Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

VIPsearch Redirect + Virus + Trojan


  • Please log in to reply
8 replies to this topic

#1 kamelia

kamelia

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 06 March 2012 - 04:35 AM

Hello,

I have a problem when I want to do Google searches. I kept being redirected with VIPSEARCH...I have Trend micro Titanium Maximum Security 2012 and Malwarebytes. Both programs detected problems: Malware.Gen, Trojan.Qhost.Gen, Trojan. Qhost.BG.

I did remove the files infected by these viruses/Trojan...But I still have the problem of being redirected with VIPSEARCH.

I have Windows XP and the problem of this VIPSearch is with both browsers: Firefox and Internet Explorer 8.

I must add that during the time my laptop was hit, a portable drive was connected. I removed the infected files from this USB portabl drive as well.

Please HELPPPPPPPPPPPPPPPP,

Thank you so much,

Kamelia

PS: This topic was accidently posted twice as there was a problem with the forum the 1st time I clicked "POST"

Edited by hamluis, 06 March 2012 - 07:20 AM.
No logs, moved to Am I Infected.


BC AdBot (Login to Remove)

 


#2 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:02 AM

Posted 06 March 2012 - 11:54 AM

Hi,

After performing these scans, enter the results in your next post and also update me on the status of the PC.

Note: You may have to perform some or all of the following in Safe Mode With Networking, depending on if you have internet access while in the normal Windows environment.

================================================================================

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

================================================================================

Please download and scan with SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If it will not start, go to Start > All Prgrams > SUPERAntiSpyware and click on Alternate Start.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

================================================================================

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
    For instructions with screenshots, please refer to this Guide.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

================================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.
-- If you encounter any problems, try running GMER in safe mode.
-- If GMER crashes or keeps resulting in a BSODs, uncheck Devices on the right side before scanning
.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#3 kamelia

kamelia
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 07 March 2012 - 11:29 PM

Thank you very much for getting back to me.

=================================================================================================

1- Security Check Results by screen317

Results of screen317's Security Check version 0.99.31

Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Trend Micro Titanium Maximum Security 2012
Trend Micro Titanium
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:

