Virus and malware removal- unable to open .in website

Resolved
By Shilpabehere
Jan 29, 2012
Topic Status:
Not open for further replies.
  1. Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.28.05

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Admin :: ADMIN-PC [administrator]

    1/29/2012 1:06:02 AM
    mbam-log-2012-01-29 (01-06-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 157801
    Time elapsed: 2 minute(s), 55 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-29 12:22:47
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000057 WDC_WD50 rev.15.0
    Running: g5jq1vfi.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8284D579 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82871F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp emltdi.sys (Mail Protection Driver./Quick Heal Technologies (P) Ltd.)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Admin at 12:24:21 on 2012-01-29
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.2277 [GMT 5.5:30]
    .
    AV: Guardian 12.00 *Enabled/Updated* {7EEA7DF5-117F-E8EF-F91E-8C3E8C27E621}
    SP: Guardian 12.00 *Enabled/Updated* {C58B9C11-3745-E761-C3AE-B74CF7A0AC9C}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\PROGRA~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\PROGRA~1\QUICKH~1\GUARDI~1\opssvc.exe
    C:\PROGRA~1\QUICKH~1\GUARDI~1\quhlpsvc.exe
    C:\PROGRA~1\QUICKH~1\GUARDI~1\scanwscs.exe
    C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
    C:\PROGRA~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE
    C:\PROGRA~1\QUICKH~1\GUARDI~1\onlinent.exe
    C:\PROGRA~1\QUICKH~1\GUARDI~1\UPSCHD.EXE
    C:\PROGRA~1\QUICKH~1\GUARDI~1\scanmsg.exe
    C:\Users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\notepad.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: QHIEPro Class: {02d6b6b3-5d97-4ede-aac1-4d0be8fe9cd3} - c:\progra~1\quickh~1\guardi~1\qhiepro.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    uRun: [googletalk] c:\users\admin\appdata\roaming\google\google talk\googletalk.exe /autostart
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Quick Heal Core UI] c:\progra~1\quickh~1\guardi~1\strtupap.exe
    mRun: [hpfsched] c:\windows\hpfsched.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    TCP: DhcpNameServer = 109.74.196.50 109.74.196.50
    TCP: Interfaces\{90183383-34F0-44AA-BD0F-FC8714D4DA07} : DhcpNameServer = 109.74.196.50 109.74.196.50
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\zavkh523.default\
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2012-1-27 109304]
    R2 Core Mail Protection;Core Mail Protection;c:\progra~1\quickh~1\guardi~1\EMLPROXY.EXE [2012-1-27 30168]
    R2 Core Scanning Server;Core Scanning Server;c:\progra~1\quickh~1\guardi~1\SAPISSVC.EXE [2012-1-27 58744]
    R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2012-1-27 29304]
    R2 Online Protection System;Online Protection System;c:\progra~1\quickh~1\guardi~1\opssvc.exe [2012-1-27 19320]
    R2 Quick Update Service;Quick Update Service;c:\progra~1\quickh~1\guardi~1\quhlpsvc.exe [2012-1-27 58744]
    R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2012-1-27 2358656]
    S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2012-1-27 31808]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S4 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-1-27 46456]
    .
    =============== Created Last 30 ================
    .
    2012-01-28 19:32:26 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
    2012-01-28 19:32:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-01-28 19:32:20 -------- d-----w- c:\programdata\Malwarebytes
    2012-01-28 19:32:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-01-28 01:31:47 -------- d-----w- c:\windows\Panther
    2012-01-27 16:13:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-01-27 14:13:19 -------- d-----w- c:\users\admin\appdata\local\Mozilla
    2012-01-27 13:57:24 -------- d-----w- c:\program files\HP DeskJet 610C Series
    2012-01-27 13:03:46 31808 ----a-w- c:\windows\system32\drivers\mscank.sys
    2012-01-27 13:03:37 29304 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
    2012-01-27 13:03:26 109304 ----a-w- c:\windows\system32\drivers\catflt.sys
    2012-01-27 13:03:25 -------- d-----w- c:\program files\Quick Heal
    2012-01-27 13:02:16 -------- d-----w- c:\windows\system32\gprodat
    2012-01-27 13:02:11 46456 ----a-w- c:\windows\system32\drivers\ggc.sys
    2012-01-27 12:50:06 -------- d-----w- c:\users\admin\appdata\local\Adobe
    2012-01-27 12:47:33 -------- d-----w- c:\windows\PCHEALTH
    2012-01-27 12:45:36 -------- d-----w- c:\windows\system32\wbem\Performance
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 12:24:57.24 ===============
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I'll be glad to help you- but you need to tell me what the problem is first! I do not understand the subject.

