16:16:16 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 16:09:54 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 16:09:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 16:09:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 16:09:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 16:09:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 16:09:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 16:09:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 16:09:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 16:09:44 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 16:09:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-09 15:43:56 -------- d--h--w- C:\Users\Ark\AppData\Roaming\Rift
2012-03-09 10:23:47 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin
2012-03-09 10:21:52 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2012-03-09 10:21:51 31040 ----a-w- C:\Windows\System32\nvhdap64.dll
2012-03-09 10:21:51 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2012-03-09 10:21:47 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll
2012-03-09 10:21:47 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2012-03-09 10:21:46 2301248 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-03-08 03:55:02 -------- d--h--w- C:\Users\Ark\AppData\Roaming\Bioshock2
2012-03-08 03:53:34 -------- d-----w- C:\Windows\SysWow64\xlive
2012-03-08 03:53:34 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-02-29 20:01:44 -------- d--h--w- C:\Users\Ark\AppData\Roaming\fltk.org
2012-02-29 20:01:44 -------- d-----w- C:\ProgramData\fltk.org
2012-02-29 18:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
.
==================== Find3M ====================
.
2012-03-15 20:00:15 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-03-15 20:00:15 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-03-11 17:09:04 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll
2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-02-29 05:39:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-02-27 19:39:56 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe
2012-02-19 15:10:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
.
============= FINISH: 1:20:58.42 ===============


Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/16/2011 1:45:44 PM
System Uptime: 3/30/2012 1:17:37 AM (0 hours ago)
.
Motherboard: EVGA | | EVGA X58 3x SLI Classified 3
Processor: Intel® Core™ i7 CPU X 980 @ 3.33GHz | Socket 423 | 3316/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 410.389 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 1863 GiB total, 1375.563 GiB free.
G: is CDROM (CDFS)
H: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP88: 3/9/2012 9:41:39 AM - Installed DirectX
RP89: 3/11/2012 2:08:15 PM - Removed Soluto
RP90: 3/12/2012 3:18:19 PM - Installed BioShock 2
RP91: 3/14/2012 11:13:58 AM - Windows Update
RP92: 3/15/2012 11:45:28 AM - Installed DirectX
RP93: 3/22/2012 2:44:41 PM - Scheduled Checkpoint
RP94: 3/24/2012 10:21:12 AM - Installed TERA
RP95: 3/26/2012 1:40:41 AM - Windows Update
RP96: 3/26/2012 10:01:50 PM - Installed DirectX
RP97: 3/26/2012 10:02:21 PM - Installed Microsoft Visual C++ 2005 Redistributable
.
==== Installed Programs ======================
.
Acrobat.com
Ad-Aware
Adobe Acrobat 9 Pro - English, Français, Deutsch
Adobe Acrobat 9.5.0 - CPSID_83708
Adobe AIR
Adobe Anchor Service CS4
Adobe Asset Services CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Design Premium
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Fireworks CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe Version Cue CS4 Server
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 5
AI War: Fleet Command - Demo
Amazon MP3 Downloader 1.0.15
Amnesia: The Dark Descent
APB Reloaded
Audiosurf
Battlefield: Bad Company 2
Beat Hazard
BioShock
BioShock 2
BIT.TRIP BEAT
Blacklight Retribution
Borderlands
BufferChm
Call of Duty: Modern Warfare 3 - Multiplayer
Command & Conquer The First Decade
Company of Heroes
Company of Heroes: Tales of Valor
Connect
Counter-Strike: Source
Counter-Strike: Source Beta
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
Creative System Information
D110
Day of Defeat: Source
Dead Horde
Dead Island
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
Dolby Axon - 1.4.0.1
Dolby Digital Live Pack
Dragon Age: Origins - Ultimate Edition
DTS Connect Pack
Dungeon Defenders
Dungeon Siege
Dungeon Siege 2
Dungeon Siege III
Dungeons & Dragons: Daggerdale
EverQuest II
Fallen Earth
Fallout 3
Fallout 3 - Game of the Year Edition
FlatOut Demo
GameSpy Arcade
Garry's Mod
Genesis Rising
GPBaseService2
Grand Theft Auto
Grand Theft Auto 2
Grand Theft Auto III
Grand Theft Auto IV
Grand Theft Auto: Episodes from Liberty City
Grand Theft Auto: San Andreas
Grand Theft Auto: Vice City
Greenshot
Half-Life
Half-Life 2
Half-Life 2: Deathmatch
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Deathmatch: Source
Half-Life: Blue Shift
Half-Life: Opposing Force
Hitman 2: Silent Assassin
Hitman: Blood Money
Hitman: Codename 47
HP Update
HPAppStudio
HPPhotoGadget
HPProductAssistant
ImgBurn
Java Auto Updater
Java™ 6 Update 30
Just Cause
Just Cause 2
Killing Floor
Kingdoms of Amalur: Reckoning Demo
kuler
League of Legends
Left 4 Dead
Left 4 Dead 2
Mafia II
Malwarebytes Anti-Malware version 1.60.1.1000
marvell 91xx driver
Marvell MRU V4
Mass Effect
Mass Effect 2
Max Payne
Max Payne 2: The Fall of Max Payne
Men Of War: Assault Squad GOTY Demo
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Halo
Microsoft Rise Of Nations
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 4.0
Mount & Blade
Mount & Blade: Warband
Mozilla Firefox 11.0 (x86 en-US)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Nation Red
NEC Electronics USB 3.0 Host Controller Driver
Nexus: The Jupiter Incident
Nuclear Dawn
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Oddworld: Abe's Exoddus
Oddworld: Abe's Oddysee
Oddworld: Munch's Oddysee
Oddworld: Stranger's Wrath
OpenAL
OpenOffice.org 3.3
Orcs Must Die!
Pando Media Booster
PAYDAY: The Heist
PDF Settings CS4
Peggle Deluxe
Peggle Nights
Photoshop Camera Raw
Pixel Bender Toolkit
Plants vs. Zombies: Game of the Year
Portal
PS_AIO_07_D110_SW_Min
PunkBuster Services
QuickTransfer
Realm of the Mad God
Realtek Ethernet Controller Driver For Windows 7
Realtek High Definition Audio Driver
Rhythm Zone
RIFT™
Rise of Nations Thrones and Patriots
Risen - Demo
Rochard
Scan
Seagate DiscWizard
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Serious Sam 2
Serious Sam 3: BFE
Serious Sam Classic: The First Encounter
Serious Sam Classic: The Second Encounter
Serious Sam Double D
Serious Sam HD: The First Encounter
Serious Sam HD: The Second Encounter
Serious Sam: The Random Encounter
Sid Meier's Civilization V
SimCity 4 Deluxe
Sins of a Solar Empire: Trinity
SIW version 2011.10.29
Skype™ 5.8
SOL: Exodus Demo
SolutionCenter
Sound Blaster X-Fi
Space Pirates and Zombies
Spybot - Search & Destroy
Star Raiders
Star Ruler
Star Trek Online
StarCraft II
Steam
Stronghold
Stronghold 2
Stronghold Crusader + Extreme
Stronghold Legends
Suite Shared Configuration CS4
Supreme Commander 2
Team Fortress 2
Team Fortress 2 Beta
Team Fortress Classic
TERA
Terraria
The Polynomial
Toolbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Visual Studio 2008 x64 Redistributables
Wacom Tablet
Warcraft III
WebReg
WinRAR 4.01 (32-bit)
World of Tanks v.0.7.0
X-Tension
X: Beyond the Frontier
X2: The Threat
X3: Albion Prelude
X3: Reunion
Zombie Driver
.
==== Event Viewer Messages From Past Week ========
.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 9 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 8 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 11 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 10 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.
3/30/2012 1:05:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
3/30/2012 1:05:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
3/30/2012 1:05:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
3/30/2012 1:04:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
3/30/2012 1:04:48 AM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The MRU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
3/30/2012 1:04:45 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.
3/29/2012 9:38:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.
.
==== End Of File ===========================

