Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error during login and logoff - gmail


  • This topic is locked This topic is locked
18 replies to this topic

#1 imanimesh

imanimesh

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 17 January 2009 - 02:42 AM

Hello Everyone,
Stumbled upon this site by chance,am new to the world of internet security.
I have Norton installed on my laptop.

I am getting the following error message everytime I try to login to gmail.This appears after I have submitted the login id and password and pressed login button.
The page - www.google.com/rns/b-search/c-/?start=0&country=uk&meta= - does not exist.

When I type gmail.com in the url bar of the same window,i am able to login.
I think my laptop has been infected.

I get the same error message from gmail when I try to logout.
Please help!!

I have scanned my laptop using norton full scan as well as using yahoo spyware ful scan,neither have solved the problem.

Edited by imanimesh, 17 January 2009 - 03:29 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 17 January 2009 - 04:30 AM

Hi,

We can give it a try. :thumbsup:

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on Download_mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Quick Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

#3 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 18 January 2009 - 04:31 AM

Hi Superbird,
Many thanks for your reply.

I have used malwarebytes and ran the quick scan as well we the full scan.
It did seem to remove Trojan DNS Changers, but my problem still persists.

In fact I ma not able to login to gmail, since after entering user id and password,I am now directed to a different site alltoigether.

The same is happening with auto redirects,I keep getting redirected to pages I dont want every time I click on any search result link.

Please help!!

Regards

#4 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 05:05 AM

Hi,

Could you please give me the requested logfile of MBAM? :thumbsup:
You can find it in the program under tab "Logs".

#5 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 18 January 2009 - 05:40 AM

Hello Superbird,

I managed to remove the infected folders using malware removal options(as mentioned before,doesnt help still,unfortunately) and am pasting the log file content below:

Malwarebytes' Anti-Malware 1.33
Database version: 1664
Windows 5.1.2600 Service Pack 3

18/01/2009 10:06:31
mbam-log-2009-01-18 (10-06-11).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128056
Time elapsed: 36 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 12
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\videoplay (Trojan.DNSChanger) -> No action taken.
HKEY_CLASSES_ROOT\videoplay (Trojan.DNSChanger) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{05d14e5a-f2a6-4691-b0fc-5d41db3a7ff1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{57f3ffea-8c9d-4531-94a2-b95818205ce5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{91d294c4-4a00-4346-ba72-6c5ecaf245a8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a17a53a1-543c-4bf4-acfe-dd8ac351ea82}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{05d14e5a-f2a6-4691-b0fc-5d41db3a7ff1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{57f3ffea-8c9d-4531-94a2-b95818205ce5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{91d294c4-4a00-4346-ba72-6c5ecaf245a8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a17a53a1-543c-4bf4-acfe-dd8ac351ea82}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{05d14e5a-f2a6-4691-b0fc-5d41db3a7ff1}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{57f3ffea-8c9d-4531-94a2-b95818205ce5}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{91d294c4-4a00-4346-ba72-6c5ecaf245a8}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a17a53a1-543c-4bf4-acfe-dd8ac351ea82}\NameServer (Trojan.DNSChanger) -> Data: 85.255.116.30,85.255.112.144 -> No action taken.

Folders Infected:
C:\Program Files\videoplay (Trojan.DNSChanger) -> No action taken.

Files Infected:
C:\Program Files\videoplay\Uninstall.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\gaopdxpwawlabt.dll (Trojan.DNSChanger) -> No action taken.


Regards

#6 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 05:42 AM

Hi,

Please do a new full scan and let MBAm delete everything. Post the new logfile in your next reply. :thumbsup:

#7 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 18 January 2009 - 06:40 AM

Hi Superbird,

I did a full scan and let MBAM do the removal(did the same in my last scan as well).

Here are the logs attached for the latest scan:


Malwarebytes' Anti-Malware 1.33
Database version: 1665
Windows 5.1.2600 Service Pack 3

18/01/2009 11:34:23
mbam-log-2009-01-18 (11-34-23).txt

Scan type: Full Scan (C:\|)
Objects scanned: 128017
Time elapsed: 34 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

I am still having the same redirection issue and wondering what else can be done :thumbsup:
Please help!!

