arkbuilder

Discovered I have PUM.Hijack.Startmenu

3 posts in this topic

Hello,

I've discovered, via Malwarebytes Anti-Malware that I managed to get myself infected with PUM.Hijack.Startmenu. I'm assuming it was running under Smart HDD; which was what had popped up after I closed about 30-40 generic / bland hard drive writing errors and it's splash screen showed up and started it's fantastic scanning process of my system. I researched about getting rid of Smart HDD, which led me to use rkill, and an app Unhide Non System Files. The Unhide Non System Files still didn't work appropriately, about only 1/3 of icons on my desktop re-appeared, and my wallpaper did not return. Eventually I downloaded Malwarebytes Anti-Malware to a flash drive via a laptop, and installed / ran it on my infected computer. I ran it 2x, the first time 2 errors popped up, but I didn't pay much attention to them, just did the run through of having the program delete / quarantine them and restarted my infected computer to see if that would work. Upon restart, everything was back to the original infected state; black wallpaper and only the Recycle Bin on the desktop. Ran the Anti-Malware program again to get the name, searched for solutions online by the name, ran across another forum posted about this specific malware on this forum....

http://forums.malwar...howtopic=107001

I attempted to follow it up to using ComboFix, didn't use it because I could not figure out how to temporarily disable. Anyhow, I've decided to follow suit from the topic I've listed and here's what DDS popped out:

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_30

Run by Ark at 1:19:54 on 2012-03-30

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4087.2454 [GMT -5:00]

.

AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe

C:\Program Files (x86)\Skype\Updater\Updater.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe

C:\Windows\system32\taskhost.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Windows\system32\WTablet\Wacom_TabletUser.exe

C:\Windows\system32\Wacom_Tablet.exe

C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

C:\Windows\Explorer.EXE

C:\ProgramData\vQKjDyPeBbSvEb.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\ProgramData\zmWswfiV9MBg1O.exe

C:\Windows\SysWOW64\attrib.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

uRun: [vQKjDyPeBbSvEb.exe] C:\ProgramData\vQKjDyPeBbSvEb.exe

mRun: [<NO NAME>]

dRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

TCP: Interfaces\{4E9B3883-E200-477B-AE89-389ED5C66271} : DhcpNameServer = 24.196.64.53 68.113.206.10 24.178.162.3

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

LSA: Authentication Packages = msv1_0 relog_ap

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

BHO-X64: SmartSelect - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

mRun-x64: [(Default)]

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ark\AppData\Roaming\Mozilla\Firefox\Profiles\uhkhm4oh.default\

FF - prefs.js: browser.startup.homepage - www.msn.com

FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]

R0 mv91cons;Marvell 91xx Config Device Driver;C:\Windows\system32\DRIVERS\mv91cons.sys --> C:\Windows\system32\DRIVERS\mv91cons.sys [?]

R0 mv91xx;mv91xx;C:\Windows\system32\DRIVERS\mv91xx.sys --> C:\Windows\system32\DRIVERS\mv91xx.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-12-16 913752]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-10-28 2152152]

R2 Marvell RAID;Marvell RAID Event Agent;C:\Program Files (x86)\Marvell\raid\svc\mvraidsvc.exe [2009-10-5 151552]

R2 MRUWebService;MRU Web Service;C:\Program Files (x86)\Marvell\raid\Apache2\bin\httpd.exe [2009-4-8 24635]

R2 SgtSch2Svc;Seagate Scheduler2 Service;C:\Program Files (x86)\Common Files\Seagate\Schedule2\schedul2.exe [2009-10-16 606048]

R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-15 158856]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\system32\drivers\ha20x22k.sys --> C:\Windows\system32\drivers\ha20x22k.sys [?]

R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-12-16 17152]

R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 Razerlow;Razer Pro|Solutions;C:\Windows\system32\drivers\DB3G.sys --> C:\Windows\system32\drivers\DB3G.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-9 2348352]

S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-12-16 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-12-16 79360]

S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]

S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]

S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-12-17 1038088]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

.

=============== Created Last 30 ================

.

