Jump to content

Infected with search redirect/pop up malware


Recommended Posts

I've ran multiple full scans of Trend Titanium AV, and Malware Bytes. At first I was infected with Win 7 Internet Security fake AV virus but that was easily removed. However after removing that I went to also download Malware Bytes as well and noticed that my search results were being redirected, after running a quick scan with Malware Bytes it detected 3 more infected files. After removing them, I still noticed the same symptons with my search results. Running a full scan has yeilded no results. After doing research I've come to suspect it is a rootkit manifestation and warily downloaded "UnHackMe" to fight that, It seems that every site, even CNET and the University of Minnesota, reccomended this program that looks like it was developed by a sleazy russian using a cheap rip off of google translate. The whole thing tried to diagnose my computer with a rootkit, but when I tried to remove it, it ran a seperate tool called reg run, and then said I HAD to purchase a Cdrom call 'Boot Warriors' to boot from my Cd drive and delete the infection that way. I don't trust programs when its obvious they weren't written by english speakers so there no way I'm gonna do that. Since then I have uninstalled UnHackMe, I have seen the search results not being redirect but I still recieve occasional pop ups.

Here is the DDS log

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26

Run by kasey.strube at 20:00:55 on 2011-12-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6143.3546 [GMT -6:00]

.

AV: Trend Micro Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}

SP: Trend Micro Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\FBAgent.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe

C:\Program Files\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe

C:\Windows\system32\dleacoms.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Blaze Media Pro\NMSAccess32.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowShell.exe

C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe

C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CNRpc.exe

C:\Program Files\ASUS\Turbo Gear\TurboGear.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Logitech\G35\G35.exe

C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

C:\Program Files (x86)\Update\realsched.exe

C:\Program Files (x86)\Xfire\Xfire.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe

C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Xfire\xfire64.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\kasey.strube\Documents\My Games\Pokemon Online\Pokemon-Online.exe

C:\Windows\system32\taskmgr.exe

C:\Windows\SysWOW64\ping.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uWindow Title = Internet Explorer, optimized for Bing and MSN

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

mWinlogon: Userinit=userinit.exe,

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Astroburn Toolbar: {efeed92a-a33d-4873-ba8f-32baa631e54d} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

mRun: [TkBellExe] "C:\Program Files (x86)\update\realsched.exe" -osboot

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\KASEY~1.STR\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Xfire.lnk - C:\Program Files (x86)\Xfire\Xfire.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: cinemanow.com

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.3.1.0.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{AB3978F9-77CA-465A-A4A2-78EB0B0AB489} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{AB3978F9-77CA-465A-A4A2-78EB0B0AB489}\641647479737 : DhcpNameServer = 192.168.137.1

TCP: Interfaces\{AB3978F9-77CA-465A-A4A2-78EB0B0AB489}\7555055726C69636 : DhcpNameServer = 10.30.0.220 10.30.0.221 10.30.0.222

TCP: Interfaces\{AB3978F9-77CA-465A-A4A2-78EB0B0AB489}\A424E4F5030303036333 : DhcpNameServer = 192.168.1.254

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

BHO-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

BHO-X64: Freecorder - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

BHO-X64: Conduit Engine - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\prxtbFre2.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: Astroburn Toolbar: {EFEED92A-A33D-4873-BA8F-32BAA631E54D} - C:\Program Files (x86)\Astroburn Toolbar\ABToolbar.dll

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe

mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe

mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe

mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe" /r

mRun-x64: [updReg] C:\Windows\UpdReg.EXE

mRun-x64: [Turbo Gear] "C:\Program Files\ASUS\Turbo Gear\TurboGear.exe" -r

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe

mRun-x64: [Razer Nostromo Driver] C:\Program Files (x86)\Razer\Nostromo\RazerNostromoSysTray.exe

mRun-x64: [TkBellExe] "C:\Program Files (x86)\update\realsched.exe" -osboot

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]

R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AFBAgent;AFBAgent;"C:\Windows\system32\FBAgent.exe" --> C:\Windows\system32\FBAgent.exe [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2009-10-3 14904]