#8 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 06:44 AM

Please use the Internet Explorer browser (or FireFox with IETab), and do an online scan with Kaspersky Online Scanner

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Yes, when prompted to install its ActiveX component.
(Note.. for Internet Explorer 7 users: If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)
The program launches and downloads the latest definition files.
  • Once the files are downloaded click on Next
  • Click on Scan Settings and configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:Scan Archives
      Scan Mail Bases
  • Click OK and, under select a target to scan, select My Computer
When the scan is done, in the Scan is completed window (below), any infection is displayed.
There is no option to clean/disinfect, however, we need to analyze the information on the report.
Posted Image
Posted Image
To obtain the report:
Click on: Save Report As (above - red blinking arrow)
Next, in the Save as prompt, Save in area, select: Desktop
In the File name area, use KScan, or something similar
In Save as type, click the drop arrow and select: Text file [*.txt]
Then, click: Save
Please post the Kaspersky Online Scanner Report in your reply.

#9 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 18 January 2009 - 09:38 AM

I am having the following issues running the kapersky scan:

---------------------------
Windows Internet Explorer
---------------------------
Update has failed. Program has failed to start. Close the Kaspersky Online Scanner 7.0 window and open it again to install the program.
You must be online to update the Kaspersky Online Scanner 7 database. With the latest database updates, you can find new viruses and other threats. Please go online to use Kaspersky Online Scanner 7. [ERROR: Failed to connect to update source]
---------------------------
OK
---------------------------


I have disabled the norton antivirus suite installed on my laptop.

Not sure how to manage the scan now,any ideas please?

#10 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 09:46 AM

Hi,

have you already tried it again? :thumbsup:

#11 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 18 January 2009 - 09:53 AM

Hi Superbird,
yes,tried multiple times,keeps giving me the same error.
thought if the program has been installed then i will remove it before retrying,but cannot find this program in add/remove programs page in control panel.
so,the program is apparently not installed on the laptop and the database is failing to download.

#12 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 10:38 AM

Hi,

Then we try an alternative. :thumbsup:

Download this file: zoek.exe
Start the tool. A logfile will open after a while.
Post the contents of the logfile in your next reply.

#13 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  
  • Local time:01:15 PM

Posted 18 January 2009 - 10:57 AM

Hi Superbird,

Here is the log file:

