Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unfixable browser re-directs to Vidocop & results.guggle.com


  • This topic is locked This topic is locked
2 replies to this topic

#1 Dart-o

Dart-o

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:25 PM

Posted 08 August 2010 - 12:21 PM

I'm new to this forum, I'm having all kinds of issues with my new computer.

I unfortunately used the feature in Windows 7 to bring all of my files/settings over from my winXp machine. In the process, it appears to have brought over a virus / malware / issue from my old Dell to my new Gateway machine.

At seemingly random times, when I click on links from google or within other websites, I'm redirected to a Videocop site (http://promo.videocop.com/landing/4/index.php?limit=50&year=2010&aff=NGMzNTkwOWY6OjA%3D&src=synd)
or Gugle site (http://results.gugle.com/) or even just a new pop up tab / window for Google.

On this machine I have Norton Antivirus running (trial), Spybot, Malware bytes, Hitman pro, and SUPER Antispyware. I thought I made some real progress with Hitman Pro - as it uncovered a ton of items - but deleting those issues brought no relief.

I'm running Internet Explorer 8 (mainly 32 bit, but sometimes 64bit) and Google Chrome as my browsers.

I've been hunting for others with this issue and I found on this board something that seems the same (topic336532).

Please help.
David

As per the instructions for the forum, I've attached the appropriate logs / details.
1 point - When I used GMER - I didn't have the options available that were shown in the screen shot - The only options that were not grayed out were - Services, Registry, Files My two drives, and ADS. I also received a windows error (corrupt file?) while running GMER but I didn't see the details before the pop up vanished.




DDS (Ver_10-03-17.01) - NTFSX64
Run by My_PC at 19:04:41.88 on Sun 08/08/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.8183.6584 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\spool\DRIVERS\x64\3\HP1006MC.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Windows\System32\svchost.exe -k secsvcs
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\My_PC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\My_PC\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4830&r=173607108116p0365v185k47626201
uDefault_Search_URL = hxxp://www.google.com/ie
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://en.canoe.ca/home.html
uWindow Title = Windows Internet Explorer provided by Yahoo!
mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4830&r=173607108116p0365v185k47626201
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=1009&m=dx4830&r=173607108116p0365v185k47626201
mLocal Page = c:\windows\syswow64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files (x86)\norton internet security\engine\16.8.0.41\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files (x86)\norton internet security\engine\16.8.0.41\coIEPlg.dll
uRun: [Google Update] "c:\users\my_pc\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Logitech Vid] "c:\program files (x86)\logitech\logitech vid\vid.exe" -bootmode
mRun: [BackupManagerTray] "c:\program files (x86)\newtech infosystems\gateway mybackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [NortonOnlineBackupReminder] "c:\program files (x86)\symantec\norton online backup\activation\NobuActivation.exe" UNATTENDED
mRun: [StartCCC] "c:\program files (x86)\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [Gateway Photo Frame] c:\program files (x86)\gateway photo frame\ButtonMonitor.exe -A
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [BlackBerryAutoUpdate] c:\program files (x86)\common files\research in motion\auto update\RIMAutoUpdate.exe /background
mRun: [LWS] c:\program files (x86)\logitech\lws\webcam software\LWS.exe -hide
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
StartupFolder: c:\users\my_pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files (x86)\logitech\ereg\eReg.exe
StartupFolder: c:\users\my_pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files (x86)\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\my_pc\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files (x86)\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files (x86)\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files (x86)\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\micros~1\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: cstonecanada.com\connect
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40394.8139699074
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files (x86)\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [RtHDVCpl] c:\program files\realtek\audio\hda\RAVCpl64.exe