Gmer
HijackThis 2.0.2
Java™ 6 Update 11
Java version out of date!
Adobe Flash Player 11.1.102.62
Adobe Reader 8 Adobe Reader out of date!
Mozilla Firefox (3.6.17) Firefox out of Date!
Mozilla Thunderbird 2.0.0 Thunderbird out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Trend Micro AMSP coreServiceShell.exe
Trend Micro UniClient UiFrmWrk uiWatchDog.exe
Trend Micro AMSP coreFrameworkHost.exe
Trend Micro UniClient UiFrmWrk uiSeAgnt.exe
``````````End of Log````````````


=======================================================================================================
2- MiniToolBox Results

MiniToolBox by Farbar Version: 18-01-2012
Ran by ME (administrator) on 06-03-2012 at 21:00:44
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
*****************************************************************

========================= IE Proxy Settings:

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings:

========================= Hosts content:


94.63.147.16 www.google.com
94.63.147.17 www.bing.com


========================= IP Configuration:

Dell Wireless 1490 Dual Band WLAN Mini-Card = Wireless Network Connection (Connected)
1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# Interface IP Configuration
# ----------------------------------
pushd interface ip


# Interface IP Configuration for "Local Area Connection"

set address name="Local Area Connection" source=dhcp
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp

# Interface IP Configuration for "Wireless Network Connection"

set address name="Wireless Network Connection" source=dhcp
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp


popd
# End of interface IP configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : KAMELIA
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : vc.shawcable.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
Physical Address. . . . . . . . . : 00-1D-09-A8-C6-6F

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : vc.shawcable.net
Description . . . . . . . . . . . : Dell Wireless 1490 Dual Band WLAN Mini-Card
Physical Address. . . . . . . . . : 00-1E-4C-67-28-D9
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 192.168.1.101
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 64.59.144.92
64.59.144.93
64.59.150.135
Lease Obtained. . . . . . . . . . : Tuesday, March 06, 2012 8:51:55 PM
Lease Expires . . . . . . . . . . : Wednesday, March 07, 2012 8:51:55 PM
Server: pd2nsc3.st.vc.shawcable.net
Address: 64.59.144.92

Name: google.com
Addresses: 173.194.33.5, 173.194.33.3, 173.194.33.14, 173.194.33.7
173.194.33.4, 173.194.33.6, 173.194.33.2, 173.194.33.9, 173.194.33.0
173.194.33.1, 173.194.33.8


Pinging google.com [173.194.33.5] with 32 bytes of data:

Reply from 173.194.33.5: bytes=32 time=25ms TTL=56
Reply from 173.194.33.5: bytes=32 time=23ms TTL=56

Ping statistics for 173.194.33.5:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 23ms, Maximum = 25ms, Average = 24ms
Server: pd2nsc3.st.vc.shawcable.net
Address: 64.59.144.92

Name: yahoo.com
Addresses: 98.139.127.62, 209.191.122.70, 98.139.183.24


Pinging yahoo.com [98.139.127.62] with 32 bytes of data:

Reply from 98.139.127.62: bytes=32 time=81ms TTL=55
Reply from 98.139.127.62: bytes=32 time=121ms TTL=55

Ping statistics for 98.139.127.62:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 81ms, Maximum = 121ms, Average = 101ms
Server: pd2nsc3.st.vc.shawcable.net
Address: 64.59.144.92

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=64
Reply from 127.0.0.1: bytes=32 time<1ms TTL=64

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1d 09 a8 c6 6f ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
0x10004 ...00 1e 4c 67 28 d9 ...... Dell Wireless 1490 Dual Band WLAN Mini-Card - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 25
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.101 192.168.1.101 30
192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 25
192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 25
192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 25
224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 25
255.255.255.255 255.255.255.255 192.168.1.101 2 1
255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Program Files\Bonjour\mdnsNSP.dll [147456] (Apple Inc.)
Catalog5 02 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 03 C:\Windows\System32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 04 C:\Windows\System32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [245248] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/06/2012 01:00:45 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (03/05/2012 01:00:15 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (03/04/2012 01:00:19 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.

