Infected by PUM.Hijack.taskManager (Registry Data)

stuck · March 4, 2012

Hi everyone, I've been infected with PUM.Hijack.TaskManager. I've tried to remove with MalwareBytes. It says that is is removed and successful, but when I restarted the laptop, it gives me a pop-up and disable my task manager...It seems that the PUM.Hijack.TaskManager has not get rid of it yet.

Thank you very much for your help

Here's my DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by shinyaku at 15:56:05 on 2012-03-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.4027.2543 [GMT -5:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\wininit.exe

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\windows\system32\nvvsvc.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\system32\ThpSrv.exe

C:\windows\system32\TODDSrv.exe

C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

C:\Program Files\TOSHIBA\TECO\TecoService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Opera\opera.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe

C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\svchost.exe -k SDRSVC

C:\windows\SysWOW64\cmd.exe

C:\windows\system32\conhost.exe

C:\windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uWindow Title = Presented by TOSHIBA Leading Innovation >>>

uDefault_Page_URL = hxxp://www.toshiba.ca/welcome

mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSCA&bmod=TSCA

uURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

StartupFolder: C:\Users\shinyaku\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JAG103~1.LNK - C:\Windows\System32\rundll32.exe

StartupFolder: C:\Users\shinyaku\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JAG186~1.LNK - C:\Windows\System32\rundll32.exe

StartupFolder: C:\Users\shinyaku\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\JAG574~1.LNK - C:\Windows\System32\rundll32.exe

uPolicies-system: DisableTaskMgr = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\452554E444E65647635323 : DhcpNameServer = 192.168.10.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\6416170255 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\C4964747C65635861627B6D27657563747 : DhcpNameServer = 24.200.241.37 24.201.245.77 24.200.243.189

TCP: Interfaces\{156D7AD6-9F00-4607-A884-1B508C09176F}\C696E6B6379737 : DhcpNameServer = 24.201.245.77 24.200.243.189 24.200.241.37

TCP: Interfaces\{D316E73B-430E-42A1-B495-7DCAB2257460} : DhcpNameServer = 192.168.1.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\SysWOW64\skype4com.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5825.1100\swg.dll

BHO-X64: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

BHO-X64: Google Dictionary Compression sdch - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

mRun-x64: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

mRun-x64: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

mRun-x64: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

mRun-x64: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

============= SERVICES / DRIVERS ===============

.

R0 BtHidBus;Bluetooth HID Bus Service;C:\windows\system32\Drivers\BtHidBus.sys --> C:\windows\system32\Drivers\BtHidBus.sys [?]

R0 Thpdrv;TOSHIBA HDD Protection Driver;C:\windows\system32\DRIVERS\thpdrv.sys --> C:\windows\system32\DRIVERS\thpdrv.sys [?]

R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\windows\system32\DRIVERS\Thpevm.SYS --> C:\windows\system32\DRIVERS\Thpevm.SYS [?]

R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]

R2 BsMobileCS;BsMobileCS;C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [2011-4-13 147563]

R2 cfWiMAXService;ConfigFree WiMAX Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-1-28 249200]

R2 ConfigFree Service;ConfigFree Service;C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-3-10 46448]

R2 cpuz135;cpuz135;\??\C:\windows\system32\drivers\cpuz135_x64.sys --> C:\windows\system32\drivers\cpuz135_x64.sys [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-9-10 1604200]

R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-4-6 258928]

R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-10 2320920]

R3 BTCOMBUS;Bluetooth Serial Port Bus Service;C:\windows\system32\Drivers\btcombus.sys --> C:\windows\system32\Drivers\btcombus.sys [?]

R3 btnetBUs;Bluetooth PAN Bus Service;C:\windows\system32\Drivers\btnetBus.sys --> C:\windows\system32\Drivers\btnetBus.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]

R3 IvtBtBUs;IVT Bluetooth Bus Service;C:\windows\system32\Drivers\IvtBtBus.sys --> C:\windows\system32\Drivers\IvtBtBus.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\windows\system32\drivers\nvhda64v.sys --> C:\windows\system32\drivers\nvhda64v.sys [?]