    "Unable to open .in website.:> are you unable to launch the browser? Which browser?
    Are you unable to load a particular website? Which one? What happens?

    FYI: It does not appear that you have either a homepage or a search page set.
    =====================================
    There is another log from DDS> It is named Attach.txt. That's just the name> Please paste it in and don't zip it.
  3. Shilpabehere

    Shilpabehere Newcomer, in training Topic Starter

    Hi,

    I am trying to open Hotmail, Yahoo mail, Rediffmail or Bookmyshow website. None of them are getting open in either on Morzilla, IE or Chrome. It is giving some weird webpage.

    Whenever any .in site is open it give error as below
    'Firefox can't find the server at mail.live.com.' (For hotmail http://mail.live.com/default.aspx)

    Even Yahoo.com/Rediff.com is not opening up. Where as Facebook, Google, Gmail are working fine.

    Regards
    Shilpa
  4. Shilpabehere

    Shilpabehere Newcomer, in training Topic Starter

    Attach.txt


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/27/2012 6:11:38 PM
    System Uptime: 1/29/2012 10:43:00 AM (2 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | M4N68T-M-LE-V2
    Processor: AMD Phenom(tm) II X2 550 Processor | AM3 | 3100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 116 GiB total, 102.657 GiB free.
    D: is FIXED (NTFS) - 116 GiB total, 89.699 GiB free.
    E: is FIXED (NTFS) - 116 GiB total, 62.618 GiB free.
    F: is FIXED (NTFS) - 116 GiB total, 111.885 GiB free.
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: mscank
    Device ID: ROOT\LEGACY_MSCANK\0000
    Manufacturer:
    Name: mscank
    PNP Device ID: ROOT\LEGACY_MSCANK\0000
    Service: mscank
    .
    ==== System Restore Points ===================
    .
    RP2: 1/27/2012 6:15:56 PM - Installed Microsoft Office Professional Plus 2007
    RP3: 1/27/2012 6:20:38 PM - Installed Adobe Reader 9.
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader 9
    Google Talk (remove only)
    Guardian AntiVirus
    HP DeskJet 610C Series (Remove only)
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Plus 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Mozilla Firefox (3.6.10)
    Picasa 3
    TeamViewer 6
    VLC media player 0.9.4
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    1/27/2012 7:27:39 PM, Error: Service Control Manager [7000] - The HPFECP20 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================



    To correct the problem of viewing of website.. recently PC was formatted and upgraded to Window 2007 but no use!!
  5. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    =
    Logs in next reply please,===========================================
  6. Shilpabehere

    Shilpabehere Newcomer, in training Topic Starter

    Results of screen317's Security Check version 0.99.30
    Windows 7 x86 (UAC is disabled!)
    Internet Explorer 8 Out of date!
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Adobe Flash Player 10.3.183.11 Flash Player out of Date!
    Adobe Reader 9 Adobe Reader out of date!
    Mozilla Firefox (9.0.1)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Macy's Systems and Technology, Inc. (US)https://hr.macys.net/insite/common/logon.asp
    I am not familiar with this site. But clearly it is a secure site as shown by the https
    I would guess that your system isn't set correctly for the secure socket layers. Please read the information on this site about setting these:
    http://technet.microsoft.com/en-us/library/cc771438(WS.10).aspx
    ==================================
    Your problem isn't malware- it's the system settings.
  8. Shilpabehere

    Shilpabehere Newcomer, in training Topic Starter

    Hi,

    Problem got solve on itself ;)


    Thank you for your help and timely reply.

    Regards
    Shilpa
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    You're welcome. Thank you for the update.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.