R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2009-6-11 127352]

R2 dlea_device;dlea_device;C:\Windows\system32\dleacoms.exe -service --> C:\Windows\system32\dleacoms.exe -service [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-12-19 366152]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-3-30 2253120]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]

R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-8-19 2337144]

R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2009-10-3 72248]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rzjoystk;Razer VJoystick;C:\Windows\system32\DRIVERS\rzjoystk.sys --> C:\Windows\system32\DRIVERS\rzjoystk.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;system32\libusbd-nt.exe --> system32\libusbd-nt.exe [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-10-3 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-10-3 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-17 136176]

S3 LADF_DHP2;G35 DHP2 Filter Driver;C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys --> C:\Windows\system32\DRIVERS\ladfDHP2amd64.sys [?]

S3 LADF_SBVM;G35 SBVM Filter Driver;C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys --> C:\Windows\system32\DRIVERS\ladfSBVMamd64.sys [?]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 RzSynapse;Razer Driver;C:\Windows\system32\DRIVERS\RzSynapse.sys --> C:\Windows\system32\DRIVERS\RzSynapse.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VBoxUSB;VirtualBox USB;C:\Windows\system32\Drivers\VBoxUSB.sys --> C:\Windows\system32\Drivers\VBoxUSB.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2011-12-20 22:47:12 2 --shatr- C:\Windows\winstart.bat

2011-12-20 22:47:06 -------- d-----w- C:\Program Files (x86)\UnHackMe

2011-12-20 17:14:35 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{DA58C294-DE5A-437E-8684-487042890F01}

2011-12-20 17:14:29 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{31D0B9A3-EB33-440F-865C-5D71EFEF8590}

2011-12-20 06:38:09 -------- d-----w- C:\Program Files (x86)\Inno Setup 5

2011-12-20 03:36:44 -------- d-----w- C:\Users\kasey.strube\AppData\Roaming\Malwarebytes

2011-12-20 03:36:39 -------- d-----w- C:\ProgramData\Malwarebytes

2011-12-20 03:36:36 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-12-20 03:36:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-12-19 21:29:50 -------- d-----we C:\Windows\system64

2011-12-19 18:45:49 1798 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfss.bin

2011-12-19 18:45:14 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{0AF6F78E-80CC-4003-A10B-679E8BB4D54A}

2011-12-19 18:45:09 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{BD212411-C66E-4FBE-BABF-494687C782F0}

2011-12-18 18:57:53 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{14574C07-859F-49E9-87A1-E71E0C2F0476}

2011-12-18 18:57:48 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{EE872B8F-03FD-423E-8EB8-6E38745A5EAC}

2011-12-18 18:41:59 1798 ----a-w- C:\Windows\System32\drivers\etc\tmvsthfud.bin

2011-12-16 06:48:04 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{50EB07CB-973E-4D64-80C3-89CBD234560C}

2011-12-16 06:47:54 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{0371004A-D9F9-43DC-B043-E6E816F08635}

2011-12-15 05:48:42 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{2D0DE325-BB04-484A-9C18-677312A50CE2}

2011-12-15 05:48:39 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{28CBABDB-8662-4E6D-B009-57EBE6BDD118}

2011-12-15 04:39:42 42392 ----a-w- C:\Windows\SysWow64\xfcodec.dll

2011-12-15 04:39:42 28056 ----a-w- C:\Windows\System32\xfcodec64.dll

2011-12-14 09:46:25 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{A6E615CC-218F-48C7-958B-B3B9508B01A0}

2011-12-14 09:46:21 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{2AA49B75-83E6-497D-88ED-0D112AA8F100}

2011-12-14 04:48:40 -------- d-----w- C:\Program Files (x86)\Astroburn Toolbar

2011-12-14 04:48:38 -------- d-----w- C:\ProgramData\Astroburn Lite

2011-12-14 04:48:36 -------- d-----w- C:\Program Files (x86)\Astroburn Lite

2011-12-13 13:08:40 -------- d-----w- C:\Users\kasey.strube\VirtualBox VMs

2011-12-13 12:16:23 -------- d-----w- C:\Users\kasey.strube\.VirtualBox

2011-12-13 12:15:56 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2011-12-13 12:15:45 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2011-12-13 12:15:41 -------- d-----w- C:\Program Files\Oracle