R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\windows\system32\DRIVERS\rtl8192se.sys --> C:\windows\system32\DRIVERS\rtl8192se.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys --> C:\windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 136176]

S3 acpials;ALS Sensor Filter;C:\windows\system32\DRIVERS\acpials.sys --> C:\windows\system32\DRIVERS\acpials.sys [?]

S3 BTCOM;Bluetooth Serial port driver;C:\windows\system32\DRIVERS\btcomport.sys --> C:\windows\system32\DRIVERS\btcomport.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-3 136176]

S3 JMCR;JMCR;C:\windows\system32\DRIVERS\jmcr.sys --> C:\windows\system32\DRIVERS\jmcr.sys [?]

S3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-9-10 51512]

S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-2-5 137560]

S3 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]

S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-03-04 20:23:08 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34811B4A-2340-4D18-BA2C-5BAA8F3E2510}\offreg.dll

2012-03-03 14:09:22 -------- d-----w- C:\ProgramData\Nexon

2012-03-03 13:22:34 -------- d-----w- C:\Users\shinyaku\AppData\Local\{B86B5D91-B97C-44D6-AA6B-580AA6666414}

2012-03-03 13:22:22 -------- d-----w- C:\Users\shinyaku\AppData\Local\{D2A642D2-CD3A-4B73-AE21-0E17A1346A99}

2012-03-03 02:31:33 -------- d-----w- C:\Nexon

2012-03-03 02:31:32 -------- d-----w- C:\ProgramData\NexonUS

2012-03-03 00:42:29 -------- d-----w- C:\Users\shinyaku\AppData\Local\PMB Files

2012-03-03 00:42:28 -------- d-----w- C:\ProgramData\PMB Files

2012-03-03 00:42:11 -------- d-----w- C:\Program Files (x86)\Pando Networks

2012-03-03 00:31:42 -------- d-----w- C:\Users\shinyaku\AppData\Local\{7434C8A8-E363-4405-935F-CBE59A805983}

2012-03-03 00:31:31 -------- d-----w- C:\Users\shinyaku\AppData\Local\{78AB2EB3-BD97-4647-B573-EF02BFF4C4C7}

2012-03-02 23:23:52 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{34811B4A-2340-4D18-BA2C-5BAA8F3E2510}\mpengine.dll

2012-02-28 02:50:16 -------- d-----w- C:\Users\shinyaku\AppData\Local\NFS Underground 2

2012-02-19 04:45:25 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\Xilisoft

2012-02-19 04:41:05 -------- d-----w- C:\ProgramData\Xilisoft

2012-02-19 04:41:05 -------- d-----w- C:\Program Files (x86)\Xilisoft

2012-02-19 04:21:11 -------- d-----w- C:\Users\shinyaku\AppData\Roaming\Xilisoft Corporation

2012-02-18 04:23:10 -------- d-----w- C:\Program Files (x86)\Paradox Interactive

2012-02-18 01:13:20 -------- d-----w- C:\Users\shinyaku\AppData\Local\{87CBB699-E02C-437E-A690-2B5AA5CDCCBB}

2012-02-18 01:12:57 -------- d-----w- C:\Users\shinyaku\AppData\Local\{794E914A-4BA1-4E3C-9A5B-4E0EF8AFBC0B}

2012-02-17 01:03:55 -------- d-----w- C:\Users\shinyaku\AppData\Local\{488243DC-22F5-4B93-AEC2-7BBE195C9BB7}

2012-02-17 01:03:32 -------- d-----w- C:\Users\shinyaku\AppData\Local\{CE261DBB-59E5-4F14-A773-8B69A301B7FE}