======C:\WINDOWS====
----a-w 0 2009-01-18 10:09:02 C:\WINDOWS\0.log
--s-a-w 2,048 2009-01-18 10:08:47 C:\WINDOWS\bootstat.dat
----a-w 373 2009-01-03 08:06:52 C:\WINDOWS\cmsetacl.log
----a-w 265,604 2009-01-14 05:58:31 C:\WINDOWS\comsetup.log
----a-w 8,998 2009-01-02 13:58:21 C:\WINDOWS\DPINST.LOG
----a-w 867 2009-01-03 08:16:27 C:\WINDOWS\DtcInstall.log
----a-w 44,267 2009-01-14 05:58:31 C:\WINDOWS\ehOCGen.log
----a-w 784,426 2009-01-14 05:58:31 C:\WINDOWS\FaxSetup.log
----a-w 3,927 2009-01-02 18:09:27 C:\WINDOWS\hpbvnstp.his
----a-w 1,432 2009-01-02 18:09:27 C:\WINDOWS\hpbvnstp.ini
----a-w 940 2009-01-02 18:09:41 C:\WINDOWS\hpbvspst.his
----a-w 560 2009-01-02 18:09:41 C:\WINDOWS\hpbvspst.ini
----a-w 53,631 2009-01-02 18:19:29 C:\WINDOWS\hppins02.dat
----a-w 9,956 2009-01-03 08:59:28 C:\WINDOWS\IDNMitigationAPIs.log
----a-w 35,932 2009-01-03 09:01:24 C:\WINDOWS\ie7.log
----a-w 33,660 2009-01-03 09:02:52 C:\WINDOWS\ie7_main.log
----a-w 869,226 2009-01-14 05:58:31 C:\WINDOWS\iis6.log
----a-w 1,374 2009-01-14 05:58:25 C:\WINDOWS\imsins.BAK
----a-w 1,374 2009-01-14 05:58:31 C:\WINDOWS\imsins.log
----a-w 9,027 2009-01-03 07:41:47 C:\WINDOWS\KB892130.log
----a-w 8,318 2009-01-02 16:09:22 C:\WINDOWS\KB898461.log
----a-w 3,179 2009-01-03 08:58:17 C:\WINDOWS\KB915865.log
----a-w 36,509 2009-01-03 09:09:24 C:\WINDOWS\KB923689.log
----a-w 12,331 2009-01-03 09:43:49 C:\WINDOWS\KB925766.log
----a-w 9,110 2009-01-03 09:58:16 C:\WINDOWS\KB929399.log
----a-w 45,582 2009-01-03 09:57:53 C:\WINDOWS\KB936782.log
----a-w 6,972 2009-01-03 09:32:32 C:\WINDOWS\KB938127-v2-IE7.log
----a-w 33,650 2009-01-03 09:11:20 C:\WINDOWS\KB938464.log
----a-w 8,820 2009-01-03 09:57:24 C:\WINDOWS\KB939683.log
----a-w 22,305 2009-01-03 09:56:56 C:\WINDOWS\KB941569.log
----a-w 8,429 2009-01-03 09:47:35 C:\WINDOWS\KB943729.log
----a-w 5,128 2009-01-02 16:18:50 C:\WINDOWS\KB944338-v2.log
----a-w 34,947 2009-01-03 09:10:24 C:\WINDOWS\KB946648.log
----a-w 31,830 2009-01-03 09:08:47 C:\WINDOWS\KB950762.log
----a-w 49,909 2009-01-03 09:10:37 C:\WINDOWS\KB950974.log
----a-w 33,846 2009-01-03 09:10:18 C:\WINDOWS\KB951066.log
----a-w 32,484 2009-01-03 09:09:30 C:\WINDOWS\KB951376-v2.log
----a-w 46,871 2009-01-03 09:09:37 C:\WINDOWS\KB951698.log
----a-w 13,884 2009-01-14 05:58:25 C:\WINDOWS\KB951748.log
----a-w 43,545 2009-01-03 09:09:47 C:\WINDOWS\KB951978.log
----a-w 52,132 2009-01-03 09:58:26 C:\WINDOWS\KB952069.log
----a-w 36,229 2009-01-03 09:10:44 C:\WINDOWS\KB952287.log
----a-w 47,542 2009-01-03 09:10:31 C:\WINDOWS\KB952954.log
----a-w 4,163 2009-01-03 09:58:21 C:\WINDOWS\KB954154.log
----a-w 37,794 2009-01-03 09:17:55 C:\WINDOWS\KB954211.log
----a-w 47,872 2009-01-03 09:19:52 C:\WINDOWS\KB954459.log
----a-w 38,816 2009-01-03 09:21:44 C:\WINDOWS\KB954600.log
----a-w 38,705 2009-01-03 09:19:37 C:\WINDOWS\KB955069.log
----a-w 65,853 2009-01-03 09:22:02 C:\WINDOWS\KB955839.log
----a-w 48,496 2009-01-03 09:02:12 C:\WINDOWS\KB956390-IE7.log