2012-03-29 18:43:37 232448 ----a-w- C:\ProgramData\zmWswfiV9MBg1O.exe

2012-03-29 18:38:00 317952 ----a-w- C:\ProgramData\vQKjDyPeBbSvEb.exe

2012-03-24 15:21:33 -------- d--h--w- C:\Users\Ark\AppData\Local\TERA

2012-03-22 19:51:32 -------- d--h--w- C:\Users\Ark\AppData\Local\CrashDumps

2012-03-22 19:14:53 -------- d-sh--w- C:\ProgramData\SecuROM

2012-03-17 18:06:40 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-03-17 18:06:40 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-03-14 16:16:16 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-14 16:16:16 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-14 16:16:16 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-14 16:09:54 3145728 ----a-w- C:\Windows\System32\win32k.sys

2012-03-14 16:09:54 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-03-14 16:09:54 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-03-14 16:09:45 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-03-14 16:09:45 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-03-14 16:09:45 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-03-14 16:09:44 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-03-14 16:09:44 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-03-14 16:09:44 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-03-14 16:09:44 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-03-09 15:43:56 -------- d--h--w- C:\Users\Ark\AppData\Roaming\Rift

2012-03-09 10:23:47 2515790 ----a-w- C:\Windows\System32\nvcoproc.bin

2012-03-09 10:21:52 1451840 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll

2012-03-09 10:21:51 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-03-09 10:21:51 188224 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

2012-03-09 10:21:47 962368 ----a-w- C:\Windows\System32\nvumdshimx.dll

2012-03-09 10:21:47 7713088 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll

2012-03-09 10:21:46 2301248 ----a-w- C:\Windows\SysWow64\nvapi.dll

2012-03-08 03:55:02 -------- d--h--w- C:\Users\Ark\AppData\Roaming\Bioshock2

2012-03-08 03:53:34 -------- d-----w- C:\Windows\SysWow64\xlive

2012-03-08 03:53:34 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE

2012-02-29 20:01:44 -------- d--h--w- C:\Users\Ark\AppData\Roaming\fltk.org

2012-02-29 20:01:44 -------- d-----w- C:\ProgramData\fltk.org

2012-02-29 18:26:56 416064 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

==================== Find3M ====================

.

2012-03-15 20:00:15 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-03-15 20:00:15 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-03-11 17:09:04 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-02-29 21:00:22 3089728 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-02-29 21:00:09 6074176 ----a-w- C:\Windows\System32\nvcpl.dll

2012-02-29 20:59:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-02-29 20:59:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-02-29 20:59:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-02-29 05:39:28 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-27 19:39:56 2434856 ----a-w- C:\Windows\SysWow64\pbsvc_bc2.exe

2012-02-19 15:10:09 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll

2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll

.

============= FINISH: 1:20:58.42 ===============

Attach

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2011 1:45:44 PM

System Uptime: 3/30/2012 1:17:37 AM (0 hours ago)

.

Motherboard: EVGA | | EVGA X58 3x SLI Classified 3

Processor: Intel® Core™ i7 CPU X 980 @ 3.33GHz | Socket 423 | 3316/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 410.389 GiB free.

D: is CDROM (CDFS)

E: is CDROM (CDFS)

F: is FIXED (NTFS) - 1863 GiB total, 1375.563 GiB free.

G: is CDROM (CDFS)

H: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP88: 3/9/2012 9:41:39 AM - Installed DirectX

RP89: 3/11/2012 2:08:15 PM - Removed Soluto

RP90: 3/12/2012 3:18:19 PM - Installed BioShock 2

RP91: 3/14/2012 11:13:58 AM - Windows Update

RP92: 3/15/2012 11:45:28 AM - Installed DirectX

RP93: 3/22/2012 2:44:41 PM - Scheduled Checkpoint

RP94: 3/24/2012 10:21:12 AM - Installed TERA

RP95: 3/26/2012 1:40:41 AM - Windows Update

RP96: 3/26/2012 10:01:50 PM - Installed DirectX

RP97: 3/26/2012 10:02:21 PM - Installed Microsoft Visual C++ 2005 Redistributable

.

==== Installed Programs ======================

.