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-7-28 69152]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nisx64\1008000.029\SymEFA64.sys [2010-7-28 402992]
R1 BHDrvx64;Symantec Heuristics Driver;c:\windows\system32\drivers\nisx64\1008000.029\BHDrvx64.sys [2010-7-28 334384]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nisx64\1008000.029\cchpx64.sys [2010-7-28 583296]
R1 IDSVia64;IDSVia64;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100805.004\IDSviA64.sys [2010-8-5 463408]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-16 203264]
R2 Greg_Service;GRegService;c:\program files (x86)\gateway\registration\GregHSRW.exe [2009-6-4 1150496]
R2 LVPrcS64;Process Monitor;c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe [2010-5-7 197976]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-7-28 117640]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\newtech infosystems\gateway mybackup\IScheduleSvc.exe [2009-8-12 62208]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-28 1153368]
R2 Updater Service;Updater Service;c:\program files\gateway\gateway updater\UpdaterService.exe [2009-8-16 240160]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k62x64.sys [2009-8-16 273072]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-7-30 132656]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\drivers\LVPr2M64.sys [2010-5-7 30304]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\drivers\lvrs64.sys [2010-7-7 339040]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\drivers\lvuvc64.sys [2010-7-7 6465632]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nisx64\1008000.029\symndisv.sys [2010-7-28 56880]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);c:\program files (x86)\google\update\GoogleUpdate.exe [2010-7-27 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\lavasoft\ad-aware\AAWService.exe [2010-7-12 1352832]
S3 IAMTVE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTVE.sys [2009-8-16 43416]
S3 IAMTXPE;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\IAMTXPE.sys [2009-8-16 51096]
S3 ioatdma1;ioatdma1;c:\windows\system32\drivers\qd162x64.sys [2009-8-16 40144]
S3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\system32\drivers\qd262x64.sys [2009-8-16 41680]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-27 1255736]

