Resolved Virus and malware removal- unable to open .in website

Status
Not open for further replies.
S

Shilpabehere

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Database version: v2012.01.28.05

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Admin :: ADMIN-PC [administrator]

1/29/2012 1:06:02 AM
mbam-log-2012-01-29 (01-06-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 157801
Time elapsed: 2 minute(s), 55 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-01-29 12:22:47
Windows 6.1.7600 Harddisk0\DR0 -> \Device\00000057 WDC_WD50 rev.15.0
Running: g5jq1vfi.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 8284D579 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82871F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000040 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp emltdi.sys (Mail Protection Driver./Quick Heal Technologies (P) Ltd.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Admin at 12:24:21 on 2012-01-29
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2815.2277 [GMT 5.5:30]
.
AV: Guardian 12.00 *Enabled/Updated* {7EEA7DF5-117F-E8EF-F91E-8C3E8C27E621}
SP: Guardian 12.00 *Enabled/Updated* {C58B9C11-3745-E761-C3AE-B74CF7A0AC9C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\SAPISSVC.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\PROGRA~1\QUICKH~1\GUARDI~1\opssvc.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\quhlpsvc.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\scanwscs.exe
C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\EMLPROXY.EXE
C:\PROGRA~1\QUICKH~1\GUARDI~1\onlinent.exe
C:\PROGRA~1\QUICKH~1\GUARDI~1\UPSCHD.EXE
C:\PROGRA~1\QUICKH~1\GUARDI~1\scanmsg.exe
C:\Users\Admin\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
BHO: QHIEPro Class: {02d6b6b3-5d97-4ede-aac1-4d0be8fe9cd3} - c:\progra~1\quickh~1\guardi~1\qhiepro.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [googletalk] c:\users\admin\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Quick Heal Core UI] c:\progra~1\quickh~1\guardi~1\strtupap.exe
mRun: [hpfsched] c:\windows\hpfsched.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
TCP: DhcpNameServer = 109.74.196.50 109.74.196.50
TCP: Interfaces\{90183383-34F0-44AA-BD0F-FC8714D4DA07} : DhcpNameServer = 109.74.196.50 109.74.196.50
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\zavkh523.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
============= SERVICES / DRIVERS ===============
.
R2 catflt;catflt;c:\windows\system32\drivers\catflt.sys [2012-1-27 109304]
R2 Core Mail Protection;Core Mail Protection;c:\progra~1\quickh~1\guardi~1\EMLPROXY.EXE [2012-1-27 30168]
R2 Core Scanning Server;Core Scanning Server;c:\progra~1\quickh~1\guardi~1\SAPISSVC.EXE [2012-1-27 58744]
R2 EMLSS;EMLSS;c:\windows\system32\drivers\EMLTDI.SYS [2012-1-27 29304]
R2 Online Protection System;Online Protection System;c:\progra~1\quickh~1\guardi~1\opssvc.exe [2012-1-27 19320]
R2 Quick Update Service;Quick Update Service;c:\progra~1\quickh~1\guardi~1\quhlpsvc.exe [2012-1-27 58744]
R2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2012-1-27 2358656]
S0 mscank;mscank;c:\windows\system32\drivers\mscank.sys [2012-1-27 31808]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S4 ggc;ggc;c:\windows\system32\drivers\ggc.sys [2012-1-27 46456]
.
=============== Created Last 30 ================
.
2012-01-28 19:32:26 -------- d-----w- c:\users\admin\appdata\roaming\Malwarebytes
2012-01-28 19:32:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-01-28 19:32:20 -------- d-----w- c:\programdata\Malwarebytes
2012-01-28 19:32:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-01-28 01:31:47 -------- d-----w- c:\windows\Panther
2012-01-27 16:13:29 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-27 14:13:19 -------- d-----w- c:\users\admin\appdata\local\Mozilla
2012-01-27 13:57:24 -------- d-----w- c:\program files\HP DeskJet 610C Series
2012-01-27 13:03:46 31808 ----a-w- c:\windows\system32\drivers\mscank.sys
2012-01-27 13:03:37 29304 ----a-w- c:\windows\system32\drivers\EMLTDI.SYS
2012-01-27 13:03:26 109304 ----a-w- c:\windows\system32\drivers\catflt.sys
2012-01-27 13:03:25 -------- d-----w- c:\program files\Quick Heal
2012-01-27 13:02:16 -------- d-----w- c:\windows\system32\gprodat
2012-01-27 13:02:11 46456 ----a-w- c:\windows\system32\drivers\ggc.sys
2012-01-27 12:50:06 -------- d-----w- c:\users\admin\appdata\local\Adobe
2012-01-27 12:47:33 -------- d-----w- c:\windows\PCHEALTH
2012-01-27 12:45:36 -------- d-----w- c:\windows\system32\wbem\Performance
.
==================== Find3M ====================
.
.
============= FINISH: 12:24:57.24 ===============
 
Welcome to TechSpot! I'll be glad to help you- but you need to tell me what the problem is first! I do not understand the subject.