2012-02-15 23:41:13 509952 ----a-w- C:\windows\System32\ntshrui.dll

2012-02-15 23:41:12 442880 ----a-w- C:\windows\SysWow64\ntshrui.dll

2012-02-15 02:52:30 3145728 ----a-w- C:\windows\System32\win32k.sys

2012-02-15 02:37:55 690688 ----a-w- C:\windows\SysWow64\msvcrt.dll

2012-02-15 02:37:55 634880 ----a-w- C:\windows\System32\msvcrt.dll

2012-02-15 02:05:11 515584 ----a-w- C:\windows\System32\timedate.cpl

2012-02-15 02:05:11 478720 ----a-w- C:\windows\SysWow64\timedate.cpl

2012-02-15 01:57:38 498688 ----a-w- C:\windows\System32\drivers\afd.sys

2012-02-13 01:12:03 -------- d-----w- C:\Users\shinyaku\AppData\Local\{7291F65A-EB5C-4236-B8CE-A1C5E684EF23}

2012-02-13 01:11:41 -------- d-----w- C:\Users\shinyaku\AppData\Local\{C663A3CA-6F6B-486C-ABCB-7C75794D63CE}

2012-02-06 01:26:31 -------- d-----w- C:\Users\shinyaku\AppData\Local\{C04FE8D4-EAFA-4BAE-A316-74A14C8DE549}

2012-02-06 01:26:09 -------- d-----w- C:\Users\shinyaku\AppData\Local\{9371624C-D827-4FB1-AD9B-9506C38BA62C}

2012-02-05 21:06:17 -------- d-----w- C:\Program Files (x86)\3D-Fahrschule

2012-02-04 01:13:59 -------- d-----w- C:\Users\shinyaku\AppData\Local\{86E3A2B6-0DF6-482C-A197-27F6F9572632}

2012-02-04 01:13:48 -------- d-----w- C:\Users\shinyaku\AppData\Local\{DA2A71B8-4F19-4C09-B48B-2E1582183D58}

.

==================== Find3M ====================

.

2012-02-10 03:14:04 6074176 ----a-w- C:\windows\System32\nvcpl.dll

2012-02-10 03:14:01 3089728 ----a-w- C:\windows\System32\nvsvc64.dll

2012-02-10 03:07:03 2561856 ----a-w- C:\windows\System32\nvsvcr.dll

2012-02-10 03:07:00 889664 ----a-w- C:\windows\System32\nvvsvc.exe

2012-02-10 03:07:00 63296 ----a-w- C:\windows\System32\nvshext.dll

2012-02-10 03:07:00 118080 ----a-w- C:\windows\System32\nvmctray.dll

2012-01-29 10:10:42 279656 ------w- C:\windows\System32\MpSigStub.exe

2012-01-17 12:46:01 31040 ----a-w- C:\windows\System32\nvhdap64.dll

2012-01-17 12:45:56 188224 ----a-w- C:\windows\System32\drivers\nvhda64v.sys

2012-01-17 12:45:55 1451840 ----a-w- C:\windows\System32\nvhdagenco6420103.dll

2011-12-14 07:11:03 2308096 ----a-w- C:\windows\System32\jscript9.dll

2011-12-14 07:04:30 1390080 ----a-w- C:\windows\System32\wininet.dll

2011-12-14 07:03:38 1493504 ----a-w- C:\windows\System32\inetcpl.cpl

2011-12-14 06:57:28 2382848 ----a-w- C:\windows\System32\mshtml.tlb

2011-12-14 03:04:54 1798656 ----a-w- C:\windows\SysWow64\jscript9.dll

2011-12-14 02:57:18 1127424 ----a-w- C:\windows\SysWow64\wininet.dll

2011-12-14 02:56:58 1427456 ----a-w- C:\windows\SysWow64\inetcpl.cpl

2011-12-14 02:50:04 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb

2011-12-10 20:24:08 23152 ----a-w- C:\windows\System32\drivers\mbam.sys

.

============= FINISH: 15:56:53.91 ===============

Attach.txt

screen317 · April 21, 2012

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Maurice Naggar · May 13, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Sign In

Infected by PUM.Hijack.taskManager (Registry Data)

Recommended Posts

stuck

Link to post

Share on other sites

screen317

Link to post

Share on other sites

Maurice Naggar

Link to post

Share on other sites

Recently Browsing 0 members

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information