=============== Created Last 30 ================

2010-08-08 17:23:24 0 ----a-w- c:\users\my_pc\defogger_reenable
2010-08-08 11:56:04 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-08-08 11:45:08 19528 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-08-08 11:44:33 0 d-----w- c:\programdata\Hitman Pro
2010-08-08 11:44:32 0 d-----w- c:\program files\Hitman Pro 3.5
2010-08-08 11:43:14 0 d-----w- c:\program files (x86)\Hitman Pro 3.5
2010-08-07 11:46:23 0 d-----w- c:\users\my_pc\appdata\roaming\Packard Bell
2010-08-05 02:46:16 0 d-----w- c:\programdata\Sun
2010-08-05 02:42:56 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-08-05 02:42:56 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-05 02:42:56 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-05 02:42:56 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-05 02:05:11 0 d-----w- c:\program files (x86)\Microsoft ActiveSync
2010-08-05 02:04:34 0 d-----w- c:\program files (x86)\common files\L&H
2010-08-05 01:42:56 0 d-----w- c:\users\my_pc\appdata\roaming\OpenOffice.org
2010-08-04 02:18:01 0 d-----w- c:\program files\Avago-HP
2010-08-04 02:17:42 64512 ----a-w- c:\windows\system32\HPPLVS.dll
2010-08-04 02:17:42 398336 ----a-w- c:\windows\system32\HP1006LM.DLL
2010-08-04 02:17:40 0 d-----w- c:\program files\HP
2010-08-03 01:57:09 0 d-----w- c:\windows\syswow64\logishrd
2010-08-03 01:57:09 0 d-----w- c:\windows\system32\logishrd
2010-08-03 01:56:43 0 d-----w- c:\programdata\Logitech
2010-08-03 01:56:29 0 d-----w- c:\program files (x86)\common files\LWS
2010-08-02 23:49:53 12867584 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-02 23:39:27 0 d-sh--w- c:\users\my_pc\.BackupManager
2010-08-02 23:39:14 0 d-sh--w- C:\.uuid
2010-08-02 23:39:14 0 d-----w- c:\users\my_pc\IOption
2010-08-02 14:00:41 0 d-----w- c:\users\my_pc\appdata\roaming\Research In Motion
2010-08-01 14:25:39 52 ----a-w- c:\windows\intuprof.ini
2010-08-01 14:25:39 1113 ----a-w- c:\windows\QUICKEN.INI
2010-08-01 14:25:10 1699913 ----a-w- c:\windows\syswow64\inetclnt.dll
2010-08-01 14:25:09 0 d-----w- c:\program files (x86)\common files\Intuit
2010-08-01 14:25:04 0 d-----w- c:\program files (x86)\Quicken
2010-08-01 14:00:04 31744 ----a-w- c:\windows\system32\drivers\RimSerial_AMD64.sys
2010-08-01 13:59:49 0 d-----w- c:\programdata\Research In Motion
2010-08-01 13:59:47 0 d-----w- c:\program files (x86)\Research In Motion
2010-08-01 13:59:47 0 d-----w- c:\program files (x86)\common files\Research In Motion
2010-08-01 13:58:50 376 ----a-w- c:\windows\ODBC.INI
2010-08-01 13:58:41 13 ----a-w- c:\windows\vbaddin.ini
2010-08-01 13:57:15 0 d-----w- c:\windows\Msagent
2010-08-01 13:43:57 0 d-----w- c:\program files (x86)\OpenOffice.org 3
2010-08-01 07:00:43 0 d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2010-07-31 14:09:17 0 d-sh--w- c:\users\my_pc\UserData
2010-07-31 13:47:17 0 dc-h--w- c:\programdata\{BD986C1B-72EC-4B82-B47B-6CAC4E6F494E}
2010-07-31 13:27:52 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-07-31 13:09:01 266776 ----a-w- c:\windows\system32\lvco12101110.dll
2010-07-31 13:07:25 0 d-----w- c:\programdata\LogiShrd
2010-07-31 13:07:21 0 d-----w- c:\program files\Logitech
2010-07-31 13:06:15 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-07-31 13:05:58 0 d-----w- c:\program files\common files\logishrd
2010-07-31 12:48:58 11304 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2010-07-31 04:07:07 0 d-----w- c:\programdata\STOPzilla!
2010-07-31 00:59:49 0 d-----w- c:\users\my_pc\appdata\roaming\Malwarebytes
2010-07-31 00:59:39 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 00:59:39 0 d-----w- c:\programdata\Malwarebytes
2010-07-31 00:59:39 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-29 11:53:11 0 ----a-w- c:\users\my_pc\appdata\roaming\wklnhst.dat
2010-07-29 11:05:07 0 d-----w- c:\users\my_pc\appdata\roaming\WildTangent
2010-07-29 11:02:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-07-29 02:11:54 69152 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-07-29 02:11:23 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-07-29 02:07:05 0 d-----w- c:\programdata\Lavasoft
2010-07-29 02:07:05 0 d-----w- c:\program files (x86)\Lavasoft
2010-07-29 02:02:37 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-29 02:02:37 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-07-29 02:02:08 0 d-----w- c:\users\my_pc\appdata\roaming\SUPERAntiSpyware.com
2010-07-29 02:02:08 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-29 02:01:58 0 d-----w- c:\programdata\!SASCORE
2010-07-29 02:01:54 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-29 01:52:43 0 d-sh--w- c:\users\my_pc\PrivacIE
