Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Automatically Internet Explorer open and random pages are shown

Started by nikhilchitnis , Apr 03 2011 09:04 AM

  • This topic is locked This topic is locked

#1
nikhilchitnis
Posted 03 April 2011 - 09:04 AM

nikhilchitnis

    Member

  • Member
  • PipPip
  • 19 posts

Today suddenly my system started opening Internet Explorer at random interval and any random page was shown. I immediately ran MBAM and it listed some 10 infections. After cleaning them and restarting the system, the problem was still there. So I ram Avira to check virus. But no virus detected. After this I ran MBAM again and this time it listed Hijack.Zones as a affected registry entry. After cleaning I thought that the infection is cleaned but that was not the case. Internet Explorer keeps on opening random pages. And after running MBAM for multiple times, I am getting the same details mentioned above. Please help.
After this I ran OTL and the OTL log is as follows -

OTL logfile created on: 4/3/2011 7:57:36 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Niks\Utils\OTL - OldTimer's List-It
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,014.00 Mb Total Physical Memory | 310.00 Mb Available Physical Memory | 31.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 18.63 Gb Total Space | 6.71 Gb Free Space | 36.03% Space Free | Partition Type: NTFS
Drive D: | 18.61 Gb Total Space | 5.99 Gb Free Space | 32.17% Space Free | Partition Type: FAT32

Computer Name: MADS | User Name: compaq | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/03 19:54:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Niks\Utils\OTL - OldTimer's List-It\OTL.exe
PRC - [2011/04/03 14:23:58 | 000,163,328 | ---- | M] () -- C:\WINDOWS\Ngeqia.exe
PRC - [2011/03/30 20:33:38 | 002,918,576 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\DAP\DAP.exe
PRC - [2011/03/18 23:23:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/17 09:34:48 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/01 20:17:56 | 007,832,440 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer.exe
PRC - [2011/03/01 20:17:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2010/11/03 10:36:29 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/03 10:36:28 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/09/09 13:13:20 | 000,217,088 | ---- | M] (Teruten) -- C:\WINDOWS\system32\FsUsbExService.Exe
PRC - [2010/08/23 17:58:06 | 001,531,904 | ---- | M] (Nokia) -- C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/11/08 23:18:00 | 000,065,216 | ---- | M] (WordWeb Software) -- C:\Program Files\WordWeb\wweb32.exe
PRC - [2009/09/15 18:47:36 | 000,479,232 | ---- | M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/08/29 19:05:35 | 000,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 11:14:56 | 000,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [2002/12/19 00:42:26 | 000,110,592 | ---- | M] (Microsoft Corp.) -- C:\Program Files\WallpaperToy\Wallpapertoy.Exe


========== Modules (SafeList) ==========

MOD - [2011/04/03 19:54:02 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Niks\Utils\OTL - OldTimer's List-It\OTL.exe
MOD - [2008/04/14 05:42:52 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/03/17 09:34:48 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/03/01 20:17:56 | 002,296,696 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/12/08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/11/03 10:36:29 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/09 13:13:20 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\WINDOWS\system32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2011/03/17 09:35:02 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/11/23 10:20:09 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/09/09 13:13:20 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010/07/30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/07/30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/07/30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/07/30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/05/11 11:49:19 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2005/06/23 09:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/02/17 22:42:02 | 000,349,696 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6hal.sys -- (CAMCHALA)
DRV - [2005/02/17 22:41:18 | 000,038,016 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\camc6aud.sys -- (CAMCAUD)
DRV - [2004/12/14 22:18:34 | 000,207,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWICH.sys -- (HSFHWICH)
DRV - [2004/12/14 22:18:28 | 000,703,232 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/12/14 22:18:26 | 001,038,208 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/08/04 04:01:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.5.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.1.1
FF - prefs.js..keyword.URL: "http://in.search.yah...type=937811&p="

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 23:26:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/24 20:45:42 | 000,000,000 | ---D | M]

