Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirects, blank pages


  • This topic is locked This topic is locked
4 replies to this topic

#1 Colombani

Colombani

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 12 December 2010 - 06:48 PM

hi,

I am having a problem that has been frustrating me for days. I get redirects and popups randomly, and blank pages for some specific sites which should work alright.The redirects generally but not always redirects to hxxp://67.210.14.254/after.php?type="sites address" or google analytics and sometimes just blank pages. I am using eset nod 32 (updated), it doesnt find any virus. I have tried most of the anti spyware software (hitman pro, adaware, spy doctor, anti-malware, cccleaner...) deleted everything they could find but no help. I resetted my modem/router, that also didnt help. My hosts file looks fine, i did all flush dns vs. stuff. Other computers using the wireless network with me works fine. But none of the browsers on the infected computer works fine. but if edit the hosts file with the correct ips of the sites that i can not reach, then i can reach them but random pop-ups continue. Also some of the antispyware software wont update. I have also ran combofix and can copy the log immidiately if requested. Thanks.



DDS (Ver_10-12-12.02) - NTFSx86
Run by KRAL at 1:55:44.48 on 13-Dec-10
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1033.18.3583.1743 [GMT 2:00]

AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\ANIWConnService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\DllHost.exe
C:\Windows\explorer.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\KRAL\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
D:\uTorrent Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: LastPass Browser Helper Object: {95d9ecf5-2a4d-4550-be49-70d42f71296e} - c:\program files\lastpass\LPBar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Creative Detector] "c:\program files\creative\mediasource\detector\CTDetect.exe" /R
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Sony Ericsson PC Companion] "c:\program files\sony ericsson\sony ericsson pc companion\PCCompanion.exe" /Background
uRun: [RocketDock] "c:\program files\rocketdock\RocketDock.exe"
uRun: [Google Update] "c:\users\kral\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [CTDVDDET] "c:\program files\creative\dvdaudio\CTDVDDET.EXE"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [CTHelper] CTHELPER.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
StartupFolder: c:\users\kral\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\kral\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\kral\appdata\roaming\micros~1\windows\startm~1\programs\startup\rainme~1.lnk - c:\program files\rainmeter\Rainmeter.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ultramon.lnk - c:\windows\installer\{b49673f8-7ab6-4a14-8213-c8a7be370010}\IcoUltraMon.ico
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: LastPass - file://c:\program files\lastpass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\program files\lastpass\context.html?cmd=fillforms
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {A99C8F70-4D5B-482c-8854-05BC0BB8B182} - c:\gnuf\poker\MPPoker.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe

================= FIREFOX ===================

FF - ProfilePath - c:\users\kral\appdata\roaming\mozilla\firefox\profiles\y66qis56.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\users\kral\appdata\roaming\mozilla\firefox\profiles\y66qis56.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\kral\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

============= SERVICES / DRIVERS ===============

R1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\drivers\anodlwf.sys [2010-12-12 12800]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe [2010-12-12 151552]
R2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\s.a.d\cyberghost vpn\CGVPNCliService.exe [2010-6-12 2404488]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\drivers\epfwwfpr.sys [2009-2-6 92800]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-12-12 363344]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2008-11-14 17184]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
R3 bomebus;Bome's Virtual MIDI Port Bus Service;c:\windows\system32\drivers\bomebus.sys [2010-11-15 27720]
R3 bomemidi;Bome's Virtual MIDI Port;c:\windows\system32\drivers\bomemidi.sys [2010-11-15 24136]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\drivers\LEqdUsb.sys [2009-6-17 40720]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\drivers\LHidEqd.sys [2009-6-17 10384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-12-12 20952]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [2010-11-6 27632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2010-6-24 28256]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.sys [2010-3-18 99416]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-10-5 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-10-5 79360]
S3 Creative Dolby Digital Live Pack Licensing Service;Creative Dolby Digital Live Pack Licensing Service;c:\program files\common files\creative labs shared\service\DDLLicensing.exe [2009-7-29 79360]
S3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.sys [2010-3-18 555096]
S3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.sys [2010-3-18 100952]
S3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.sys [2010-3-18 566360]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2010-11-6 13224]
S3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\drivers\Dnetr28u.sys [2010-12-12 750592]
S3 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\sony ericsson\sony ericsson pc companion\PCCService.exe [2010-8-30 155344]
S3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [2006-10-1 26624]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-14 14336]
S3 WatAdminSvc;WatAdminSvc;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-30 1343400]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-4-16 11520]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-9-28 315392]