"Unable to open .in website.:> are you unable to launch the browser? Which browser?
Are you unable to load a particular website? Which one? What happens?

FYI: It does not appear that you have either a homepage or a search page set.
=====================================
There is another log from DDS> It is named Attach.txt. That's just the name> Please paste it in and don't zip it.
 
Hi,

I am trying to open Hotmail, Yahoo mail, Rediffmail or Bookmyshow website. None of them are getting open in either on Morzilla, IE or Chrome. It is giving some weird webpage.

Whenever any .in site is open it give error as below
'Firefox can't find the server at mail.live.com.' (For hotmail http://mail.live.com/default.aspx)

Even Yahoo.com/Rediff.com is not opening up. Where as Facebook, Google, Gmail are working fine.

Regards
Shilpa
 
Attach.txt


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/27/2012 6:11:38 PM
System Uptime: 1/29/2012 10:43:00 AM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M4N68T-M-LE-V2
Processor: AMD Phenom(tm) II X2 550 Processor | AM3 | 3100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 116 GiB total, 102.657 GiB free.
D: is FIXED (NTFS) - 116 GiB total, 89.699 GiB free.
E: is FIXED (NTFS) - 116 GiB total, 62.618 GiB free.
F: is FIXED (NTFS) - 116 GiB total, 111.885 GiB free.
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\ATK0110\1010110
Manufacturer:
Name:
PNP Device ID: ACPI\ATK0110\1010110
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: mscank
Device ID: ROOT\LEGACY_MSCANK\0000
Manufacturer:
Name: mscank
PNP Device ID: ROOT\LEGACY_MSCANK\0000
Service: mscank
.
==== System Restore Points ===================
.
RP2: 1/27/2012 6:15:56 PM - Installed Microsoft Office Professional Plus 2007
RP3: 1/27/2012 6:20:38 PM - Installed Adobe Reader 9.
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Reader 9
Google Talk (remove only)
Guardian AntiVirus
HP DeskJet 610C Series (Remove only)
Malwarebytes Anti-Malware version 1.60.0.1800
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Mozilla Firefox (3.6.10)
Picasa 3
TeamViewer 6
VLC media player 0.9.4
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
1/27/2012 7:27:39 PM, Error: Service Control Manager [7000] - The HPFECP20 service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================



To correct the problem of viewing of website.. recently PC was formatted and upgraded to Window 2007 but no use!!
 
Please run Download Security Check by screen317 and save to the desktop
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt please
  • Post the contents of that document.
=
Logs in next reply please,===========================================
 
Results of screen317's Security Check version 0.99.30
Windows 7 x86 (UAC is disabled!)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Adobe Flash Player 10.3.183.11 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (9.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````
 
Macy's Systems and Technology, Inc. (US)https://hr.macys.net/insite/common/logon.asp
IN-SITE DISCLOSURE STATEMENT

In-site permits you to access information about yourself, your pay records, and certain retirement, health and welfare benefits made available to you by Macy's, Inc., its subsidiaries, affiliates and/or operating units (the "Company").

By logging on to In-site, you represent that you are authorized to view such data. Access to In-site requires use of your associate identification number and a self-created password. Due to the confidential nature of records maintained on In-site, you are obligated to take all appropriate measures to safeguard your access information. The Company shall not be responsible for any breach of security caused by your failure to maintain the confidentiality of your access information. By logging on to In-site, you also agree to limit access to your personal use.

Any information disclosed through In-site, including benefit eligibility, coverage, or account information is provided for informational purposes only, and is not the official record of your information, which is governed by the formal Company policy, plan or program.

Benefits that are covered by the Employee Retirement Income Security Act (ERISA) are governed by the official plan document and a summary plan description that has been provided to you. Any inconsistencies between the information provided through In-site and those documents shall be governed by the terms of such documents.

Subject to applicable law and/or the terms of any collective bargaining agreement, the Company reserves to itself, pursuant to its sole and exclusive discretion, the right to change, amend or terminate its plans or benefit programs at any time.
Click to expand...

I am not familiar with this site. But clearly it is a secure site as shown by the https
I would guess that your system isn't set correctly for the secure socket layers. Please read the information on this site about setting these:
http://technet.microsoft.com/en-us/library/cc771438(WS.10).aspx
==================================
Your problem isn't malware- it's the system settings.
 
Status
Not open for further replies.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
NonTechyDad
Solved Malware removal for my son's pc
2
Replies
33
Views
5K
Broni
Broni
L
Solved Unknown spyware/ Monitoring/ Hijacking of my devices
Replies
15
Views
3K
Broni
Broni

Latest posts

Back