[2010/09/10 18:13:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\compaq\Application Data\Mozilla\Extensions
[2011/03/22 13:19:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\f2beyur6.default\extensions
[2011/01/09 16:35:00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\f2beyur6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/28 11:25:52 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Documents and Settings\compaq\Application Data\Mozilla\Firefox\Profiles\f2beyur6.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2011/04/03 10:18:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/09/11 12:27:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/11 14:38:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2011/03/30 20:33:49 | 000,000,000 | ---D | M] (Download Accelerator Plus (DAP) extension) -- C:\PROGRAM FILES\DAP\DAPFIREFOX
[2010/09/11 12:27:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/18 23:23:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/12/09 16:17:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
[2010/01/01 13:30:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2001/08/23 17:30:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Download Accelerator Plus Integration) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files\DAP\dapieloader.dll (SpeedBit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [NokiaMusic FastStart] C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe (Nokia)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [WordWeb] C:\Program Files\WordWeb\wweb32.exe (WordWeb Software)
O4 - HKCU..\Run: [DownloadAccelerator] C:\Program Files\DAP\DAP.EXE (SpeedBit Ltd.)
O4 - HKCU..\Run: [IKXGVMFZHI] C:\Documents and Settings\compaq\Local Settings\Temp\Nfh.exe ()
O4 - Startup: C:\Documents and Settings\compaq\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O4 - Startup: C:\Documents and Settings\compaq\Start Menu\Programs\Startup\Wallpaper Changer.lnk = C:\Program Files\WallpaperToy\Wallpapertoy.Exe (Microsoft Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
O15 - HKCU\..Trusted Domains: bankofindia.com ([starconnectcbs] https in Trusted sites)
O15 - HKCU\..Trusted Domains: infrasofttech.com ([tstar] https in Trusted sites)
O16 - DPF: {0F2AAAE3-7E9E-4B64-AB5D-1CA24C6ACB9C} https://mail.infraso....com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1284138058625 (MUWebControl Class)
O16 - DPF: {75AA409D-05F9-4F27-BD53-C7339D4B1D0A} https://mail.infraso....com/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.94.243.70 59.179.243.70
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/10 14:26:28 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 18:02:50 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\compaq\Recent
[2011/04/03 14:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nokia PC Suite
[2011/04/03 14:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2011/04/03 14:23:32 | 000,018,816 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\pccsmcfd.sys
[2011/04/03 14:23:22 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2011/04/03 14:22:16 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerfltj.sys
[2011/04/03 14:22:15 | 000,008,192 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\usbser_lowerflt.sys
[2011/04/03 14:22:14 | 000,023,040 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmbo.sys
[2011/04/03 14:22:13 | 000,018,048 | ---- | C] (Nokia) -- C:\WINDOWS\System32\drivers\ccdcmb.sys
[2011/04/03 11:55:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\compaq\Application Data\Topalt
[2011/04/03 11:54:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Topalt
[2011/04/03 11:54:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Topalt
[2011/04/03 11:54:49 | 000,000,000 | ---D | C] -- C:\Program Files\Topalt
[2011/04/03 10:44:46 | 000,604,160 | ---- | C] (Nokia) -- C:\WINDOWS\System32\nmwcdcocls.dll
[2011/04/03 10:44:45 | 000,111,104 | ---- | C] (Nokia) -- C:\WINDOWS\System32\ccdcmbwu.dll
[2011/04/03 10:33:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2011/04/03 10:31:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2011/04/03 10:31:28 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2011/03/30 20:33:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeedBit
[2011/03/27 16:58:20 | 000,000,000 | ---D | C] -- C:\Temp
[2011/03/25 21:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\YouTube Downloader
[2011/03/25 21:24:06 | 000,000,000 | ---D | C] -- C:\Program Files\YouTube Downloader
[2011/03/20 13:36:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\compaq\My Documents\SelfMV
[2011/03/20 13:35:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\compaq\Local Settings\Application Data\Samsung
[2011/03/20 13:33:27 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2011/03/20 13:30:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\compaq\Local Settings\Application Data\Downloaded Installations
[2011/03/19 13:12:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\compaq\Application Data\TeamViewer
[2011/03/19 13:11:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TeamViewer 6
[2011/03/19 13:11:45 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/03 19:59:36 | 003,932,214 | -H-- | M] () -- C:\WINDOWS\System32\toyhide.bmp
[2011/04/03 19:55:13 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 19:43:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/03 16:41:16 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/03 16:41:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/03 14:44:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{C55BA9E6-5EFB-4CD1-9AE6-765DD809AFA4}.job
[2011/04/03 14:25:37 | 000,001,763 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/04/03 14:23:58 | 000,163,328 | ---- | M] () -- C:\WINDOWS\Ngeqia.exe
[2011/04/03 10:52:52 | 000,268,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/03 10:47:15 | 000,001,880 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/04/03 10:47:15 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2011/04/03 10:42:07 | 000,465,198 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/03 10:42:07 | 000,079,002 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/03 09:12:55 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/01 21:17:05 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/30 20:33:42 | 000,084,480 | ---- | M] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/03/28 22:11:30 | 000,606,974 | ---- | M] () -- C:\Documents and Settings\compaq\Desktop\uidai.gov.in 2011-3-28 22-11-12.png
