Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 MikieJ

MikieJ

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 24 September 2011 - 10:34 AM

Hello,

I posted the following in the "Am I Infected?" forum last week:

http://www.bleepingcomputer.com/forums/topic419312.html

I believe I am infected with the Google redirect virus. All search engines and internet browsers are infected.

I was told to post in this forum. Attached are my GMER and DDS logs.

I am unable to configure GMER to scan for things like processes, modules, etc. as those options are greyed out for me. The GMER log is scanned with services, registry and files checked.

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 29 September 2011 - 08:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please run the DDS tool. I need to see the DDS.txt log to suggest our next step of action.

Posted Image
Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop.

Please just paste the contents of the DDS.txt log in your next post.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 04 October 2011 - 10:22 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

#4 MikieJ

MikieJ
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:21 AM

Posted 05 October 2011 - 04:54 PM

Hello,

I apologize for the wait. Here is the contents of the log file:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.0.0
Run by Valued Customer at 20:42:46 on 2011-10-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4094.2197 [GMT -4:00]
.
AV: Panda Antivirus Pro 2012 *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Antivirus Pro 2012 *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\TPSrvWow.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Origin\Origin.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Adobe\Updater6\Adobe_Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\ProgramData\Battle.net\Agent\Agent.440\Agent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\TPSRVAUX.EXE
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {6678BE91-1E04-4A4A-9C32-63145EA79C2A} - hxxp://fifa-online.easports.com/fo3-theme/addons/EAFO3AXLauncher.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{E953848A-89E8-44B5-AA37-27622CC4AB8B} : DhcpNameServer = 137.107.2.150 137.107.3.150 137.107.2.1
TCP: Interfaces\{E9F65B26-1B8F-441C-9CFB-8DC0DD34CC03} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mRun-x64: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [APVXDWIN] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s
mRun-x64: [SCANINICIO] "C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\Inicio.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Valued Customer\AppData\Roaming\Mozilla\Firefox\Profiles\d3ltrb01.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre1.6.0_22\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony Online Entertainment\Station Launcher\npsoe.dll
FF - plugin: C:\Program Files (x86)\Sony Online Entertainment\Station Launcher\npsoeact.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Valued Customer\AppData\Local\Yahoo!\BrowserPlus\2.9.2\Plugins\npybrowserplus_2.9.2.dll
FF - plugin: C:\Users\Valued Customer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Valued Customer\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Users\Valued Customer\AppData\Roaming\Move Networks\plugins\npqmp071505000011.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;Panda boot driver;C:\Windows\system32\Drivers\pavboot64.sys --> C:\Windows\system32\Drivers\pavboot64.sys [?]
R1 ShldFlt;Panda File Shield Driver;C:\Windows\system32\DRIVERS\ShldFlt.sys --> C:\Windows\system32\DRIVERS\ShldFlt.sys [?]
R2 AmFSM;AmFSM;C:\Windows\system32\DRIVERS\amm6460.sys --> C:\Windows\system32\DRIVERS\amm6460.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Panda Software Controller;Panda Software Controller;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe [2011-9-17 173312]
R2 PAVFNSVR;Panda Function Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe [2011-9-17 202048]
R2 PavPrSrv;Panda Process Protection Service;C:\Program Files (x86)\Common Files\Panda Security\PavShld\PavPrSrv.exe [2011-9-17 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe [2011-9-17 314176]
R2 PskSvcRetail;Panda PSK service;C:\Program Files (x86)\Panda Security\Panda Antivirus Pro 2012\psksvc.exe [2011-9-17 28992]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-9-22 381248]
S2 8748;8748;"C:\ProgramData\COHServer.exe" --> C:\ProgramData\COHServer.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-30 2253120]
S3 MayPro;TigerGame SuperJoy Box Pro Filter Service;C:\Windows\System32\drivers\Maypro.sys [2009-11-15 11776]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-29 89920]