Error: (03/03/2012 03:05:26 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 03:05:26 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 01:30:26 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 01:30:26 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 01:29:20 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 01:29:20 PM) (Source: Userenv) (User: SYSTEM)SYSTEM
Description: Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE} and it will not be loaded. This is most likely caused by a faulty registration.

Error: (03/03/2012 01:00:13 PM) (Source: PerfNet) (User: )
Description: Unable to open the Server service. Server performance data
will not be returned. Error code returned is in data DWORD 0.


System errors:
=============
Error: (03/06/2012 08:50:14 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (03/06/2012 08:50:14 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (03/06/2012 07:37:23 AM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (03/06/2012 07:37:23 AM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (03/05/2012 10:11:08 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
iaStor

Error: (03/05/2012 10:11:06 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (03/05/2012 10:11:06 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (03/05/2012 00:05:27 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2

Error: (03/05/2012 00:05:27 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1058

Error: (03/04/2012 04:51:53 PM) (Source: Service Control Manager) (User: )
Description: The SupportSoft Sprocket Service (dellsupportcenter) service failed to start due to the following error:
%%2


Microsoft Office Sessions:
=========================
Error: (03/06/2012 01:00:45 PM) (Source: PerfNet)(User: )
Description:

Error: (03/05/2012 01:00:15 PM) (Source: PerfNet)(User: )
Description:

Error: (03/04/2012 01:00:19 PM) (Source: PerfNet)(User: )
Description:

Error: (03/03/2012 03:05:26 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (03/03/2012 03:05:26 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (03/03/2012 01:30:26 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (03/03/2012 01:30:26 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (03/03/2012 01:29:20 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}

Error: (03/03/2012 01:29:20 PM) (Source: Userenv)(User: SYSTEM)SYSTEM
Description: {7B849a69-220F-451E-B3FE-2CB811AF94AE}

Error: (03/03/2012 01:00:13 PM) (Source: PerfNet)(User: )
Description:


=========================== Installed Programs ============================

AC3Filter (remove only)
Adobe Flash Player 11 ActiveX (Version: 11.1.102.62)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Reader 8.3.1 (Version: 8.3.1)
Adobe Shockwave Player 11.5 (Version: 11.5)
Advanced Audio FX Engine
Advanced SystemCare 5 (Version: 5.1.0)
Advanced Video FX Engine
Apple Mobile Device Support (Version: 1.1.4.7)
Apple Software Update (Version: 2.0.2.92)
Athan Basic 4.1
BadCopy Pro
Bonjour (Version: 1.0.104)
Broadcom Management Programs (Version: 10.15.03)
Browser Address Error Redirector (Version: 1.00.0000)
ClearType Tuning Control Panel Applet (Version: 1.01.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6514.5001)
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online (Version: 1.0.21)
Dell Support Center (Version: 3.1.5907.23)
Dell System Restore (Version: 2.00.0000)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card (Version: 4.100.15.8)
Digital Line Detect (Version: 1.21)
Documentation & Support Launcher (Version: 1.00.0000)
EndNote (Version: 7.0)
Games, Music, & Photos Launcher (Version: 1.00.0000)
Google Earth (Version: 6.1.0.5001)
Google Update Helper (Version: 1.3.21.99)
GoToMeeting 4.1.0.366
HijackThis 2.0.2 (Version: 2.0.2)
IHMC CmapTools v5.03 (Version: 5.0.0.3)
Intel® Graphics Media Accelerator Driver
IntelliSonic Speech Enhancement (Version: 2.1.37)
Internet Service Offers Launcher (Version: 1.00.0000)
IrfanView (remove only)
ISI ResearchSoft - Export Helper
iTunes (Version: 7.6.2.9)
Java™ 6 Update 11 (Version: 6.0.110)
Laptop Integrated Webcam Driver (1.03.02.0719)
Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000)
MediaDirect (Version: 4.7)
Mendeley Desktop 0.9.6.3 (Version: 0.9.6.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Plus! Digital Media Edition Installer (Version: 1.1.0.3514)
Microsoft Plus! Photo Story 2 LE (Version: 1.1.0.3463)
Microsoft Silverlight (Version: 4.1.10111.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Modem Diagnostic Tool (Version: 1.0.20.0)
Mozilla Firefox (3.6.17) (Version: 3.6.17 (en-US))
Mozilla Thunderbird (2.0.0.24) (Version: 2.0.0.24 (en-US))
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
MSXML4SP2 (Version: 1.00.0000)
Musicmatch for Windows Media Player (Version: 0.00.000)
Netscape Navigator (9.0.0.5) (Version: 9.0.0.5 (en-US))
NetWaiting (Version: 2.5.44)
Nitro Reader 2 (Version: 2.1.0.13)
Octoshape add-in for Adobe Flash Player
Opera 9.25 (Version: 9.25)
OutlookAddinSetup (Version: 1.0.0)
PASW Statistics 18 (Version: 18.0.0)
PDFCreator (Version: 1.2.3)