[2011/03/27 13:42:22 | 000,017,920 | ---- | M] () -- C:\Documents and Settings\compaq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/25 21:29:32 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/03/22 23:26:33 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/03/20 14:40:52 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/03/19 13:11:55 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/03/17 09:35:02 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/03 14:25:37 | 000,001,763 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia PC Suite.lnk
[2011/04/03 14:24:17 | 000,163,328 | ---- | C] () -- C:\WINDOWS\Ngeqia.exe
[2011/04/03 14:24:04 | 000,000,248 | -H-- | C] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/04/03 10:41:39 | 000,001,880 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nokia Ovi Player.lnk
[2011/04/03 10:41:39 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\compaq\Application Data\Microsoft\Internet Explorer\Quick Launch\Nokia Ovi Player.lnk
[2011/03/30 20:33:45 | 000,084,480 | ---- | C] () -- C:\WINDOWS\System32\EasyHook32.dll
[2011/03/28 22:11:27 | 000,606,974 | ---- | C] () -- C:\Documents and Settings\compaq\Desktop\uidai.gov.in 2011-3-28 22-11-12.png
[2011/03/25 21:24:09 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/03/22 23:26:33 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/19 13:11:55 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TeamViewer 6.lnk
[2011/02/13 16:26:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ViewNX.INI
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011/01/06 22:52:35 | 000,789,000 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/12/26 11:03:29 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDevice.Dll
[2010/12/26 11:03:29 | 000,036,640 | ---- | C] () -- C:\WINDOWS\System32\FsUsbExDisk.Sys
[2010/11/28 15:54:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Automator
[2010/11/28 15:54:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\compaq\Application Data\Audio Unit Effect
[2010/11/28 15:54:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/11/28 15:51:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Authentication
[2010/11/28 15:51:48 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\compaq\Application Data\Applications
[2010/11/28 15:51:48 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2010/09/12 16:02:37 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\compaq\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/10 19:45:25 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/09/10 19:43:59 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/09/10 18:13:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/10 14:30:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/09/10 14:22:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2005/10/14 15:26:50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 15:26:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 15:26:50 | 000,761,856 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 15:26:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 15:26:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 15:26:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 15:26:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 15:26:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 15:26:48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2005/10/14 15:26:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\MMAVILNG.exe
[2004/08/04 04:37:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 17:50:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 17:30:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 17:30:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 17:30:00 | 000,465,198 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 17:30:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 17:30:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 17:30:00 | 000,079,002 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 17:30:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 17:30:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 17:30:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 17:30:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2010/11/28 15:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/11/28 15:51:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Guitars
[2010/11/28 15:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hybrid Synthesizers
[2011/04/03 13:27:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2010/11/28 15:52:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2010/12/19 17:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2010/09/25 15:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2010/10/18 20:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaMusic
[2011/04/03 10:31:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OviInstallerCache
[2010/09/25 19:03:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/04/03 10:15:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2010/09/10 19:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
[2011/04/03 16:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/11/28 15:54:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2011/02/19 13:05:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\GetRightToGo
[2011/02/13 15:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Nikon
[2011/04/03 10:57:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Nokia
[2010/09/26 19:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Nokia Ovi Suite
[2011/01/01 21:39:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Notepad++
[2011/01/06 21:05:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Opera
[2011/04/03 15:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\PC Suite
[2011/04/03 10:15:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Samsung
[2011/03/19 13:12:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\TeamViewer
[2011/04/03 11:55:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Topalt
[2011/03/30 22:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\uTorrent
[2010/12/31 20:52:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Windows Desktop Search
[2011/01/02 10:43:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\compaq\Application Data\Windows Search
[2011/04/03 14:44:06 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{C55BA9E6-5EFB-4CD1-9AE6-765DD809AFA4}.job
[2011/04/03 19:55:13 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:553CA6CA
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B11E0DF