2010-07-29 01:52:32 0 d-sh--w- c:\users\my_pc\IECompatCache
2010-07-29 01:21:57 0 d-----r- c:\program files (x86)\Norton Support
2010-07-28 12:57:13 69632 ----a-w- c:\windows\syswow64\C-itnt.dll
2010-07-28 12:57:13 61440 ----a-w- c:\windows\syswow64\camiodll.dll
2010-07-28 12:57:13 57344 ----a-w- c:\windows\syswow64\CamDsf.ax
2010-07-28 12:57:13 49152 ----a-w- c:\windows\syswow64\CamCapEx.dll
2010-07-28 12:57:13 278528 ----a-w- c:\windows\syswow64\camfc.dll
2010-07-28 12:57:12 40960 ------w- c:\windows\syswow64\PicEng.dll
2010-07-28 12:56:52 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-28 12:56:47 0 d-----w- C:\SETUP
2010-07-28 03:02:07 0 d-----w- c:\program files (x86)\common files\Symantec Shared
2010-07-28 01:58:48 0 d-----w- c:\program files (x86)\Polar
2010-07-28 01:58:30 0 d-----w- c:\windows\Downloaded Installations
2010-07-28 01:52:50 0 d-----w- c:\program files (x86)\Microsoft
2010-07-28 01:45:51 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-07-28 01:45:51 126312 ----a-w- c:\windows\system32\GEARAspi64.dll
2010-07-28 01:45:51 107368 ----a-w- c:\windows\syswow64\GEARAspi.dll
2010-07-28 01:45:44 0 d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-07-28 01:45:44 0 d-----w- c:\program files\iTunes
2010-07-28 01:45:44 0 d-----w- c:\program files\iPod
2010-07-28 01:45:44 0 d-----w- c:\program files (x86)\iTunes
2010-07-28 01:45:28 0 d-----w- c:\programdata\Apple Computer
2010-07-28 01:45:21 0 d-----w- c:\program files\common files\Apple
2010-07-28 01:45:10 0 d-----w- c:\program files\Bonjour
2010-07-28 01:45:10 0 d-----w- c:\program files (x86)\Bonjour
2010-07-28 01:45:06 0 d-----w- c:\programdata\Apple
2010-07-28 01:43:49 0 d-----w- c:\programdata\Skype
2010-07-28 01:43:49 0 d-----r- c:\program files (x86)\Skype
2010-07-28 01:43:28 0 d-----w- c:\program files\Defraggler
2010-07-28 01:43:25 0 d-----w- c:\program files (x86)\CCleaner
2010-07-28 01:31:49 31280 ----a-r- c:\windows\system32\drivers\SymIMV.sys
2010-07-28 01:31:46 855 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.INF
2010-07-28 01:31:46 7440 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.CAT
2010-07-28 01:31:46 172592 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2010-07-28 01:31:42 0 d-----w- c:\program files\Symantec
2010-07-28 01:31:42 0 d-----w- c:\program files\common files\Symantec Shared
2010-07-27 09:57:54 0 d-----w- c:\users\my_pc\Tracing
2010-07-27 07:17:14 0 d-----w- c:\windows\syswow64\Wat
2010-07-27 07:17:14 0 d-----w- c:\windows\system32\Wat
2010-07-27 07:15:08 0 d-sh--w- c:\users\my_pc\IETldCache
2010-07-27 04:13:23 311808 ----a-w- c:\windows\system32\msv1_0.dll
2010-07-27 04:13:23 257024 ----a-w- c:\windows\syswow64\msv1_0.dll
2010-07-27 04:11:00 0 d-----w- c:\program files (x86)\MSXML 4.0
2010-07-27 04:09:31 99176 ----a-w- c:\windows\syswow64\PresentationHostProxy.dll
2010-07-27 04:09:31 49472 ----a-w- c:\windows\syswow64\netfxperf.dll
2010-07-27 04:09:31 48960 ----a-w- c:\windows\system32\netfxperf.dll
2010-07-27 04:09:31 444752 ----a-w- c:\windows\system32\mscoree.dll
2010-07-27 04:09:31 320352 ----a-w- c:\windows\system32\PresentationHost.exe
2010-07-27 04:09:31 297808 ----a-w- c:\windows\syswow64\mscoree.dll
2010-07-27 04:09:31 295264 ----a-w- c:\windows\syswow64\PresentationHost.exe
2010-07-27 04:09:31 1942856 ----a-w- c:\windows\system32\dfshim.dll
2010-07-27 04:09:31 1130824 ----a-w- c:\windows\syswow64\dfshim.dll
2010-07-27 04:09:31 109912 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-07-27 03:58:57 465408 ----a-w- c:\windows\syswow64\psisdecd.dll
2010-07-27 03:55:14 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-17 15:12:58 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-07-17 15:12:58 3426072 ----a-w- c:\windows\syswow64\d3dx9_32.dll
2010-07-17 15:12:46 0 d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-07-17 15:11:47 0 d-----w- c:\program files (x86)\Windows Live SkyDrive
2010-07-17 15:10:34 0 d-----w- c:\program files (x86)\common files\Windows Live
2010-07-17 15:10:14 0 d-----w- c:\program files (x86)\Gateway Photo Frame
2010-07-17 15:07:59 0 d-----w- c:\programdata\ATI
2010-07-17 15:02:33 220672 ----a-w- c:\windows\system32\wintrust.dll
2010-07-17 15:02:33 172032 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-17 15:02:32 139264 ----a-w- c:\windows\system32\cabview.dll
2010-07-17 15:02:32 132608 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-17 15:01:58 0 d-----w- c:\program files (x86)\OEM
2010-07-17 14:51:40 540192 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-07-17 14:49:30 0 d-----w- c:\program files\ATI
2010-07-17 14:49:28 0 d-----w- c:\program files (x86)\ATI Technologies
2010-07-17 14:47:48 0 ----a-w- c:\windows\ativpsrm.bin