PrimoPDF -- brought to you by Nitro PDF Software (Version: 5)
QuickSet (Version: 8.3.10)
QuickTime (Version: 7.50.61.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Rhapsody Player Engine (Version: 1.0.604)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator BDAV Plugin (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
SanDisk TransferMate
Segoe UI (Version: 14.0.4327.805)
Skype™ 5.5 (Version: 5.5.124)
Soap 3.0 Toolkit (Version: 1.00.0000)
Sonic Activation Module (Version: 1.0)
SPSS 16.0 for Windows (Version: 16.0.1)
Trend Micro Titanium (Version: 5.00)
Trend Micro Titanium Maximum Security 2012 (Version: 5.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB2632503) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Windows XP (KB976749) (Version: 1)
Update for Windows XP (KB978207) (Version: 1)
Update for Windows XP (KB980182) (Version: 1)
VLC media player 1.1.11 (Version: 1.1.11)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 7 (Version: 20070813.185237)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Family Safety (Version: 14.0.8118.427)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR archiver
WinZip 11.2 (Version: 11.2.8094)
WOT for Internet Explorer (Version: 11.11.7.0)

========================= Memory info: ===================================

Percentage of memory in use: 43%
Total physical RAM: 2037.97 MB
Available physical RAM: 1142.81 MB
Total Pagefile: 3929.99 MB
Available Pagefile: 3261.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1967.01 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:143.36 GB) (Free:45.35 GB) NTFS

========================= Users: ========================================

User accounts for \\KAMELIA

Administrator ME Guest
HelpAssistant SUPPORT_388945a0


**** End of log ****

Edited by kamelia, 07 March 2012 - 11:50 PM.


#4 kamelia

kamelia
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 07 March 2012 - 11:34 PM

3-SUPERAntiSypware Scan Results

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/07/2012 at 06:11 AM

Application Version : 5.0.1144

Core Rules Database Version : 8310
Trace Rules Database Version: 6122

Scan type : Complete Scan
Total Scan Time : 08:20:16

Operating System Information
Windows XP Professional 32-bit, Service Pack 3 (Build 5.01.2600)
Administrator

Memory items scanned : 236
Memory threats detected : 0
Registry items scanned : 33543
Registry threats detected : 0
File items scanned : 131467
File threats detected : 60

Adware.Tracking Cookie
C:\Documents and Settings\ME\Cookies\7H03HMS1.txt [ /invitemedia.com ]
C:\Documents and Settings\ME\Cookies\SVLFHFNX.txt [ /nm1.ygatracking.com ]
C:\Documents and Settings\ME\Cookies\VMHZ3FBX.txt [ /collective-media.net ]
C:\Documents and Settings\ME\Cookies\EFCBXTMQ.txt [ /clicks.geltmedia.com ]
C:\Documents and Settings\ME\Cookies\52FOAVIP.txt [ /atdmt.combing.com ]
C:\Documents and Settings\ME\Cookies\BS14AVDS.txt [ /media6degrees.com ]
C:\Documents and Settings\ME\Cookies\75Y116SL.txt [ /atdmt.com ]
C:\Documents and Settings\ME\Cookies\68HQPTFC.txt [ /histats.com ]
C:\Documents and Settings\ME\Cookies\9ML833TH.txt [ /adserver.adtechus.com ]
C:\Documents and Settings\ME\Cookies\8BGAZMPK.txt [ /brtstats.com ]
C:\Documents and Settings\ME\Cookies\WBE2P4PG.txt [ /lucidmedia.com ]
C:\Documents and Settings\ME\Cookies\1PJ6ANQU.txt [ /ads.networldmedia.net ]
C:\Documents and Settings\ME\Cookies\38Z55K82.txt [ /histats.com ]
C:\Documents and Settings\ME\Cookies\YAR01GBQ.txt [ /server.iad.liveperson.net ]
C:\Documents and Settings\ME\Cookies\QQJYNP78.txt [ /bridge1.admarketplace.net ]
C:\Documents and Settings\ME\Cookies\I08P0M8C.txt [ /realmedia.com ]
C:\Documents and Settings\ME\Cookies\I7ANM0YW.txt [ /click.expandsearchanswers.com ]
C:\Documents and Settings\ME\Cookies\5E5T3WB2.txt [ /vitamine.networldmedia.net ]
C:\Documents and Settings\ME\Cookies\PCT7DEU0.txt [ /admarketplace.net ]
C:\Documents and Settings\ME\Cookies\CFSVZH7Q.txt [ /geltmedia.com ]
C:\Documents and Settings\ME\Cookies\8XXS7W1L.txt [ /ox-d.fondnessmedia.com ]
C:\Documents and Settings\ME\Cookies\A51EONBO.txt [ /eas.apm.emediate.eu ]
C:\Documents and Settings\ME\Cookies\CUIASZHC.txt [ /tracking.godatafeed.com ]
C:\Documents and Settings\ME\Cookies\H8EV1ESJ.txt [ /ox-d.clickmena.com ]
C:\Documents and Settings\ME\Cookies\EH14LDW0.txt [ /myroitracking.com ]
C:\Documents and Settings\ME\Cookies\NRU49NXZ.txt [ /click.searchtigo.com ]
C:\Documents and Settings\ME\Cookies\VYYREUH1.txt [ /ads.adk2.com ]
C:\Documents and Settings\ME\Cookies\8YLDXPVA.txt [ /liveperson.net ]
C:\Documents and Settings\ME\Cookies\RBC4Q38Z.txt [ /adjuggler.net ]
C:\Documents and Settings\ME\Cookies\ABA2S906.txt [ /yadro.ru ]
C:\Documents and Settings\ME\Cookies\PJRRAK04.txt [ /bizzclick.com ]
C:\Documents and Settings\ME\Cookies\VYNDUZCT.txt [ /stat.onestat.com ]
C:\Documents and Settings\ME\Cookies\56NZXMZQ.txt [ /vidasco.rotator.hadj7.adjuggler.net ]
C:\Documents and Settings\ME\Cookies\2B3VJNBR.txt [ /liveperson.net ]