< End of report >
  • 0

Advertisements

#2
Cold Titanium
Posted 03 April 2011 - 11:50 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello nikhilchitnis and welcome to G2G!

My name is Cold Titanium :D , and I will be assisting you with your problem. I am still in training, so all my replies need to be checked by an expert first. So there may be a slight delay in between replies.

Please follow all of my instructions without skipping anything. Also, please refrain from experimenting around whilst I am helping you. At times some of the things I tell you to do may seem unnecessary and frustrating, but just stick to it and we'll get through :D

:D Note: Please save these instructions in a file or print them out, as the internet may not be available while we are fixing the system.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Let's get one other scan while I look over this log....



Step #1

  • Download GMER to your desktop
  • Right-Click and extract it to the desktop
  • Double-Click gmer.exe
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish. (Please be patient as it can take some time to complete)

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

After it finishes scanning
  • Click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it to your desktop

Post ark.txt in your next reply
  • 0

#3
nikhilchitnis
Posted 04 April 2011 - 02:22 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hello Cold Titanium. Thanks for the reply. As per your guidance and steps, I have downloaded GMER tool and tried running it as you have mentioned. As soon as double click on the executable, the system restarts. I tried running the executable for 4 to 5 types & same thing happened 4 to 5 times. I am not able ti generate the log you have asked for as the system restarts as soon as the executable is run.
Also there is one interesting thing. After the system got restarted, now I am getting a warning message which I have attached for your reference. I know and understand you have not asked for this but other than this I cannot attach anything and this may help. Please suggest.ExplorerErrorAtStartup.JPG
  • 0

#4
Cold Titanium
Posted 04 April 2011 - 03:41 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Hello,

Do you have TeamViewer installed on purpose?


Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
O4 - HKCU..\Run: [IKXGVMFZHI] C:\Documents and Settings\compaq\Local Settings\Temp\Nfh.exe ()
[2011/04/03 14:23:58 | 000,163,328 | ---- | M] () -- C:\WINDOWS\Ngeqia.exe
[2011/04/03 19:55:13 | 000,000,248 | -H-- | M] () -- C:\WINDOWS\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Step #2

  • Download aswMBR.exe ( 511KB ) to your desktop.
  • Double click the aswMBR.exe to run it
  • Click the "Scan" button to start the scan

  • Click the "Fix" button in case of infection

    Posted Image


  • Save the aswASW.log to the desktop

    Posted Image
  • Post the aswASW.log in your next post

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

I'd like to see OTL.txt and aswASW.log in your next reply...
  • 0

#5
nikhilchitnis
Posted 07 April 2011 - 05:36 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi,
Sorry I was little busy and away from system, hence was not able to reply you. I have completed the steps you suggested and attached the logs. Did not ran the fix in awsMBR as it did not show any red line. There is MBR.dat file created and since you have not asked for I am not attaching it. Let me know what should I do with this file. Also this time when I ran OTL, I saw that on my d drive _OTL folder got created. The structure of this _OTL folder is attached for your information.

Yes, the TeamViewer is used for connecting my home PC from other locations like office or other place may be. Do you see any problem there? Please let me know.
By the way, what timezone you are in? I mean I am from India (GMT +5.30) and if it is possible for me to reply to your posts when you are up & around then I will certainly do that. Hope you don't mind :D

Attached File  OTL.Txt   58.25KB   196 downloads

Attached File  aswMBR.txt   1.15KB   189 downloads

D_01.JPG

D_02.JPG

Thanks in advance
Niks

Edited by nikhilchitnis, 07 April 2011 - 05:43 AM.

