[Closed] IE Redirect

By SILNative
Jun 18, 2011
Topic Status:
Not open for further replies.
  1. Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6705

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    6/18/2011 1:21:50 PM
    mbam-log-2011-06-18 (13-21-50).txt

    Scan type: Quick scan
    Objects scanned: 164556
    Time elapsed: 1 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    ********
    No GMER information showed


    ********

    .
    DDS (Ver_2011-06-12.02) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by mmcgee at 13:17:16 on 2011-06-18
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.6136 [GMT -5:00]
    .
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
    C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [NetworkIndicator] C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
    mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.10.3 213.109.66.237 213.109.72.202 8.8.8.8 8.8.4.4
    TCP: Interfaces\{6F00833C-010D-4D7B-A211-E8E3D6C01C09} : DhcpNameServer = 192.168.10.3 213.109.66.237 213.109.72.202 8.8.8.8 8.8.4.4
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO-X64: HP Print Enhancer - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    BHO-X64: Constant Guard Protection Suite (COM) - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    BHO-X64: HP Smart BHO Class - No File
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll
    EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
    mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
    mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
    mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
    mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-6-16 1143416]
    R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110615.001\IDSviA64.sys [2011-6-15 488056]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [?]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
    R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-6-14 60488]
    R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-6-11 130008]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-6-11 136824]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
    S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2011-06-18 13:10:55 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-18 13:10:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-06-18 13:10:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-06-17 03:16:59 -------- d-----w- C:\Users\mmcgee\AppData\Local\temp
    2011-06-17 03:14:19 -------- d-----w- C:\$RECYCLE.BIN
    2011-06-15 19:39:16 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    2011-06-15 19:39:16 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-06-15 19:39:15 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-06-15 19:39:15 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-06-15 19:39:15 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-06-15 19:39:14 3135488 ----a-w- C:\Windows\System32\win32k.sys
    2011-06-15 19:39:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-06-15 19:39:10 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-06-15 19:39:10 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-06-15 19:39:02 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-06-15 19:39:02 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-06-15 19:38:59 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-06-15 19:38:59 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-06-12 13:32:21 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
    2011-06-11 21:30:21 -------- d-----w- C:\Users\mmcgee\AppData\Roaming\Malwarebytes
    2011-06-11 21:30:13 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-06-11 18:01:43 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
    2011-06-11 13:14:48 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-06-11 12:40:04 -------- d-----w- C:\Program Files (x86)\AMD APP
    2011-06-11 12:31:03 -------- d-----w- C:\ATI
    2011-06-11 12:16:51 912504 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symefa64.sys
    2011-06-11 12:16:51 744568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtsp64.sys
    2011-06-11 12:16:51 450680 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symds64.sys
    2011-06-11 12:16:51 40568 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\srtspx64.sys
    2011-06-11 12:16:51 382584 ----a-w- C:\Windows\System32\drivers\N360x64\0501000.01D\symnets.sys
    2011-06-11 12:16:51 171128 ----a-r- C:\Windows\System32\drivers\N360x64\0501000.01D\ironx64.sys
    2011-06-11 12:16:47 -------- d-----w- C:\Windows\System32\drivers\N360x64\0501000.01D
    2011-06-11 12:15:40 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
    2011-06-11 12:15:38 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
    2011-06-11 12:15:38 -------- d-----w- C:\Program Files\Symantec
    2011-06-11 12:15:38 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
    2011-06-11 12:15:21 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll
    2011-06-11 12:15:21 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
    2011-06-11 12:15:17 -------- d-----w- C:\Windows\System32\drivers\N360x64
    2011-06-11 12:15:16 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
    2011-06-11 12:15:02 -------- d-----w- C:\ProgramData\NortonInstaller
    2011-06-11 12:15:02 -------- d-----w- C:\Program Files (x86)\NortonInstaller
    2011-06-11 12:13:01 -------- d-----w- C:\ProgramData\Norton
    2011-06-11 12:07:19 -------- d-----w- C:\Users\mmcgee\AppData\Local\ID Vault
    2011-06-11 12:07:19 -------- d-----w- C:\ProgramData\IsolatedStorage
    2011-06-11 12:06:24 -------- d-----w- C:\Users\mmcgee\AppData\Roaming\ID Vault
    2011-06-11 12:06:04 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll
    2011-06-11 12:06:04 29288 ------w- C:\Windows\System32\drivers\gidv2.sys
    2011-06-11 12:06:03 461592 ------w- C:\Windows\System32\GIDHOOK64.DLL
    2011-06-11 12:06:03 444704 ------w- C:\Windows\System32\GIDHookLogon64.dll
    2011-06-11 12:06:03 205072 ------w- C:\Windows\System32\GIDBIN1.DLL
    2011-06-11 12:06:03 109064 ------w- C:\Windows\System32\EasyHook64.dll
    2011-06-11 12:06:03 100624 ------w- C:\Windows\System32\GIDBIN3.DLL
    2011-06-11 12:05:55 -------- d-----w- C:\ProgramData\GID
    2011-06-11 12:05:54 -------- d-----w- C:\Program Files (x86)\SFT
    2011-06-11 12:05:34 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
    2011-06-11 12:05:20 -------- d-----w- C:\ProgramData\White Sky, Inc
    2011-06-11 11:07:19 -------- d-----w- C:\Program Files (x86)\Foxit Software