----a-w 37,179 2009-01-03 09:18:04 C:\WINDOWS\KB956391.log
----a-w 51,734 2009-01-03 09:21:51 C:\WINDOWS\KB956802.log
----a-w 37,692 2009-01-03 09:18:10 C:\WINDOWS\KB956803.log
----a-w 39,034 2009-01-03 09:18:23 C:\WINDOWS\KB956841.log
----a-w 37,690 2009-01-03 09:18:30 C:\WINDOWS\KB957095.log
----a-w 39,211 2009-01-03 09:19:59 C:\WINDOWS\KB957097.log
----a-w 46,607 2009-01-03 09:02:48 C:\WINDOWS\KB958215-IE7.log
----a-w 20,690 2009-01-03 09:21:54 C:\WINDOWS\KB958215.log
----a-w 38,200 2009-01-03 09:18:39 C:\WINDOWS\KB958644.log
----a-w 8,055 2009-01-14 05:58:31 C:\WINDOWS\KB958687.log
----a-w 7,949 2009-01-03 09:33:01 C:\WINDOWS\KB960714-IE7.log
----a-w 19,599 2009-01-03 09:23:24 C:\WINDOWS\KB960714.log
----a-w 35,198 2009-01-02 15:53:54 C:\WINDOWS\LUINSTALL.LOG
----a-w 2,826 2009-01-03 09:52:47 C:\WINDOWS\medblker.Log
----a-w 136,267 2009-01-14 05:58:31 C:\WINDOWS\MedCtrOC.log
----a-w 6,682 2009-01-03 09:46:28 C:\WINDOWS\MSCompPackV1.log
----a-w 39,340 2009-01-14 05:58:31 C:\WINDOWS\msgsocm.log
----a-w 244,646 2009-01-14 05:58:30 C:\WINDOWS\msmqinst.log
----a-w 315,150 2009-01-03 09:19:45 C:\WINDOWS\msxml4-KB954430-enu.LOG
----a-w 150,881 2009-01-14 05:58:31 C:\WINDOWS\netfxocm.log
----a-w 9,005 2009-01-03 08:58:59 C:\WINDOWS\NLSDownlevelMapping.log
----a-w 159,156 2009-01-14 05:58:31 C:\WINDOWS\ntdtcsetup.log
----a-w 381,021 2009-01-14 05:58:31 C:\WINDOWS\ocgen.log
----a-w 42,428 2009-01-14 05:58:31 C:\WINDOWS\ocmsn.log
----a-w 3,593 2009-01-18 09:19:35 C:\WINDOWS\OEWABLog.txt
----a-w 90,111 2009-01-14 05:58:31 C:\WINDOWS\plusoc.log
----a-w 2,282 2009-01-02 13:49:43 C:\WINDOWS\regopt.log
----a-w 25,788 2009-01-18 10:07:48 C:\WINDOWS\SchedLgU.Txt
----a-w 4,798 2009-01-03 08:06:39 C:\WINDOWS\sessmgr.setup.log
----a-w 356,040 2009-01-03 10:00:45 C:\WINDOWS\setupact.log
----a-w 143,908 2009-01-18 07:59:58 C:\WINDOWS\setupapi.log
----a-w 1,027,502 2009-01-03 09:44:46 C:\WINDOWS\setupapi.log.0.old
----a-w 1,202,684 2009-01-16 00:05:12 C:\WINDOWS\setuplog.txt
----a-w 55,527 2009-01-03 10:02:44 C:\WINDOWS\spupdsvc.log
----a-w 187 2009-01-03 08:16:12 C:\WINDOWS\spupdsvc.log.1.log
----a-w 546,965 2009-01-03 08:09:50 C:\WINDOWS\svcpack.log
----a-w 40,325 2009-01-14 05:58:31 C:\WINDOWS\tabletoc.log
----a-w 365,820 2009-01-14 05:58:31 C:\WINDOWS\tsoc.log
----a-w 175,715 2009-01-14 05:58:18 C:\WINDOWS\updspapi.log
----a-w 159 2009-01-18 10:08:59 C:\WINDOWS\wiadebug.log
----a-w 50 2009-01-18 10:08:58 C:\WINDOWS\wiaservc.log
----a-w 507 2009-01-03 09:46:07 C:\WINDOWS\win.ini
----a-w 1,485,795 2009-01-18 15:02:39 C:\WINDOWS\WindowsUpdate.log
----a-w 303 2009-01-02 16:25:08 C:\WINDOWS\wininit.ini
----a-w 31,269 2009-01-03 09:45:13 C:\WINDOWS\WMFDist11.log
----a-w 21,042 2009-01-03 09:46:18 C:\WINDOWS\wmp11.log
----a-w 53,997 2009-01-18 09:19:35 C:\WINDOWS\wmsetup.log
----a-w 2,475 2009-01-03 09:46:18 C:\WINDOWS\wmsetup10.log
----a-w 316,640 2009-01-03 08:16:19 C:\WINDOWS\WMSysPr9.prx
----a-w 13,212 2009-01-03 09:44:21 C:\WINDOWS\Wudf01000Inst.log

Entries: 100 (99)
Directories: 0 Files: 100
Bytes: 10,905,807 Blocks: 21,350
======C:\WINDOWS\system32=====
----a-w 420 2009-01-02 13:55:57 C:\WINDOWS\System32\$winnt$.inf
----a-w 124,928 2008-10-16 20:38:34 C:\WINDOWS\System32\advpack.dll
----a-w 16,832 2009-01-03 09:46:15 C:\WINDOWS\System32\amcompat.tlb
----a-w 92,696 2008-10-16 14:09:44 C:\WINDOWS\System32\cdm.dll
----a-w 410,984 2009-01-18 14:07:00 C:\WINDOWS\System32\deploytk.dll
----a-w 684,032 2008-11-06 16:33:52 C:\WINDOWS\System32\DivX.dll
----a-w 729,088 2008-11-06 16:33:44 C:\WINDOWS\System32\divxdec.ax
----a-w 352,401 2008-11-06 16:33:44 C:\WINDOWS\System32\DivXMedia.ax
----a-w 524,288 2008-11-06 16:37:36 C:\WINDOWS\System32\DivXsm.exe
----a-w 4,816 2008-11-06 16:37:36 C:\WINDOWS\System32\divxsm.tlb
----a-w 12,288 2008-11-06 16:33:02 C:\WINDOWS\System32\DivXWMPExtType.dll
----a-w 823,296 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx07.dll
----a-w 815,104 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx0a.dll
----a-w 823,296 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx0c.dll
----a-w 802,816 2008-11-06 16:33:54 C:\WINDOWS\System32\divx_xx11.dll
----a-w 86,016 2008-12-11 00:33:26 C:\WINDOWS\System32\dpl100.dll
----a-w 416 2008-11-06 16:34:00 C:\WINDOWS\System32\dpl100.dll.manifest
----a-w 294,912 2008-12-09 02:28:52 C:\WINDOWS\System32\dpu11.dll
----a-w 593,920 2008-12-09 02:28:52 C:\WINDOWS\System32\dpuGUI11.dll
----a-w 344,064 2008-12-09 02:28:52 C:\WINDOWS\System32\dpus11.dll
----a-w 57,344 2008-12-09 02:28:52 C:\WINDOWS\System32\dpv11.dll
----a-w 200,704 2008-12-11 00:33:26 C:\WINDOWS\System32\dtu100.dll
----a-w 416 2008-11-06 16:34:00 C:\WINDOWS\System32\dtu100.dll.manifest
----a-w 347,136 2008-10-16 20:38:34 C:\WINDOWS\System32\dxtmsft.dll
----a-w 214,528 2008-10-16 20:38:34 C:\WINDOWS\System32\dxtrans.dll
------w 133,120 2008-10-16 20:38:35 C:\WINDOWS\System32\extmgr.dll
---ha-w 56 2009-01-11 09:25:21 C:\WINDOWS\System32\ezsidmv.dat
----a-w 266,208 2009-01-03 09:25:59 C:\WINDOWS\System32\FNTCACHE.DAT
----a-w 286,720 2008-10-23 12:36:14 C:\WINDOWS\System32\gdi32.dll
----a-w 63,488 2008-10-16 20:38:35 C:\WINDOWS\System32\icardie.dll
------w 70,656 2008-10-16 13:11:09 C:\WINDOWS\System32\ie4uinit.exe
------w 153,088 2008-10-16 20:38:35 C:\WINDOWS\System32\ieakeng.dll
------w 230,400 2008-10-16 20:38:35 C:\WINDOWS\System32\ieaksie.dll
------w 161,792 2008-10-15 07:04:53 C:\WINDOWS\System32\ieakui.dll
----a-w 383,488 2008-10-16 20:38:35 C:\WINDOWS\System32\ieapfltr.dll
------w 384,512 2008-10-16 20:38:35 C:\WINDOWS\System32\iedkcs32.dll
----a-w 6,066,176 2008-10-16 20:38:37 C:\WINDOWS\System32\ieframe.dll
------w 44,544 2008-10-16 20:38:37 C:\WINDOWS\System32\iernonce.dll
----a-w 267,776 2008-10-16 20:38:37 C:\WINDOWS\System32\iertutil.dll
----a-w 13,824 2008-10-16 13:11:09 C:\WINDOWS\System32\ieudinit.exe
------w 1,831,424 2008-10-16 20:38:37 C:\WINDOWS\System32\inetcpl.cpl
----a-w 144,792 2009-01-18 14:07:00 C:\WINDOWS\System32\java.exe
----a-w 73,728 2009-01-18 14:07:00 C:\WINDOWS\System32\javacpl.cpl
----a-w 144,792 2009-01-18 14:07:00 C:\WINDOWS\System32\javaw.exe
----a-w 148,888 2009-01-18 14:07:00 C:\WINDOWS\System32\javaws.exe
------w 27,648 2008-10-16 20:38:37 C:\WINDOWS\System32\jsproxy.dll
----a-w 1,044,480 2008-11-06 16:35:00 C:\WINDOWS\System32\libdivx.dll
----a-w 20,853,704 2009-01-10 01:35:28 C:\WINDOWS\System32\MRT.exe
----a-w 459,264 2008-10-16 20:38:37 C:\WINDOWS\System32\msfeeds.dll
----a-w 52,224 2008-10-16 20:38:37 C:\WINDOWS\System32\msfeedsbs.dll
----a-w 3,593,216 2008-12-13 06:40:02 C:\WINDOWS\System32\mshtml.dll
----a-w 477,696 2008-10-16 20:38:38 C:\WINDOWS\System32\mshtmled.dll
----a-w 301 2009-01-02 18:12:43 C:\WINDOWS\System32\msiexec.log
------w 193,024 2008-10-16 20:38:38 C:\WINDOWS\System32\msrating.dll
----a-w 671,232 2008-10-16 20:38:39 C:\WINDOWS\System32\mstime.dll
----a-w 1,106,944 2008-09-04 17:15:04 C:\WINDOWS\System32\msxml3.dll
----a-w 1,286,152 2008-09-30 16:43:34 C:\WINDOWS\System32\msxml4.dll
----a-w 1,307,648 2008-09-10 01:14:56 C:\WINDOWS\System32\msxml6.dll
----a-w 268,648 2008-10-16 14:06:48 C:\WINDOWS\System32\mucltui.dll
----a-w 27,496 2008-10-16 14:06:48 C:\WINDOWS\System32\mucltui.dll.mui
----a-w 208,744 2008-10-16 14:07:48 C:\WINDOWS\System32\muweb.dll
----a-w 337,408 2008-10-15 16:34:24 C:\WINDOWS\System32\netapi32.dll
----a-w 23,392 2009-01-03 09:46:15 C:\WINDOWS\System32\nscompat.tlb
------w 102,912 2008-10-16 20:38:39 C:\WINDOWS\System32\occache.dll
----a-w 63,862 2009-01-03 09:16:28 C:\WINDOWS\System32\perfc009.dat
----a-w 406,662 2009-01-03 09:16:28 C:\WINDOWS\System32\perfh009.dat
----a-w 458,016 2009-01-03 09:16:28 C:\WINDOWS\System32\PerfStringBackup.INI
----a-w 44,544 2008-10-16 20:38:39 C:\WINDOWS\System32\pngfilt.dll
------w 551,672 2008-11-06 16:37:28 C:\WINDOWS\System32\Px.dll
------w 129,784 2008-11-06 16:37:28 C:\WINDOWS\System32\pxafs.dll
------w 66,296 2008-11-06 16:37:28 C:\WINDOWS\System32\pxcpya64.exe
------w 120,056 2008-11-06 16:37:28 C:\WINDOWS\System32\pxcpyi64.exe
------w 518,904 2008-11-06 16:37:28 C:\WINDOWS\System32\pxdrv.dll
------w 72,440 2008-11-06 16:37:30 C:\WINDOWS\System32\pxhpinst.exe
------w 64,760 2008-11-06 16:37:28 C:\WINDOWS\System32\pxinsa64.exe
------w 118,520 2008-11-06 16:37:28 C:\WINDOWS\System32\pxinsi64.exe
------w 187,128 2008-11-06 16:37:30 C:\WINDOWS\System32\PxMas.dll
------w 1,628,920 2008-11-06 16:37:28 C:\WINDOWS\System32\pxsfs.dll
------w 379,640 2008-11-06 16:37:28 C:\WINDOWS\System32\PxWave.dll
----a-w 3,596,288 2008-11-06 16:37:32 C:\WINDOWS\System32\qt-dx331.dll
----a-w 308 2009-01-02 13:59:11 C:\WINDOWS\System32\results.txt
----a-w 35 2009-01-02 18:09:27 C:\WINDOWS\System32\services.log
----a-w 90 2009-01-03 08:16:11 C:\WINDOWS\System32\spupdwxp.log
----a-w 200,704 2008-11-06 16:35:00 C:\WINDOWS\System32\ssldivx.dll
----a-w 247,326 2008-10-03 10:02:42 C:\WINDOWS\System32\strmdll.dll
------w 62,976 2008-10-23 10:06:59 C:\WINDOWS\System32\tzchange.exe
----a-w 211,102 2009-01-03 09:21:58 C:\WINDOWS\System32\TZLog.log
----a-w 105,984 2008-10-16 20:38:39 C:\WINDOWS\System32\url.dll
----a-w 1,160,192 2008-10-16 20:38:39 C:\WINDOWS\System32\urlmon.dll
----a-w 1,585,664 2008-11-06 16:37:46 C:\WINDOWS\System32\VC80CRTRedist.msi
------w 88,824 2008-11-06 16:37:28 C:\WINDOWS\System32\VXBLOCK.dll
----a-w 233,472 2008-10-16 20:38:39 C:\WINDOWS\System32\webcheck.dll
----a-w 1,846,400 2008-09-15 12:12:56 C:\WINDOWS\System32\win32k.sys
----a-w 826,368 2008-10-16 20:38:40 C:\WINDOWS\System32\wininet.dll
----a-w 1,158 2009-01-04 19:35:51 C:\WINDOWS\System32\wpa.dbl
----a-w 561,688 2008-10-16 14:12:20 C:\WINDOWS\System32\wuapi.dll
----a-w 23,576 2008-10-16 14:07:44 C:\WINDOWS\System32\wuapi.dll.mui
----a-w 51,224 2008-10-16 14:09:44 C:\WINDOWS\System32\wuauclt.exe
----a-w 213,528 2008-10-16 14:12:20 C:\WINDOWS\System32\wuaucpl.cpl
----a-w 23,576 2008-10-16 14:07:46 C:\WINDOWS\System32\wuaucpl.cpl.mui
----a-w 1,809,944 2008-10-16 14:13:40 C:\WINDOWS\System32\wuaueng.dll
----a-w 18,456 2008-10-16 14:07:14 C:\WINDOWS\System32\wuaueng.dll.mui
----a-w 323,608 2008-10-16 14:12:22 C:\WINDOWS\System32\wucltui.dll
----a-w 31,768 2008-10-16 14:09:40 C:\WINDOWS\System32\wucltui.dll.mui
----a-w 34,328 2008-10-16 14:08:58 C:\WINDOWS\System32\wups.dll
----a-w 43,544 2008-10-16 14:09:44 C:\WINDOWS\System32\wups2.dll
----a-w 202,776 2008-10-16 14:13:40 C:\WINDOWS\System32\wuweb.dll

Entries: 107 (106)
Directories: 0 Files: 107
Bytes: 69,584,457 Blocks: 135,939
======C:\WINDOWS\system32\drivers=====
----a-w 21,419 2009-01-02 13:59:07 C:\WINDOWS\System32\drivers\AegisP.sys
------w 9,336 2008-11-06 16:37:28 C:\WINDOWS\System32\drivers\cdr4_xp.sys
------w 9,464 2008-11-06 16:37:30 C:\WINDOWS\System32\drivers\cdralw2k.sys
----a-w 15,504 2009-01-14 16:11:28 C:\WINDOWS\System32\drivers\mbam.sys
----a-w 38,496 2009-01-14 16:11:32 C:\WINDOWS\System32\drivers\mbamswissarmy.sys
----a-w 455,296 2008-10-24 11:21:09 C:\WINDOWS\System32\drivers\mrxsmb.sys
------w 43,528 2008-11-06 16:37:28 C:\WINDOWS\System32\drivers\pxhelp20.sys
----a-w 333,952 2008-12-11 10:57:09 C:\WINDOWS\System32\drivers\srv.sys
--sha-r 0 2009-01-02 13:58:15 C:\WINDOWS\System32\drivers\TOSHIBA_EQUIUM A100_04604-AV_PSAABE-00800.MRK

Entries: 9 (8)
Directories: 0 Files: 9
Bytes: 926,995 Blocks: 1,816
======C:\WINDOWS\Tasks======
----a-w 546 2009-01-10 05:51:44 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Ekta.job
----a-w 258 2009-01-02 13:55:50 C:\WINDOWS\Tasks\Registration reminder 3.job
---ha-w 6 2009-01-18 10:08:56 C:\WINDOWS\Tasks\SA.DAT

Entries: 3 (2)
Directories: 0 Files: 3
Bytes: 810 Blocks: 4
=======C:\Program Files=====
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
=======C:=====
--sha-r 209 2009-01-02 13:55:51 C:\boot.ini
--sha-w 1,063,309,312 2009-01-18 10:08:43 C:\hiberfil.sys
--sha-r 250,048 2009-01-03 07:59:55 C:\ntldr
--sha-w 1,598,029,824 2009-01-18 10:08:42 C:\pagefile.sys

Entries: 4 (0)
Directories: 0 Files: 4
Bytes: 2,661,589,393 Blocks: 5,198,418
======C:\Documents and Settings\Ekta\Application Data======
Entries: 0 (0)
Directories: 0 Files: 0
Bytes: 0 Blocks: 0
======C:\Documents and Settings\Ekta======
---ha-w 3,407,872 2009-01-18 10:50:05 C:\Documents and Settings\Ekta\NTUSER.DAT
---ha-w 491,520 2009-01-18 15:55:38 C:\Documents and Settings\Ekta\ntuser.dat.LOG
--sh--w 178 2009-01-18 10:50:05 C:\Documents and Settings\Ekta\ntuser.ini

Entries: 3 (0)
Directories: 0 Files: 3
Bytes: 3,899,570 Blocks: 7,617
======C:\WINDOWS\Downloaded Program Files====
----a-w 295 2008-10-16 14:16:04 C:\WINDOWS\Downloaded Program Files\muweb.inf

Entries: 1 (1)
Directories: 0 Files: 1
Bytes: 295 Blocks: 1
=============

#14 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 18 January 2009 - 11:09 AM

Hi,

Go to www.virustotal.com
Copy this into the "path"-form: C:\WINDOWS\System32\VC80CRTRedist.msi
Click "upload"

Wait untill the scan has finished.
then, post the results of the scan in your next reply. :thumbsup:

#15 imanimesh

imanimesh
  • Topic Starter

  • Members
  • 20 posts
  • OFFLINE
  •  

Posted 18 January 2009 - 12:09 PM

Hi Superbird,

Here are the scan results:
Antivirus Version Last Update Result
a-squared 4.0.0.73 2009.01.18 -
AhnLab-V3 2009.1.15.0 2009.01.17 -
AntiVir 7.9.0.57 2009.01.18 -
Authentium 5.1.0.4 2009.01.17 -
Avast 4.8.1281.0 2009.01.16 -
AVG 8.0.0.229 2009.01.18 -
BitDefender 7.2 2009.01.18 -
CAT-QuickHeal 10.00 2009.01.17 -
ClamAV 0.94.1 2009.01.18 -
Comodo 935 2009.01.18 -
DrWeb 4.44.0.09170 2009.01.18 -
eSafe 7.0.17.0 2009.01.18 -
eTrust-Vet 31.6.6312 2009.01.17 -
F-Prot 4.4.4.56 2009.01.17 -
F-Secure 8.0.14470.0 2009.01.18 -
Fortinet 3.117.0.0 2009.01.15 -
GData 19 2009.01.18 -
Ikarus T3.1.1.45.0 2009.01.18 -
K7AntiVirus 7.10.594 2009.01.17 -
Kaspersky 7.0.0.125 2009.01.18 -
McAfee 5499 2009.01.18 -
McAfee+Artemis 5499 2009.01.18 -
Microsoft 1.4205 2009.01.18 -
NOD32 3774 2009.01.17 -
Norman 5.93.01 2009.01.16 -
nProtect 2009.1.8.0 2009.01.16 -
Panda 9.5.1.2 2009.01.18 -
PCTools 4.4.2.0 2009.01.18 -
Prevx1 V2 2009.01.18 -
Rising 21.12.62.00 2009.01.18 -
SecureWeb-Gateway 6.7.6 2009.01.18 -
Sophos 4.37.0 2009.01.18 -
Sunbelt 3.2.1835.2 2009.01.16 -
Symantec 10 2009.01.18 -
TheHacker 6.3.1.5.222 2009.01.17 -
TrendMicro 8.700.0.1004 2009.01.16 -
VBA32 3.12.8.10 2009.01.18 -
ViRobot 2009.1.17.1563 2009.01.17 -
VirusBuster 4.5.11.0 2009.01.18 -

The result has been negative for this file.

What next,buddy :thumbsup: ?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users