.
=============== File Associations ===============
.
JSEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=C:\PROGRA~2\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
=============== Created Last 30 ================
.
2011-10-03 22:20:01 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5778F137-71E4-4A24-96CE-159A0D166D04}\offreg.dll
2011-10-02 12:35:08 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\FLV Extract
2011-10-01 00:08:44 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2011-09-30 23:57:39 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2011-09-30 22:56:24 5067584 ----a-w- C:\Windows\System32\nvsvc64.dll
2011-09-30 22:56:24 137536 ----a-w- C:\Windows\System32\nvshext.dll
2011-09-30 22:56:22 1640768 ----a-w- C:\Windows\System32\nvvsvc.exe
2011-09-30 22:56:20 10406208 ----a-w- C:\Windows\System32\nvcpl.dll
2011-09-30 22:56:16 837952 ----a-w- C:\Windows\System32\easyupdatusapiu64.dll
2011-09-30 22:56:16 222528 ----a-w- C:\Windows\System32\nvmctray.dll
2011-09-30 22:53:14 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2011-09-30 22:37:00 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5778F137-71E4-4A24-96CE-159A0D166D04}\mpengine.dll
2011-09-27 12:00:23 8930624 ----a-w- C:\Windows\System32\nvwgf2umx.dll
2011-09-27 12:00:23 7183168 ----a-w- C:\Windows\SysWow64\nvwgf2um.dll
2011-09-27 12:00:22 1533248 ----a-w- C:\Windows\System32\nvdispco64.dll
2011-09-27 12:00:22 1454400 ----a-w- C:\Windows\System32\nvgenco64.dll
2011-09-27 12:00:21 2808640 ----a-w- C:\Windows\System32\nvapi64.dll
2011-09-27 12:00:21 2458432 ----a-w- C:\Windows\SysWow64\nvapi.dll
2011-09-27 12:00:21 15688512 ----a-w- C:\Windows\System32\nvd3dumx.dll
2011-09-27 11:50:03 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\Origin
2011-09-27 11:49:26 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Origin
2011-09-27 11:49:06 -------- d-----w- C:\ProgramData\Origin
2011-09-27 11:48:53 -------- d-----w- C:\Program Files (x86)\Origin Games
2011-09-27 11:48:22 -------- d-----w- C:\Program Files (x86)\Origin
2011-09-24 15:36:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-22 16:29:58 321856 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2011-09-21 00:42:29 -------- d-----w- C:\Program Files (x86)\Diablo III Beta
2011-09-17 21:20:09 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\.minecraft
2011-09-17 21:17:04 525544 ----a-w- C:\Windows\System32\deployJava1.dll
2011-09-17 13:44:42 -------- d-----w- C:\Windows\FltMgr
2011-09-17 13:43:44 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Panda Security
2011-09-17 13:43:15 -------- d-----w- C:\Riot Games
2011-09-17 13:30:13 30792 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2011-09-16 12:27:58 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-09-16 12:27:58 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-09-15 23:26:29 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-15 23:26:29 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-15 01:06:52 -------- d-----w- C:\Users\Valued Customer\AppData\Roaming\SUPERAntiSpyware.com
2011-09-15 01:06:33 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-09-15 01:06:33 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-09-07 23:22:14 -------- d-----w- C:\ProgramData\Battle.net
2011-09-05 14:19:47 -------- d-----w- C:\Users\Valued Customer\AppData\Local\Activision
.
==================== Find3M ====================
.
2011-10-01 00:31:49 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-01 00:31:49 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-01 00:10:09 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2011-09-30 23:57:11 75136 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2011-09-27 11:51:51 544656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-06 02:47:01 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2011-09-05 14:12:37 682280 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-11 13:45:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-07-11 13:25:35 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-07-06 15:49:23 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2009-11-02 23:53:43 887852354 ----a-w- C:\Program Files (x86)\CombatArmsSetupV31.exe
.
============= FINISH: 21:05:35.66 ===============

#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 09 October 2011 - 08:05 AM

It's my time to apologize for the wait. For some reasons I just now saw your post.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs and let me know if the problem persists.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,243 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:21 AM

Posted 13 October 2011 - 07:16 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users