    2011-06-11 11:05:26 -------- d-----w- C:\Windows\System32\appmgmt
    2011-06-11 05:48:09 -------- d-----w- C:\Windows\System32\SPReview
    2011-06-11 05:48:03 -------- d-----w- C:\Windows\System32\EventProviders
    2011-06-11 05:46:15 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
    2011-06-11 05:46:15 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
    2011-06-11 05:46:15 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
    2011-06-11 05:46:15 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
    2011-06-11 05:43:59 9728 ----a-w- C:\Windows\System32\spwmp.dll
    2011-06-11 05:42:33 902656 ----a-w- C:\Windows\System32\d2d1.dll
    2011-06-11 05:42:33 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
    2011-06-11 05:42:33 1544192 ----a-w- C:\Windows\System32\DWrite.dll
    2011-06-11 05:42:33 1139200 ----a-w- C:\Windows\System32\FntCache.dll
    2011-06-11 05:42:32 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
    2011-06-11 05:22:35 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 05:05:25 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-06-11 05:05:25 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-06-11 05:05:16 2871808 ----a-w- C:\Windows\explorer.exe
    2011-06-11 05:05:16 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-06-11 05:05:10 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
    2011-06-11 05:05:10 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
    2011-06-11 05:05:08 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2011-06-11 05:05:07 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2011-06-11 05:05:07 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2011-06-11 05:03:38 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2011-06-11 05:03:38 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    .
    ==================== Find3M ====================
    .
    2011-06-11 06:00:16 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-06-11 06:00:16 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-05-05 06:28:10 59904 ----a-w- C:\Windows\SysWow64\OVDecode.dll
    2011-05-05 06:27:42 12385280 ----a-w- C:\Windows\SysWow64\amdocl.dll
    2011-04-23 01:29:25 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-04-23 01:19:19 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-04-22 23:35:56 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-04-22 23:25:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-04-22 22:15:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-04-20 03:10:34 61952 ----a-w- C:\Windows\System32\OVDecode64.dll
    2011-04-20 03:10:14 16116224 ----a-w- C:\Windows\System32\amdocl64.dll
    2011-04-20 02:44:48 9319936 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
    2011-04-20 02:30:16 22900736 ----a-w- C:\Windows\System32\atio6axx.dll
    2011-04-20 02:09:18 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
    2011-04-20 02:09:04 676864 ----a-w- C:\Windows\SysWow64\aticfx32.dll
    2011-04-20 02:07:46 795648 ----a-w- C:\Windows\System32\aticfx64.dll
    2011-04-20 02:07:02 17693184 ----a-w- C:\Windows\SysWow64\atioglxx.dll
    2011-04-20 02:05:08 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
    2011-04-20 02:04:54 480256 ----a-w- C:\Windows\System32\atieclxx.exe
    2011-04-20 02:04:18 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
    2011-04-20 02:03:04 120320 ----a-w- C:\Windows\System32\atitmm64.dll
    2011-04-20 02:02:48 423424 ----a-w- C:\Windows\System32\atipdl64.dll
    2011-04-20 02:02:42 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
    2011-04-20 02:02:30 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
    2011-04-20 02:02:24 16384 ----a-w- C:\Windows\System32\atimuixx.dll
    2011-04-20 02:02:20 59392 ----a-w- C:\Windows\System32\atiedu64.dll
    2011-04-20 02:02:16 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
    2011-04-20 01:59:20 4161536 ----a-w- C:\Windows\SysWow64\atidxx32.dll
    2011-04-20 01:49:30 4951552 ----a-w- C:\Windows\System32\atidxx64.dll
    2011-04-20 01:46:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
    2011-04-20 01:46:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
    2011-04-20 01:46:04 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
    2011-04-20 01:46:02 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
    2011-04-20 01:45:52 7768064 ----a-w- C:\Windows\System32\aticaldd64.dll
    2011-04-20 01:42:04 6389760 ----a-w- C:\Windows\SysWow64\aticaldd.dll
    2011-04-20 01:40:48 1222656 ----a-w- C:\Windows\System32\atiumd6v.dll
    2011-04-20 01:40:14 1923584 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
    2011-04-20 01:40:02 3868672 ----a-w- C:\Windows\System32\atiumd6a.dll
    2011-04-20 01:38:04 4286464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
    2011-04-20 01:31:12 5440000 ----a-w- C:\Windows\System32\atiumd64.dll
    2011-04-20 01:30:36 4056576 ----a-w- C:\Windows\SysWow64\atiumdva.dll
    2011-04-20 01:27:00 58880 ----a-w- C:\Windows\System32\coinst.dll
    2011-04-20 01:23:12 366080 ----a-w- C:\Windows\System32\atiadlxx.dll
    2011-04-20 01:23:06 262144 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
    2011-04-20 01:22:54 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
    2011-04-20 01:22:52 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
    2011-04-20 01:22:52 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
    2011-04-20 01:22:48 39936 ----a-w- C:\Windows\System32\atig6txx.dll
    2011-04-20 01:22:40 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
    2011-04-20 01:22:32 306176 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
    2011-04-20 01:21:44 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
    2011-04-20 01:21:38 31232 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
    2011-04-20 01:21:32 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
    2011-04-20 01:21:24 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
    2011-04-20 01:20:50 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
    2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\atimpc64.dll
    2011-04-20 01:13:36 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
    2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
    2011-04-20 01:13:28 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
    2011-03-22 00:56:10 53760 ----a-w- C:\Windows\System32\OpenCL.dll
    2011-03-22 00:56:06 51712 ----a-w- C:\Windows\SysWow64\OpenCL.dll
    2011-03-21 18:22:06 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll
    2011-03-21 18:22:06 452200 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys
    .
    ============= FINISH: 13:17:29.09 ===============