=============== Created Last 30 ================

2010-12-12 23:50:29 -------- d-----w- c:\users\kral\appdata\roaming\SUPERAntiSpyware.com
2010-12-12 23:50:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-12-12 23:22:28 -------- d-sh--w- C:\$RECYCLE.BIN
2010-12-12 23:05:25 98816 ----a-w- c:\windows\sed.exe
2010-12-12 23:05:25 89088 ----a-w- c:\windows\MBR.exe
2010-12-12 23:05:25 256512 ----a-w- c:\windows\PEV.exe
2010-12-12 23:05:25 161792 ----a-w- c:\windows\SWREG.exe
2010-12-12 22:28:13 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-12-12 22:27:03 -------- d-----w- c:\progra~2\Hitman Pro
2010-12-12 12:37:10 151552 ----a-w- c:\windows\system32\ANIWConnService.exe
2010-12-12 12:37:00 720896 ----a-w- c:\windows\system32\ANIWZCS2.dll
2010-12-12 12:37:00 49152 ----a-w- c:\windows\system32\AQCKGen.dll
2010-12-12 12:37:00 45115 ----a-w- c:\windows\system32\ANICtl.dll
2010-12-12 12:37:00 270336 ----a-w- c:\windows\system32\wnicapi.dll
2010-12-12 12:37:00 258048 ----a-w- c:\windows\system32\wlanapp.dll
2010-12-12 12:37:00 217088 ----a-w- c:\windows\system32\aIPH.dll
2010-12-12 12:36:59 1327189 ----a-w- c:\windows\system32\odSupp_M.dll
2010-12-12 12:36:37 315392 ----a-w- c:\windows\system32\ANIOApi.dll
2010-12-12 12:36:37 -------- d-----w- c:\program files\ANI
2010-12-12 12:33:04 733184 ----a-w- c:\windows\system32\ANIOWPS.dll
2010-12-12 12:33:04 237568 ----a-w- c:\windows\system32\ANIWPS.exe
2010-12-12 12:33:04 204800 ----a-w- c:\windows\system32\ssleay32.dll
2010-12-12 12:33:04 1110016 ----a-w- c:\windows\system32\libeay32.dll
2010-12-12 12:30:33 12800 ----a-w- c:\windows\system32\drivers\anodlwf.sys
2010-12-12 12:30:32 750592 ----a-w- c:\windows\system32\drivers\Dnetr28u.sys
2010-12-12 12:30:32 221184 ----a-w- c:\windows\system32\RaCoInst.dll
2010-12-12 12:30:31 -------- d-----w- c:\program files\D-Link
2010-12-12 09:53:34 -------- d-----w- c:\program files\CCleaner
2010-12-11 22:35:20 -------- d-----w- c:\users\kral\appdata\roaming\Malwarebytes
2010-12-11 22:35:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-11 22:35:08 -------- d-----w- c:\progra~2\Malwarebytes
2010-12-11 22:35:04 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-11 22:35:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-11 13:19:34 -------- d-----w- c:\program files\Western Digital
2010-12-10 20:25:03 -------- d-----w- c:\program files\Linksys
2010-12-10 20:04:29 -------- d-----w- c:\progra~2\Pure Networks
2010-11-25 15:21:36 -------- d-----w- c:\users\kral\appdata\local\mdnslib
2010-11-24 07:35:45 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-11-18 21:42:10 -------- d-----w- c:\program files\Binverse
2010-11-17 13:58:32 -------- d-----w- c:\users\kral\appdata\local\Jaksta_Pty_Ltd
2010-11-17 13:56:11 -------- d-----w- c:\users\kral\appdata\roaming\Replay Media Catcher 4
2010-11-17 13:55:54 -------- d-----w- c:\program files\Applian Technologies
2010-11-16 13:25:18 -------- d-----w- c:\users\kral\appdata\roaming\hexler
2010-11-16 10:15:33 -------- d-----w- c:\users\kral\appdata\roaming\HD Tune Pro
2010-11-15 23:07:25 -------- d-----w- c:\program files\HD Tune Pro
2010-11-15 22:33:22 -------- d-----w- c:\users\kral\appdata\roaming\ProgSense
2010-11-15 22:33:20 -------- d-----w- c:\users\kral\appdata\roaming\GrabPro
2010-11-15 22:33:20 -------- d-----w- C:\downloads
2010-11-15 22:33:17 -------- d-----w- c:\program files\Orbitdownloader
2010-11-15 22:18:37 -------- d-----w- c:\windows\Replay Video Capture
2010-11-14 22:45:29 -------- d-----w- c:\users\kral\appdata\roaming\Cycling '74
2010-11-14 22:31:58 -------- d-----w- c:\program files\Griid
2010-11-14 22:31:57 189760 ----a-w- c:\windows\system32\bmidilib.dll
2010-11-14 22:30:54 27720 ----a-w- c:\windows\system32\drivers\bomebus.sys
2010-11-14 22:30:54 24136 ----a-w- c:\windows\system32\drivers\bomemidi.sys
2010-11-14 22:30:54 -------- d-----w- c:\program files\Bome's Virtual MIDI Port for Griid
2010-11-14 22:01:39 -------- d-----w- c:\progra~2\Ableton
2010-11-14 22:01:38 -------- d-----w- c:\users\kral\appdata\roaming\Ableton
2010-11-14 22:00:22 368640 ----a-w- c:\windows\system32\ReWire.dll
2010-11-14 22:00:22 233472 ----a-w- c:\windows\system32\REX Shared Library.dll
2010-11-14 21:56:06 -------- d-----w- c:\program files\Ableton