==================== Find3M ====================

2010-07-07 18:55:08 6465632 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2010-07-07 18:54:56 539232 ----a-w- c:\windows\syswow64\LVUI2RC.dll
2010-07-07 18:54:32 543328 ----a-w- c:\windows\syswow64\LVUI2.dll
2010-07-07 18:54:22 559712 ----a-w- c:\windows\system32\LVUIRC64.dll
2010-07-07 18:54:00 771168 ----a-w- c:\windows\system32\LVUI64.dll
2010-07-07 18:53:14 339040 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2010-07-07 18:50:40 269408 ----a-w- c:\windows\system32\lvco1301788.dll
2010-07-07 18:50:18 398432 ----a-w- c:\windows\system32\lvcod64.dll
2010-07-07 18:50:06 416352 ----a-w- c:\windows\syswow64\lvcodec2.dll
2010-07-07 18:44:56 102744 ----a-w- c:\windows\syswow64\LogiDPPApp.exe
2010-07-07 18:44:56 102744 ----a-w- c:\windows\system32\LogiDPPApp.exe
2010-07-07 18:44:30 10829656 ----a-w- c:\windows\syswow64\LogiDPP.dll
2010-07-07 18:44:30 10829656 ----a-w- c:\windows\system32\LogiDPP.dll
2010-07-07 18:44:20 290648 ----a-w- c:\windows\syswow64\DevManagerCore.dll
2010-07-07 18:44:20 290648 ----a-w- c:\windows\system32\DevManagerCore.dll
2010-07-07 18:37:08 266828 ----a-w- c:\windows\system32\drivers\LVAFT.cfg
2010-06-03 02:41:44 3600384 ----a-w- c:\windows\syswow64\GPhotos.scr
2010-05-27 07:24:13 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-27 06:34:09 46080 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 04:11:32 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\syswow64\atmfd.dll
2010-05-23 12:39:50 609735 ----a-w- c:\users\my_pc\attachments_2008_08_20.zip
2010-05-21 05:52:30 1192960 ----a-w- c:\windows\system32\wininet.dll
2010-05-21 05:18:06 977920 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-21 05:14:50 48128 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-19 19:48:12 144384 ----a-w- c:\windows\system32\cdd.dll
2010-05-18 20:55:18 95520 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 20:55:18 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2010-05-18 20:55:18 237856 ----a-w- c:\windows\system32\dnssdX.dll
2010-05-18 20:55:18 119584 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-18 20:35:16 91424 ----a-w- c:\windows\syswow64\dnssd.dll
2010-05-18 20:35:16 75040 ----a-w- c:\windows\syswow64\jdns_sd.dll
2010-05-18 20:35:16 197920 ----a-w- c:\windows\syswow64\dnssdX.dll
2010-05-18 20:35:16 107808 ----a-w- c:\windows\syswow64\dns-sd.exe
2010-05-14 21:58:46 269408 ----a-w- c:\windows\system32\lvco1301783.dll
2010-05-14 21:46:46 37518 ----a-w- c:\windows\system32\Repository.reg
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 05:37:38 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 05:37:38 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:54:24 174 --sha-w- c:\program files\desktop.ini
2009-07-14 04:54:24 174 --sha-w- c:\program files (x86)\desktop.ini
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 01:00:34 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 01:00:32 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 20:44:08 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:39:53 398848 --sha-w- c:\windows\winsxs\amd64_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_4d4d1f2f696639a2\WinMail.exe
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 19:04:56.94 ===============

Full Details are now attached as per forum rules.

Merged posts and moved to log forum. ~ OB

Attached Files


Edited by Orange Blossom, 13 August 2010 - 10:35 PM.
Move to AII as no logs posted and prep. guide not followed. ~ OB


BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:09:25 PM

Posted 16 August 2010 - 02:34 AM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 thcbytes

thcbytes

  • Malware Response Team
  • 14,790 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:25 PM

Posted 21 August 2010 - 10:56 AM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Proud member - Unified Network of Instructors and Trained Eliminators
Posted Image

I do not accept personal donations for assistance provided. I would ask that you instead consider donating the greatest gift - Organ Donation. Your organs are of no use to you when your gone. You will save a life that would otherwise be lost!

http://donatelife.net/register-now/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users