C:\Documents and Settings\ME\Cookies\1D8MG017.txt [ /cdn.jemamedia.com ]
C:\Documents and Settings\ME\Cookies\W64L7891.txt [ /ads.bleepingcomputer.com ]
C:\Documents and Settings\ME\Cookies\MH2IIQZ6.txt [ /trafficengine.net ]
C:\Documents and Settings\ME\Cookies\F4LCWGQ7.txt [ /ads.lzjl.com ]
C:\Documents and Settings\ME\Cookies\K1DY0MTA.txt [ /clicksor.com ]
C:\Documents and Settings\ME\Cookies\HVT0Z20K.txt [ /nextag.com ]
C:\Documents and Settings\ME\Cookies\0ZNH86RS.txt [ /networldmedia.net ]
C:\Documents and Settings\ME\Cookies\LZVELMDJ.txt [ /goclicker.com ]
C:\Documents and Settings\ME\Cookies\E6QZRCCQ.txt [ /clicks.thespecialsearch.com ]
C:\DOCUMENTS AND SETTINGS\ME\Cookies\5QS71WVA.txt [ Cookie:ME@bestneighborhoodsearch.com/click/ ]
C:\DOCUMENTS AND SETTINGS\ME\Cookies\06EQVFYL.txt [ Cookie:ME@bluesearchlocal.com/click/ ]
C:\DOCUMENTS AND SETTINGS\ME\Cookies\H9ZL6MZC.txt [ Cookie:ME@seek-home.com/click/ ]
C:\DOCUMENTS AND SETTINGS\ME\Cookies\9068GBLH.txt [ Cookie:ME@fish.gourmetrecipe.com/advertisement/includes/ ]
ad.insightexpressai.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
cdn5.tribalfusion.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
content.oddcast.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
futuremediausa.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
media.mtvnservices.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
msnbcmedia.msn.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
s0.2mdn.net [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
secure-uk.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
secure-us.imrworldwide.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
static.discoverymedia.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
vitamine.networldmedia.net [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
www.futuremediausa.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]
www.ultimedia.com [ C:\DOCUMENTS AND SETTINGS\ME\APPLICATION DATA\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\LH86WMQN ]

===================================================================================================================================

4-Malwarebytes Scan Results

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.07.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
ME :: KAMELIA [administrator]

3/7/2012 2:45:37 PM
mbam-log-2012-03-07 (14-45-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203926
Time elapsed: 12 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Edited by kamelia, 07 March 2012 - 11:52 PM.


#5 kamelia

kamelia
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 07 March 2012 - 11:36 PM

5- GMER Scan Results


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-03-07 19:58:01
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e FUJITSU_MHY2160BH rev.0085000B
Running: mt76xz5f.exe; Driver: C:\DOCUME~1\ME~1\LOCALS~1\Temp\pwtdipob.sys


---- System - GMER 1.0.15 ----

SSDT 896297D4 ZwCreateKey
SSDT 89624A14 ZwCreateMutant
SSDT 89951824 ZwCreateProcess
SSDT 895EFBC4 ZwCreateProcessEx
SSDT 895BDECC ZwCreateSymbolicLinkObject
SSDT 89AE414C ZwCreateThread
SSDT 895B3E14 ZwDeleteKey
SSDT 896909EC ZwDeleteValueKey
SSDT 895BDE94 ZwDuplicateObject
SSDT 8993B14C ZwLoadDriver
SSDT 87BA5434 ZwOpenProcess
SSDT 895F081C ZwOpenSection
SSDT 87BA5B2C ZwOpenThread
SSDT 8989414C ZwRenameKey
SSDT 87BA4434 ZwRestoreKey
SSDT 896249DC ZwSetSystemInformation
SSDT 895EF144 ZwSetValueKey
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xA7AEB640]
SSDT 87BA7CEC ZwTerminateThread
SSDT 89AD847C ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 2C88 80504524 2 Bytes [D4, 97] {AAM 0x97}
.text ntkrnlpa.exe!ZwCallbackReturn + 2CF4 80504590 2 Bytes [94, DE]

---- User code sections - GMER 1.0.15 ----

.text C:\program files\real\realplayer\update\realsched.exe[2308] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Ip ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmeext.sys (Trend Micro EagleEye Driver (XT) (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp ntkrnlpa.exe (NT Kernel & System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

Device \FileSystem\Fastfat \Fat A4685D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

---- Files - GMER 1.0.15 ----

File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\A-Presence Articles\Presence-Measurement-Articles\Compendium of Presence Measures-FILES\Compendium of Presence Measures-PRESENCE-RESEARCH_ORG_files\header_files\logo.gif 2291 bytes
File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\A-Presence Articles\Presence-Measurement-Articles\Compendium of Presence Measures-FILES\Compendium of Presence Measures-PRESENCE-RESEARCH_ORG_files\Overview_files\basic.js 2041 bytes
File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\A-Presence Articles\Presence-Measurement-Articles\Compendium of Presence Measures-FILES\Compendium of Presence Measures-PRESENCE-RESEARCH_ORG_files\Overview_files\getacro.gif 712 bytes
File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\A-Presence Articles\Presence-Measurement-Articles\Compendium of Presence Measures-FILES\Compendium of Presence Measures-PRESENCE-RESEARCH_ORG_files\Overview_files\n.gif 156 bytes
File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\A-Presence Articles\Presence-Measurement-Articles\Compendium of Presence Measures-FILES\Subjective measures-Subjective Corroborative Measures_files\header_files\logo.gif 2291 bytes
File C:\Documents and Settings\ME\Desktop\White Flash Drive Scan Cruze\Flash Drive-Jan 7-08\New Folder\Misc\WISE-Oct 22 to Nov 2-2007\WISE Modules\WISE Module 1-Online Pedagogy Overview\Module 1 Assignments & Activities\Module 1 Statement of Personal Goals\Module 1 Statement of Personal Goals.doc 20992 bytes
File C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\BWGCOQ01\info_48[1] 0 bytes
File C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\BWGCOQ01\errorPageStrings[1] 0 bytes
File C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\BWGCOQ01\background_gradient[1] 0 bytes
File C:\Documents and Settings\ME\Local Settings\Temporary Internet Files\Content.IE5\FFTTF0H3\ErrorPageTemplate[1] 0 bytes

---- EOF - GMER 1.0.15 ----

Edited by kamelia, 07 March 2012 - 11:52 PM.


#6 kamelia

kamelia
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 07 March 2012 - 11:40 PM

Thank you again for your prompt reply and for your help...

1- I am eager to know the diagnostic of the problem and what the scan results say about the "health" of my laptop.

2- For my Laptop's maintenance, can I, from time to time, do ALL the scans you recommended in your 1st reply?

3- I ran the above tests without my portable drive connected to my laptop. I mentioned in my very first post that this portable drive was connected when my laptop was hit by the virus. In fact, Trend Micro and Malwarebytes detected some infected files in the drive that I removed before posting my topic here. Do you recommend that I ran any of the programs you mentioned above. Thank you!

Best,

Kamelia

Edited by kamelia, 07 March 2012 - 11:49 PM.


#7 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:02 AM

Posted 08 March 2012 - 12:43 AM

1- I am eager to know the diagnostic of the problem and what the scan results say about the "health" of my laptop.

Given the information from the logs, I'm not able to pinpoint exactly what malware is/was on computer. But it is obvious that you are/were infected.

For my Laptop's maintenance, can I, from time to time, do ALL the scans you recommended in your 1st reply?

As for regular maintenance, the SAS and MBAM scans are perfectly fine. That and a scan by your regular antivirus software.

I ran the above tests without my portable drive connected to my laptop. I mentioned in my very first post that this portable drive was connected when my laptop was hit by the virus. In fact, Trend Micro and Malwarebytes detected some infected files in the drive that I removed before posting my topic here. Do you recommend that I ran any of the programs you mentioned above. Thank you!

Yes, you should run these scans on the drive.

How is the computer running now? Are you experiencing any symptoms?

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 


#8 kamelia

kamelia
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:09:02 PM

Posted 08 March 2012 - 05:15 AM

Thank you again for your help.

After I ran the scans, I went to google to search for something to check whether I would be redirected. I was happy I was able to access the google search results with no problem whether I use IE or Firefox...BUT later when I googled something, I found myself being redirected again to vipsearches, i.e. after I typed whatever in google, I saw the search results, but when I clicked on some of these links, I kept being redirected to other pages...so the VIPSEARCH redirection problem is still there unfortunately?

Kamelia

#9 TheShooter93

TheShooter93

    Cody


  • Malware Response Team
  • 4,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Orlando, Florida
  • Local time:12:02 AM

Posted 08 March 2012 - 10:32 AM

Please follow the instructions in ==>This Guide<== starting at Step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include a description of your computer issues, what you have done to resolve them, and a link to this topic.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

It would be helpful if you post a note here once you have completed the steps in the guide and have started your topic in malware removal. Good luck and be patient.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

CCNA R&SCCNA Security | Network+  |  B.S. - Information Technology | Cyber Security Engineer

If I am helping you and have not replied within 48 hours, please send me a private message.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users