Acrobat.com

Ad-Aware

Adobe Acrobat 9 Pro - English, Français, Deutsch

Adobe Acrobat 9.5.0 - CPSID_83708

Adobe AIR

Adobe Anchor Service CS4

Adobe Asset Services CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe Creative Suite 4 Design Premium

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe Dreamweaver CS4

Adobe Drive CS4

Adobe Dynamiclink Support

Adobe ExtendScript Toolkit CS4

Adobe Extension Manager CS4

Adobe Fireworks CS4

Adobe Flash CS4

Adobe Flash CS4 Extension - Flash Lite STI en

Adobe Flash CS4 STI-en

Adobe Flash Player 10 ActiveX

Adobe Fonts All

Adobe Illustrator CS4

Adobe InDesign CS4

Adobe InDesign CS4 Application Feature Set Files (Roman)

Adobe InDesign CS4 Common Base Files

Adobe InDesign CS4 Icon Handler

Adobe Linguistics CS4

Adobe Media Encoder CS4

Adobe Media Encoder CS4 Importer

Adobe Media Player

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe SGM CS4

Adobe SING CS4

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe Version Cue CS4 Server

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced SystemCare 5

AI War: Fleet Command - Demo

Amazon MP3 Downloader 1.0.15

Amnesia: The Dark Descent

APB Reloaded

Audiosurf

Battlefield: Bad Company 2

Beat Hazard

BioShock

BioShock 2

BIT.TRIP BEAT

Blacklight Retribution

Borderlands

BufferChm

Call of Duty: Modern Warfare 3 - Multiplayer

Command & Conquer The First Decade

Company of Heroes

Company of Heroes: Tales of Valor

Connect

Counter-Strike: Source

Counter-Strike: Source Beta

Creative Audio Control Panel

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Creative System Information

D110

Day of Defeat: Source

Dead Horde

Dead Island

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

Dolby Axon - 1.4.0.1

Dolby Digital Live Pack

Dragon Age: Origins - Ultimate Edition

DTS Connect Pack

Dungeon Defenders

Dungeon Siege

Dungeon Siege 2

Dungeon Siege III

Dungeons & Dragons: Daggerdale

EverQuest II

Fallen Earth

Fallout 3

Fallout 3 - Game of the Year Edition

FlatOut Demo

GameSpy Arcade

Garry's Mod

Genesis Rising

GPBaseService2

Grand Theft Auto

Grand Theft Auto 2

Grand Theft Auto III

Grand Theft Auto IV

Grand Theft Auto: Episodes from Liberty City

Grand Theft Auto: San Andreas

Grand Theft Auto: Vice City

Greenshot

Half-Life

Half-Life 2

Half-Life 2: Deathmatch

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Half-Life Deathmatch: Source

Half-Life: Blue Shift

Half-Life: Opposing Force

Hitman 2: Silent Assassin

Hitman: Blood Money

Hitman: Codename 47

HP Update

HPAppStudio

HPPhotoGadget

HPProductAssistant

ImgBurn

Java Auto Updater

Java™ 6 Update 30

Just Cause

Just Cause 2

Killing Floor

Kingdoms of Amalur: Reckoning Demo

kuler

League of Legends

Left 4 Dead

Left 4 Dead 2

Mafia II

Malwarebytes Anti-Malware version 1.60.1.1000

marvell 91xx driver

Marvell MRU V4

Mass Effect

Mass Effect 2

Max Payne

Max Payne 2: The Fall of Max Payne

Men Of War: Assault Squad GOTY Demo

Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Halo

Microsoft Rise Of Nations

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0

Mount & Blade

Mount & Blade: Warband

Mozilla Firefox 11.0 (x86 en-US)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP2 Parser and SDK

MSXML4 Parser

Nation Red

NEC Electronics USB 3.0 Host Controller Driver

Nexus: The Jupiter Incident

Nuclear Dawn

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Oddworld: Abe's Exoddus

Oddworld: Abe's Oddysee

Oddworld: Munch's Oddysee

Oddworld: Stranger's Wrath

OpenAL

OpenOffice.org 3.3

Orcs Must Die!