2011-12-13 11:50:32 -------- d-s---w- C:\Windows\Media - Copy

2011-12-13 11:34:41 332288 ----a-w- C:\Windows\System32\uxtheme.dll.backup

2011-12-13 11:34:38 2851840 ----a-w- C:\Windows\System32\themeui.dll.backup

2011-12-13 11:34:36 44544 ----a-w- C:\Windows\System32\themeservice.dll.backup

2011-12-12 19:30:05 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{B9DB34AB-3EE1-494B-919F-8FF7D6B9C07D}

2011-12-12 19:29:46 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{520417E0-4A4A-4165-B46F-B065723F8534}

2011-12-12 05:06:48 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{87321D1C-BEA5-43E8-9838-CCDAC4472B56}

2011-12-12 05:06:34 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{D6332EDD-C9F8-4A84-A05C-BDC08599002E}

2011-12-10 06:59:58 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6C1ED019-E674-408B-A3A3-5FBB7ECA47CC}\mpengine.dll

2011-12-08 20:28:27 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{FA906BA0-04DD-42F7-B0FC-7868AEE423B2}

2011-12-08 20:28:24 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{3DDF78E9-0587-4677-B558-9E3C49853F0F}

2011-12-08 06:01:50 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{367A3DE6-4B53-406C-A6BE-9A92C34EFAC3}

2011-12-08 06:01:47 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{787307DD-7DDC-404B-AAA3-B42CD606AD2F}

2011-12-07 03:25:44 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{92C1C26A-231D-4396-9875-8E8527DF9A6F}

2011-12-07 03:25:40 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{1C200DED-8253-4462-979E-3BBED9376962}

2011-12-06 05:54:20 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{B6074F0A-2405-4F64-A555-6978D43C80BC}

2011-12-06 05:54:16 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{4AEBD744-D7FA-46EE-9822-228D7383BF10}

2011-12-05 07:09:11 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{D043F1B0-9F0C-4634-A5A9-7592451948A1}

2011-12-05 07:09:07 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{D09B3D74-01BA-4C18-8223-73ACA2E3711E}

2011-12-03 20:44:02 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{D5C4DE47-7130-4901-BBFD-49BB221B1712}

2011-12-03 20:43:59 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{24124152-DFD2-4B17-85C3-B894850869DD}

2011-12-03 04:59:25 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{434D7CFF-BC21-48E6-86AD-5A9E5BDBD3B8}

2011-12-03 04:59:22 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{C3174729-5E31-45A3-8689-8EB415793E52}

2011-12-02 07:01:59 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{B91D7A0C-C668-46C6-9A88-CDACBE4CFC8C}

2011-12-02 07:01:45 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{9E9B76F3-DDBA-48F9-85A5-DA8162E52854}

2011-12-01 19:01:19 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{FEFB7E62-9692-46A4-A3C1-9AE799C7B454}

2011-12-01 19:01:17 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{6AF77C31-3249-47AD-8FFA-561FE623DBA9}

2011-12-01 06:19:53 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{0C2D12B2-90DD-4F47-9359-FD5715A0CF53}

2011-12-01 06:19:50 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{86F5C69B-D7A9-4155-A6DF-178651FC93E3}

2011-11-28 21:20:31 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{6ABB3EB7-7D7D-4A61-892C-86E79DB91010}

2011-11-28 21:20:18 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{EDC2D21C-D982-4F1B-BDF4-9667C9105FDC}

2011-11-28 09:19:48 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{8128091A-4DFB-45C4-B966-023EE8EF8BB9}

2011-11-28 09:19:42 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{CB395E07-11A9-4724-BD47-DFBA1378B78B}

2011-11-28 07:34:13 -------- d-----w- C:\Users\kasey.strube\AppData\Local\TechSmith