  • 0

#6
Cold Titanium
Posted 07 April 2011 - 09:38 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
What problems are you currently having? Are the redirects still occurring?
  • 0

#7
nikhilchitnis
Posted 07 April 2011 - 10:36 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Since the last actions you asked to do, there are no redirects. As specially, IE did not opened automatically. But would certainly like to check it as in between my system was down. As per you, the things are fine now! I mean the infection is removed?
Thanks
Niks
  • 0

#8
Cold Titanium
Posted 07 April 2011 - 12:38 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
One last check...

Step #1


  • Re-open MalwareBytes and click the Update tab
  • Update it
  • Click the scanner Tab and perform a Full Scan
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#9
nikhilchitnis
Posted 08 April 2011 - 10:12 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi,
Following is MBAM log. Let me know what to do next -


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6312

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/8/2011 9:37:32 PM
mbam-log-2011-04-08 (21-37-32).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 185549
Time elapsed: 42 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Q8PS7ZCLN6 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by nikhilchitnis, 08 April 2011 - 10:13 AM.

  • 0

#10
Cold Titanium
Posted 08 April 2011 - 02:46 PM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Do a quick scan with MBAM please. I want to see if they keep getting re-created

Edited by Cold Titanium, 08 April 2011 - 03:09 PM.

  • 0

Advertisements

#11
nikhilchitnis
Posted 09 April 2011 - 12:39 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Have done the quick scan of MBAM and attached the file.
Let me know whether I have to do the full scan or any other thing.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6318

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/9/2011 12:05:29 PM
mbam-log-2011-04-09 (12-05-29).txt

Scan type: Quick scan
Objects scanned: 143585
Time elapsed: 6 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Attached File  mbam-log-2011-04-09 (12-05-29).txt   901bytes   160 downloads
  • 0

#12
Cold Titanium
Posted 09 April 2011 - 11:47 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
Excellent Job! :D The logs appear to be clean!

We now need to finish cleaning up



Step #1

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

:Commands
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS] 
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done



Please Re-Open OTL and click the Cleanup button to remove all the tools we used as well as OTL.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster - to help prevent spyware from installing in the first place.
  • SpywareGuard - to catch and block spyware before it can execute.
  • IESpy-Ad - to block access to malicious websites so you cannot be redirected to them from an infected site or email.
  • MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.
  • Google Toolbar - Get the free google toolbar to help stop pop up windows.
  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

And to help keep your system clean I recommend running one or two of these free malware scanners weekly


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Internet Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialize and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Use a different Internet Browser


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

It is also extremely important to keep your operating system up to date:

Turn on automatic updating
  • Click Start.
  • Select Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the internet.
  • Click Apply then OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Have a Backup Plan

Keep a backup of your important files - This article is full of good information on alternatives for home backup solutions.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

To learn more about how to protect yourself while on the internet read these articles:
Safe Computing! :D

~Cold Titanium :D
  • 0

#13
nikhilchitnis
Posted 10 April 2011 - 05:20 AM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Hi ColdTitanium,
Thanks for all the support you have extended. I have one question - Now that I have followed the instructions, should I remove Avira and install SuperAntiSpyware? or should I continue with both? Do let me know. :D

Edited by nikhilchitnis, 10 April 2011 - 05:20 AM.

  • 0

#14
Cold Titanium
Posted 10 April 2011 - 08:07 AM

Cold Titanium

    Trusted Helper

  • Malware Removal
  • 1,735 posts
You're very welcome!

I don't think it's necessary to have them both running. I'd remove SuperAntiSpyware and leave Avira running. Then I'd scan with MBAM maybe once a week.
  • 0

#15
nikhilchitnis
Posted 10 April 2011 - 10:21 PM

nikhilchitnis

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thanks! will have Avira updated along with MBAM :D
You can mark this post as closed as per G2G.
Thanks a ton once again :D

Edited by nikhilchitnis, 10 April 2011 - 10:23 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP