Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search redircting to random sites


  • Please log in to reply
30 replies to this topic

#1 skmendiratta

skmendiratta

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 06 August 2011 - 01:22 AM

Hi,

I have a weird problem when i try to search anything on google or Bing then i click to "open in new tab" it redirects to some other page. I tried scanning with malware Byte and Mcafee antivirus. Nothing is found. Requesting for help.

Many Thanks,
SKMENDIRATTA

Edited by Orange Blossom, 06 August 2011 - 07:42 AM.
Moved to AII from Windows 7. ~ OB


BC AdBot (Login to Remove)

 


#2 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 06 August 2011 - 08:14 AM

Hi skmendiratta,

:welcome: to Bleeping Computer!

My name is Jason and I'll be helping you with your computer problems. You can call me by my screename jntkwx or Jason is fine.

Some things to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please do not attach logs or put logs in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can also help.
  • Do not run anything while running a fix.
  • If you don't understand a step, please ask for clarification before continuing with any future steps.

Click on the Watch Topic button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Note to others: The instructions here are intended for the person who began this topic. If you need help, please create your own topic in the appropriate forum.

 

:step1: Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List last 10 Event Viewer Log Errors
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go . Please put code boxes around just this entire log, like this, but without the letter x: [xcode] MiniToolBox log [/xcode]

:step2: Rerun Malwarebytes
Open Malwarebytes, click on the Update tab, and click the check for Updates button. (The latest update is 7392)
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

If you have trouble updating, troubleshoot Malwarebytes' Anti-Malware

:step3: Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from http://www.superantispyware.com/downloads/SASDEFINITIONS.EXE (copy and paste that website address) and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others checked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Home" button to leave the control center screen.
  • Back on the main screen, under "Select Scan Type" click Complete Scan.
  • On the left, make sure you check C:\.
  • Click Start Complete Scan > Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a USB drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

:step4: Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.


In your next reply, please include:
  • MiniToolBox log
  • Malwarebytes log
  • SUPERAntiSpyware log
  • GMER log
  • How's your computer running now?

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#3 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 07 August 2011 - 05:42 AM

Thanks a lot Jason for the instructions. I did all the steps and now it seems problem is resolved(it looks like but not sure). Only SuperAnti spyware found some issue with tracking cookies and quarantined and deleted them.

Here is the log for
1) Minitoolbox

<code>MiniToolBox by Farbar
Ran by Divya (administrator) on 07-08-2011 at 00:50:42
Windows 7 Home Premium (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================




========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Divya-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-B9-E8-07-9C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : DW1501 Wireless-N WLAN Half-Mini Card
Physical Address. . . . . . . . . : 70-F1-A1-DF-64-B3
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::1dcb:1138:93f7:b6d5%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.6(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 06, 2011 11:54:44 PM
Lease Expires . . . . . . . . . . : Sunday, August 07, 2011 11:54:44 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 191951265
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-95-31-68-00-26-B9-E8-07-9C
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{EB6E9450-DBCB-4254-B527-9624BD8A72F6}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:0:3fc6:9d15:4db5(Preferred)
Link-local IPv6 Address . . . . . : fe80::3fc6:9d15:4db5%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{FFD23B07-54A2-4C85-A410-4C67891C2DB9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.81
74.125.224.84
74.125.224.80
74.125.224.82
74.125.224.83


Pinging google.com [74.125.224.80] with 32 bytes of data:
Reply from 74.125.224.80: bytes=32 time=20ms TTL=55
Reply from 74.125.224.80: bytes=32 time=18ms TTL=55

Ping statistics for 74.125.224.80:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 20ms, Average = 19ms
Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43


Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=27ms TTL=54
Reply from 72.30.2.43: bytes=32 time=21ms TTL=54

Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 27ms, Average = 24ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time=3ms TTL=128
Reply from 127.0.0.1: bytes=32 time=2ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms
===========================================================================
Interface List
12...00 26 b9 e8 07 9c ......Realtek PCIe GBE Family Controller
11...70 f1 a1 df 64 b3 ......DW1501 Wireless-N WLAN Half-Mini Card
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.6 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.6 281
192.168.1.6 255.255.255.255 On-link 192.168.1.6 281
192.168.1.255 255.255.255.255 On-link 192.168.1.6 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.6 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.6 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:0:3fc6:9d15:4db5/128
On-link
11 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3fc6:9d15:4db5/128 On-link
11 281 fe80::1dcb:1138:93f7:b6d5/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

========================= Event log errors: ===============================

Application errors:
==================
Error: (08/07/2011 00:50:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/07/2011 00:00:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/06/2011 07:39:04 PM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/06/2011 00:52:57 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2011 11:12:07 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2011 11:11:53 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2011 11:11:18 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2011 11:11:01 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/05/2011 10:28:22 PM) (Source: Application Hang) (User: )
Description: The program mcagent.exe version 11.0.569.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e48

Start Time: 01cc514e087c8bd5

Termination Time: 123

Application Path: C:\Program Files\McAfee.com\Agent\mcagent.exe

Report Id: c69fd1da-bfec-11e0-a72c-0026b9e8079c

Error: (08/05/2011 11:14:41 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"1".
Dependent Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823" could not be found.
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (08/06/2011 05:47:38 PM) (Source: cdrom) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (08/06/2011 05:47:29 PM) (Source: cdrom) (User: )
Description: The driver detected a controller error on \Device\CdRom0.

Error: (08/06/2011 05:47:17 PM) (Source: cdrom) (User: )
Description: The device, \Device\CdRom0, has a bad block.

Error: (08/01/2011 10:24:25 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 10:22:35 PM on ?8/?1/?2011 was unexpected.

Error: (07/27/2011 03:51:40 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueBasic

Error: (07/27/2011 03:51:40 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNegotiate

Error: (07/27/2011 03:51:40 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNTLM

Error: (07/27/2011 03:51:40 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueWDigest

Error: (07/27/2011 02:15:39 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueBasic

Error: (07/27/2011 02:15:39 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueueNegotiate


Microsoft Office Sessions:
=========================
Error: (08/07/2011 00:50:42 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/07/2011 00:00:01 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/06/2011 07:39:04 PM) (Source: EventSystem)(User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/06/2011 00:52:57 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/05/2011 11:12:07 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/05/2011 11:11:53 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/05/2011 11:11:18 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/05/2011 11:11:01 PM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe

Error: (08/05/2011 10:28:22 PM) (Source: Application Hang)(User: )
Description: mcagent.exe11.0.569.0e4801cc514e087c8bd5123C:\Program Files\McAfee.com\Agent\mcagent.exec69fd1da-bfec-11e0-a72c-0026b9e8079c

Error: (08/05/2011 11:14:41 AM) (Source: SideBySide)(User: )
Description: Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16823"C:\Windows\system32\conhost.exe


=========================== Installed Programs ============================

Adobe AIR (Version: 2.7.0.19480)
Adobe Community Help (Version: 3.4.980)
Adobe Download Assistant (Version: 1.0.2)
Adobe Flash Player 10 ActiveX (Version: 10.2.153.1)
Adobe Flash Player 10 Plugin (Version: 10.3.181.26)
Adobe Photoshop CS5.1 (Version: 12.1)
Banctec Service Agreement (Version: 2.0.0)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Dell Edoc Viewer (Version: 1.0.0)
DW WLAN Card Utility (Version: 5.60.48.18)
Google Chrome (Version: 13.0.782.107)
Google Talk Plugin (Version: 2.1.8.0)
Google Update Helper (Version: 1.3.21.65)
GoToAssist Corporate (Version: 9.1.0.615)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2104)
Intel® Management Engine Components (Version: 6.0.0.1179)
Java Auto Updater (Version: 2.0.3.1)
Java™ 6 Update 24 (64-bit) (Version: 6.0.240)
Java™ 6 Update 24 (Version: 6.0.240)
Malwarebytes' Anti-Malware version 1.51.1.1800 (Version: 1.51.1.1800)
McAfee SecurityCenter (Version: 11.0.572)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86 (Version: 1.00.0000)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000)
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000)
PDF Settings CS5 (Version: 10.0)
Picasa 3 (Version: 3.8)
Quickset64 (Version: 10.3.2)
Skype Toolbars (Version: 5.5.7896)
Skype™ 5.3 (Version: 5.3.120)
Synaptics Pointing Device Driver (Version: 15.0.3.0)

========================= Memory info: ===================================

Percentage of memory in use: 32%
Total physical RAM: 3764.54 MB
Available physical RAM: 2531 MB
Total Pagefile: 7527.2 MB
Available Pagefile: 5585.36 MB
Total Virtual: 4095.88 MB
Available Virtual: 3968.5 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:454.18 GB) (Free:405.06 GB) NTFS
3 Drive e: (NIKON D5000) (Removable) (Total:3.7 GB) (Free:0.85 GB) FAT32

========================= Users: ========================================

User accounts for \\DIVYA-PC

Administrator Divya Guest


== End of log ==
</code>

2) Malware Byte (Clean nothing found)

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7397

Windows 6.1.7600
Internet Explorer 9.0.8112.16421

8/7/2011 12:57:06 AM
mbam-log-2011-08-07 (00-57-06).txt

Scan type: Quick scan
Objects scanned: 166186
Time elapsed: 2 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


3) superAnti spyware (deleted tracking cokies)

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/07/2011 at 01:50 AM

Application Version : 5.0.1108

Core Rules Database Version : 7523
Trace Rules Database Version: 5335

Scan type : Complete Scan
Total Scan Time : 00:26:44

Operating System Information
Windows 7 Home Premium 64-bit (Build 6.01.7600)
UAC On - Limited User

Memory items scanned : 609
Memory threats detected : 0
Registry items scanned : 69887
Registry threats detected : 0
File items scanned : 42815
File threats detected : 224

Adware.Tracking Cookie
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@2o7[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@a1.interclick[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ad.flux[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ad.wsod[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ad.yieldmanager[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@adbrite[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.addynamix[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.adk2[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.blogtalkradio[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.e-planning[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.gamersmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.intergi[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.lycos[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.lycos[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.lzjl[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.pointroll[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.pubmatic[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.shorttail[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.undertone[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ads.undertone[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@adserver.adtechus[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@adserving.autotrader[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@adserving.versaneeds[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@advertise[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@advertising[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@adxpose[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@anrtx.tacoda[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@apartmentfinder[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@apmebf[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@apmebf[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ar.atwola[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@at.atwola[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@atdmt[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@bizrate[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@burstnet[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@CADXJORW.txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@casalemedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@cdn.jemamedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@citi.bridgetrack[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@click.scour[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clickbank[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clicks.freesearchbuddy[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clicks.keensearchengine[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clicks.oe0ads[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clicks.thespecialsearch[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@clicksor[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@cn.clickable[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@collective-media[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@commission-junction[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@content.yieldmanager[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@content.yieldmanager[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@crackle[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@data.coremetrics[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@dc.tremormedia[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@dc.tremormedia[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@digitalentertainment.122.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@discountelectronics[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@doubleclick[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@doubleclick[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@doubleclick[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@eas.apm.emediate[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@educationcom.112.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@educationcom.112.2o7[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@enhance[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@entrepreneur[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@exoclick[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@eyeviewads[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@eyewonder[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@fastclick[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@feed.validclick[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@fidelity.rotator.hadj7.adjuggler[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@find.10topsearches[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@findology[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@goodcholesterolcount[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@goodcholesterolcount[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@gotacha.rotator.hadj7.adjuggler[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@gotacha.rotator.hadj7.adjuggler[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@harrenmedianetwork[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@homestore.122.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@iexplore.122.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@imrworldwide[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@insightexpressai[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@interclick[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@invitemedia[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@invitemedia[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@legolas-media[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@legolas-media[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@lightstonemedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@liveperson[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@liveperson[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@liveperson[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@liveperson[4].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@lucidmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@lucidmedia[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@m1.mediasrv[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@madethecut.112.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@marchex.bafind[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@media6degrees[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@media6degrees[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mediabrandsww[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mediaplex[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mediasrv[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mediatraffic[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mm.chitika[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mtvn.112.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@myroitracking[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@mytracklog[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@network.realmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@newmusiccountdown.mevio[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@p142t1s1316532.kronos.bravenetmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@p169t1s5350873.kronos.bravenetmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@p268t1s2329433.kronos.bravenetmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@p281t1s3162850.kronos.bravenetmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@p382t1s4065540.kronos.bravenetmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@partypoker[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@pointroll[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@pointsnorthmedia[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@pro-market[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@pro-market[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@questionmarket[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@r1-ads.ace.advertising[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@realmedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@revenuecurve.go2jump[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@revsci[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@ru4[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@sales.liveperson[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.321findit[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.amazeclick[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.boltfind[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clickcheer[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clickcheer[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clicksare[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clicksfind[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clicksthe[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clicksthis[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.clickwhale[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.findsmy[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.findxml[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.orfind[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.seekfinds[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@search.toseeking[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@servedby.adxpower[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@server.cpmstar[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@server.iad.liveperson[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@serving-sys[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@serving-sys[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@specificclick[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@stat.dealtime[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@statcounter[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@statse.webtrendslive[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@surfaccuracy[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@surveymonkey.122.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@tacoda.at.atwola[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@techmedianetwork[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@theclickcheck[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@tracking.hostgator[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@traffic.prod.cobaltgroup[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@trafficengine[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@trafficking.nabbr[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@trafficking.nabbr[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@trafficmp[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@trafficmp[3].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@tribalfusion[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@usairways.112.2o7[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@viacom.adbureau[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@vidasco.rotator.hadj7.adjuggler[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@viewablemedia[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.apartmentfinder[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.burstnet[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.commission-junction[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.crackle[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.discountelectronics[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.find-fast-answers[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.findstuffforme[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.googleadservices[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.googleadservices[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.matrix-media[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.mediatraffic[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@www.trackimizer[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@xml.trafficengine[2].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@yieldmanager[1].txt
C:\Users\Divya\AppData\Roaming\Microsoft\Windows\Cookies\divya@zedo[2].txt
.shopica.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.atdmt.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
find.mapmuse.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.imrworldwide.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.doubleclick.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.find.mapmuse.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.find.mapmuse.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.find.mapmuse.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.apmebf.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.collective-media.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.mediaplex.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.revsci.net [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.tribalfusion.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
accounts.youtube.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
.invitemedia.com [ C:\USERS\DIVYA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
cdn.media.abc.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
content.yieldmanager.edgesuite.net [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
crackle.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
media.mtvnservices.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
media.scanscout.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
media1.break.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
objects.tremormedia.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
secure-uk.imrworldwide.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
secure-us.imrworldwide.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]
timesofindia.indiatimes.com [ C:\USERS\DIVYA\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\2UXGZLNL ]


4) GMER Log( no rootkit found)

BLANK..




Many Thanks

#4 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 07 August 2011 - 10:04 AM

Hi skmendiratta,

I'm not so sure your problem is resolved. What SUPERAntiSpyware removed shouldn't have fixed your problem.

Please click HERE to download Kaspersky Virus Removal Tool (click on the Download link for Version 11).
NOTE. This is quite large file, so be patient.

  • Double click on the file you just downloaded and let it install.
  • It will install to your desktop (be patient; it may take a while).
  • Accept license agreement and click "Start" button.
  • Click on Settings button Posted Image
    • In Scan scope leave pre-checked items as they're and also checkmark My Computer
    • In Actions checkmark Select action: (disinfect; delete if disinfection fails) instead of preselected Prompt on detection
  • Click on Automatic Scan tab and then click on Start scanning button.
  • Before it is done it may prompt for action regardless of the setting so choose delete if prompted.
  • When the scan is done NO log will be produced.
  • Click on Report button Posted Image then on Automatic Scan report tab.
  • Right click anywhere within right pane, click Select All then right click again and click Copy.
  • This will copy the items that it found to the clipboard you can then open notepad (go to start then run then type in notepad) and choose paste to paste the contents into Notepad.
  • You can save this on the desktop.
  • Post the contents of the document in your next reply.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#5 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 08 August 2011 - 12:48 AM

Hi Jason,

Kaspersky log did not show up anything suspicious in the scan, may be something is there in log. it is huge file can you suggest how to attach.

One more thing i would like to add here is, I am getting two messages on the right bottom of my screen.
1) Windows security center is off and when i try to enable it is not starting.
2) create backup.

regards,
SKMENDIRATTA

Edited by skmendiratta, 08 August 2011 - 12:58 AM.


#6 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 08 August 2011 - 12:27 PM

Hi skmendiratta,

Save the Kaspersky log to your desktop, then upload it:
  • Please go to http://www.sendspace.com/
  • Click on Browse, and browse for the Kaspersky log.
  • Click the Upload button.
  • Wait for the file to upload.
  • Under Forum Code, click Copy Code Please paste the copied code into your next reply. (also under Delete File Link click on Copy Code and paste the code into a new notepad document (but please do NOT paste it here.)

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#7 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 09 August 2011 - 12:36 AM

HI Jason,

Please find the log file link.
http://www.sendspace.com/file/bbmufv


regards,
skmendiratta

Edited by skmendiratta, 09 August 2011 - 12:41 AM.


#8 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 09 August 2011 - 07:23 AM

Hi skmendiratta,

You're correct. That log looks clean. Go ahead and use the Delete Link that you copied earlier to delete that file.

Let's double check we've found everything.

:step1: Please download Rootkit Unhooker from one of the following links and save it to your desktop.
Link 1 (.exe file)
Link 2 (zipped file)
Link 3 (.rar file)In order to use this tool if you downloaded from either of the second two links, you will need to extract the RKUnhookerLE.exe file using a program capable of extracing ZIP and RAR compressed files. If you don't have an extraction program, you can download, install and use the free 7-zip utility.

  • Double-click on RKUnhookerLE.exe to start the program.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • Click the Report tab, then click Scan.
  • Check Drivers, Stealth, and uncheck the rest.
  • Click OK.
  • Wait until it's finished and then go to File > Save Report.
  • Save the report to your Desktop.
  • Copy and paste the contents of the report into your next reply.
-- Note: You may get this warning...just ignore it, click OK and continue: "Rootkit Unhooker has detected a parasite inside itself! It is recommended to remove parasite, okay?".

:step2: I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#9 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 09 August 2011 - 10:19 PM

Hi Jason,

When i try to run unhooker i am getting the below error.

Unhandled exception occurred
Exception code : 0xC0000005
Instruction address : 0x00402EAA
Attempt to read at address : 0xFFFFFFFF

Please suggest.

Edited by skmendiratta, 10 August 2011 - 01:19 PM.


#10 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 10 August 2011 - 01:19 PM

Hi Jason,

Do you want me to test or run anything. Waiting for your instructions.

Many Thanks,
skmendiratta

#11 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 10 August 2011 - 03:11 PM

Hi skmendiratta,

Skip RKunhooker, and run the ESET scan.
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#12 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 11 August 2011 - 01:14 AM

Hi Jason,

I ran the ESET scan. Scan came out clean and it showed number of file scanned(around 100k), 0 files detected and elapsed time(around 36 mins). I did not get to see any option for "List Threats" only option was "Finish".

Please suggest.

Thanks,
skmendiratta

Edited by skmendiratta, 11 August 2011 - 01:15 AM.


#13 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 11 August 2011 - 08:50 AM

Hi skmendiratta,

How is your computer running now?
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif


#14 skmendiratta

skmendiratta
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:47 AM

Posted 11 August 2011 - 02:17 PM

Hi Jason,

Thanks a lot for the help.Well it did the trick. As of now it is working fine. Problem is resolved but how come any malware/trojan is not detected.

You want me to run anything else to check?


Regards,
skmendiratta

#15 jntkwx

jntkwx

  • Malware Response Team
  • 4,339 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New England, U.S.A.
  • Local time:07:47 AM

Posted 11 August 2011 - 03:58 PM

Hi skmendiratta,

Yes, I'm curious if updating McAfee and running a full system scan with McAfee will find anything. What's odd is that SUPERAntiSpyware just removed relatively non-malicious cookies. This shouldn't have fixed your redirecting problems.

Also, carefully follow the directions here and see if TDSSkiller finds anything (please post the log, located at C:\)
Regards,
Jason

 

Simple and easy ways to keep your computer safe and secure on the Internet

If I am helping you and have not returned in 48 hours, please feel free to send me a PM with a link to the topic.
My help is free... however, if you wish to show appreciation and support me personally fighting against malware, please consider a donation: btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users