Pando Media Booster

PAYDAY: The Heist

PDF Settings CS4

Peggle Deluxe

Peggle Nights

Photoshop Camera Raw

Pixel Bender Toolkit

Plants vs. Zombies: Game of the Year

Portal

PS_AIO_07_D110_SW_Min

PunkBuster Services

QuickTransfer

Realm of the Mad God

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Rhythm Zone

RIFT™

Rise of Nations Thrones and Patriots

Risen - Demo

Rochard

Scan

Seagate DiscWizard

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Serious Sam 2

Serious Sam 3: BFE

Serious Sam Classic: The First Encounter

Serious Sam Classic: The Second Encounter

Serious Sam Double D

Serious Sam HD: The First Encounter

Serious Sam HD: The Second Encounter

Serious Sam: The Random Encounter

Sid Meier's Civilization V

SimCity 4 Deluxe

Sins of a Solar Empire: Trinity

SIW version 2011.10.29

Skype™ 5.8

SOL: Exodus Demo

SolutionCenter

Sound Blaster X-Fi

Space Pirates and Zombies

Spybot - Search & Destroy

Star Raiders

Star Ruler

Star Trek Online

StarCraft II

Steam

Stronghold

Stronghold 2

Stronghold Crusader + Extreme

Stronghold Legends

Suite Shared Configuration CS4

Supreme Commander 2

Team Fortress 2

Team Fortress 2 Beta

Team Fortress Classic

TERA

Terraria

The Polynomial

Toolbox

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Visual Studio 2008 x64 Redistributables

Wacom Tablet

Warcraft III

WebReg

WinRAR 4.01 (32-bit)

World of Tanks v.0.7.0

X-Tension

X: Beyond the Frontier

X2: The Threat

X3: Albion Prelude

X3: Reunion

Zombie Driver

.

==== Event Viewer Messages From Past Week ========

.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 9 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 8 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 11 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 10 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:17:55 AM, Error: Microsoft-Windows-Kernel-Processor-Power [35] - Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

3/30/2012 1:05:15 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

3/30/2012 1:05:14 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

3/30/2012 1:05:13 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/30/2012 1:05:07 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/30/2012 1:04:48 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx64 Avgmfx64 Avgtdia CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

3/30/2012 1:04:48 AM, Error: Service Control Manager [7001] - The Marvell RAID Event Agent service depends on the MRU Web Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

3/30/2012 1:04:47 AM, Error: Service Control Manager [7001] - The MRU Web Service service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:46 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

3/30/2012 1:04:45 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

3/29/2012 9:38:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.

.

==== End Of File ===========================

Share this post


Link to post
Share on other sites

For those who've might've skimmed / perused my post I have good news. Along with the help of a close friend we had managed to find a link that delved a little more deeply into how to get rid of this infection, and guess what, it wasn't a link for a program claiming it could get rid of it! /end sarcasm. I won't provide the link unless someone requests it. The main issue, I think, was deleting a few registry keys (identified by the site we found), and with the help of MBAM (finding the location of the actual infected files) to later phsyically delete under C:\ProgramData. Please do not assume that this will work for you, this is just food for thought that I felt like sharing, if you feel like poking around without actually altering anything before receving certified instructions via the forums.

Registry key removal suggestions removed

forget, being able to use regedit or task manager, I was running in Safe Mode, without network options. After deleting the bolded keys, a messed up .exe file in the ProgramData folder and running the unhide.exe provided on the forums (thank you kindly, totally worked better than what I pulled from Major Geeks) I restarted my computer as normal. No pop-ups, icons were still on the desktop, wallpaper did not return automatically though once startup had finished. I then proceeded to re-run my AV, anti-malware (MBAM, Ad-Aware, Spybot and ASC5) - Nothing popped up, even for MBAM so I took the next step of reconnecting to the internet (I had physically d/ced my computer from the internet, I do not know if getting infected like this would cause any problems, if you can launch a browser w/out the icon). Finally, updated everything and re-ran all the programs for the 2nd time and still nothing! And before I labeled it a great success, I went through the arduous task of resetting my security info on my accounts, passwords mainly but you get the idea. Nothing fishy has turned up.... yet, what little money I have in my bank is still there so I'm calling this a success.

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.