#2 arkbuilder

arkbuilder

    New Member

  • Members
  • Pip
  • 2 posts

Posted 01 April 2012 - 07:27 PM

For those who've might've skimmed / perused my post I have good news. Along with the help of a close friend we had managed to find a link that delved a little more deeply into how to get rid of this infection, and guess what, it wasn't a link for a program claiming it could get rid of it! /end sarcasm. I won't provide the link unless someone requests it. The main issue, I think, was deleting a few registry keys (identified by the site we found), and with the help of MBAM (finding the location of the actual infected files) to later phsyically delete under C:\ProgramData. Please do not assume that this will work for you, this is just food for thought that I felt like sharing, if you feel like poking around without actually altering anything before receving certified instructions via the forums.

Registry key removal suggestions removed



forget, being able to use regedit or task manager, I was running in Safe Mode, without network options. After deleting the bolded keys, a messed up .exe file in the ProgramData folder and running the unhide.exe provided on the forums (thank you kindly, totally worked better than what I pulled from Major Geeks) I restarted my computer as normal. No pop-ups, icons were still on the desktop, wallpaper did not return automatically though once startup had finished. I then proceeded to re-run my AV, anti-malware (MBAM, Ad-Aware, Spybot and ASC5) - Nothing popped up, even for MBAM so I took the next step of reconnecting to the internet (I had physically d/ced my computer from the internet, I do not know if getting infected like this would cause any problems, if you can launch a browser w/out the icon). Finally, updated everything and re-ran all the programs for the 2nd time and still nothing! And before I labeled it a great success, I went through the arduous task of resetting my security info on my accounts, passwords mainly but you get the idea. Nothing fishy has turned up.... yet, what little money I have in my bank is still there so I'm calling this a success.

#3 LDTate

LDTate

    Forum Deity

  • Moderators
  • PipPipPipPipPipPip
  • 21,126 posts
  • Gender:Male
  • Location:Missouri, USA

Posted 08 April 2012 - 07:15 AM

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.
Larry Tate
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users