==================== Find3M ====================

2010-10-05 12:53:19 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 12:53:19 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-28 13:44:52 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-09-15 02:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-08-02 08:51:44 7995080 ----a-w- c:\program files\common files\lpuninstall.exe

============= FINISH: 1:56:40.67 ===============
Attached File  Attach.txt   13.58KB   0 downloads

Attached Files

  • Attached File  ark.log   36.62KB   1 downloads

Edited by snemelk, 21 December 2010 - 02:35 PM.
disable a live link...


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:17 PM

Posted 21 December 2010 - 02:40 PM

Hi Colombani, and welcome to Bleeping Computer.

Please attach your ComboFix logfile (can be found here: C:\ComboFix.txt) to your next reply...

Afterwards,
Delete your current copy of ComboFix (just delete a file from your Desktop), and download a new version from any of the links below (to your Desktop):

Link 1
Link 2

Run ComboFix as instructed in the guide: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Post the log from ComboFix when you've accomplished that.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 Colombani

Colombani
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 21 December 2010 - 03:05 PM

Thanks for your reply. I have already solved the problem. but i have some questions in mind though.
I changed my router ( i had resetted the old one several times, and that didnt solve my problem) after i started using my new router problem disappeared. Strange thing is that while i was using the old router the only computer seemed infected was mine, the other two computers using the same router were working fine. What do you think may be the cause?

Edited by Colombani, 21 December 2010 - 03:05 PM.


#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:17 PM

Posted 21 December 2010 - 06:31 PM

Hi again Colombani!!.. :)

I changed my router ( i had resetted the old one several times, and that didnt solve my problem) after i started using my new router problem disappeared.

Glad to see the problem appears resolved!!.. The problem with some routers is that they may be hard to reset to their factory default settings... Some have to be turned off before doing a reset or you have to hit the reset button for more than 30 seconds...

Strange thing is that while i was using the old router the only computer seemed infected was mine, the other two computers using the same router were working fine. What do you think may be the cause?

Yes, usually, a hijacked router affects all computers on the network... I'm not good at networking and I can only guess that others computers had/have different settings in place, like static DNS servers' addresses set maybe...

I'd like to see a fresh DDS logfile, please post that in your reply... :)
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:10:17 PM

Posted 09 January 2011 - 05:52 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users