2011-11-28 07:31:40 -------- d-----w- C:\Windows\SysWow64\QuickTime

2011-11-28 07:31:16 -------- d-----w- C:\Program Files (x86)\Common Files\TechSmith Shared

2011-11-28 06:54:05 49664 ----a-w- C:\Windows\System32\CamCodec.dll

2011-11-28 06:54:05 -------- d-----w- C:\Program Files (x86)\CamStudio 2.6b

2011-11-27 17:41:02 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{DCD4BC88-2A84-438E-BBB0-338C987E54F3}

2011-11-27 17:40:59 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{44FFD35F-B149-42B4-94F0-CAE45DBAC659}

2011-11-27 17:28:59 375416 ----a-w- C:\Program Files (x86)\realconverter.exe

2011-11-27 01:40:40 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{DA8D6C0E-CC33-49FF-B372-DB2F6B001E50}

2011-11-27 01:40:35 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{682285C2-76D1-496B-81B1-B4BF3F8E4F2D}

2011-11-23 21:56:38 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{FFE371A1-851D-4247-BB38-FD4A2DC5E364}

2011-11-23 21:56:32 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{C43965C1-ECED-476B-BB1E-44AEA7068D72}

2011-11-22 16:20:06 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{1BAB42D6-6AD0-4FBF-8D54-6083B4B6BC36}

2011-11-22 16:20:02 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{55E32B2E-145D-47E5-AACA-882B14009978}

2011-11-21 23:09:30 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{9D819CFA-859E-4105-B1A2-2F2F9B3E4860}

2011-11-21 23:09:26 -------- d-----w- C:\Users\kasey.strube\AppData\Local\{7ADBA98B-BE1A-4E61-80A2-143831CC5398}

.

==================== Find3M ====================

.

2011-12-15 09:10:42 202448 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2011-12-15 09:10:42 202448 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2011-12-14 08:11:15 271200 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2011-12-13 11:34:41 332288 ----a-w- C:\Windows\System32\uxtheme.dll

2011-12-13 11:34:38 2851840 ----a-w- C:\Windows\System32\themeui.dll

2011-12-13 11:34:36 44544 ----a-w- C:\Windows\System32\themeservice.dll

2011-12-01 11:05:06 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-11-27 17:28:59 349304 ----a-w- C:\Program Files (x86)\convert.exe

2011-11-04 18:37:00 165680 ----a-w- C:\Windows\System32\drivers\VBoxNetFlt.sys

2011-11-04 18:37:00 146736 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2011-11-04 18:37:00 117040 ----a-w- C:\Windows\System32\drivers\VBoxUSB.sys

2011-11-04 18:36:58 320816 ----a-w- C:\Windows\System32\VBoxNetFltNobj.dll

2011-10-07 01:25:20 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys

2011-09-22 17:29:58 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

2010-05-21 15:59:50 3095040 ----a-w- C:\Program Files (x86)\openofficeorg32.msi

2010-05-21 15:58:20 460088 ----a-w- C:\Program Files (x86)\setup.exe

.

============= FINISH: 20:01:49.41 ===============

I went ahead and removed this with Combofix, thought I was good, my computer worked great for a couple days. However I was infected again, this time with system fix. It hid all my files which was a pain to fix, but I got it done. However, svchost.exe running out of C:/Windows is a trojan and has some sort of delete protection that restores the file after deletions. I have about 100 copies in my MBAM quarentine, Recycle Bin,ect ect. MBAM can't remove, Combo Fix can't remove it, TDSS Killer can't remove it. It restores itself and any program that tries to deletee it or remove it is in vain as it always restores itself. Any help? I've even used command prompt to try to remove file protections on it before deleting it and running AM scans on it. Keeps coming back! HELP PLEASE!

Link to post
Share on other sites

  • 1 month later...

Hello ,

Would you advise if you have resolved your issues or if you have sought help elsewhere?

If not resolved and you are not already seeking help elsewhere, I'd like for you to rerun a new (fresh) DDS and Copy & Paste the DDS.txt into a new reply.

Anyone other than original-poster who has similar issues, do not reply here. Start your own topic.

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.