    *********
    Attach.txt

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-06-12.02)
    .
    Microsoft Windows 7 Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/10/2010 2:55:31 PM
    System Uptime: 6/18/2011 8:34:04 AM (5 hours ago)
    .
    Motherboard: ASUSTeK Computer INC. | | P7P55D-E
    Processor: Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz | LGA1156 | 2934/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 932 GiB total, 880.601 GiB free.
    D: is FIXED (NTFS) - 932 GiB total, 694.363 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
    Description: Photosmart Premium C309g-m
    Device ID: ROOT\MULTIFUNCTION\0000
    Manufacturer: HP
    Name: Photosmart Premium C309g-m
    PNP Device ID: ROOT\MULTIFUNCTION\0000
    Service:
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Shockwave Player 11.5
    AnswerWorks 5.0 English Runtime
    BufferChm
    C309g-m
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    ccc-core-static
    CCC Help English
    Constant Guard Protection Suite
    Coupon Printer for Windows
    D3DX10
    Destinations
    DeviceDiscovery
    Foxit Reader 5.0
    GPBaseService2
    GuardedID
    HP Update
    HPPhotoGadget
    HPProductAssistant
    Java Auto Updater
    Java(TM) 6 Update 26
    JMicron JMB36X Driver
    Junk Mail filter update
    Malwarebytes' Anti-Malware version 1.51.0.1200
    MarketResearch
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Project 2007 Service Pack 2 (SP2)
    Microsoft Office Project MUI (English) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Network Activity Indicator for Windows 7
    Norton Security Suite
    Platform
    PS_AIO_06_C309g-m_SW_Min
    Quicken 2010
    QuickTransfer
    Renesas Electronics USB 3.0 Host Controller Driver
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    SmartWebPrinting
    SolutionCenter
    Status
    Toolbox
    TrayApp
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Project 2007 Help (KB963668)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2536413)
    VIA Platform Device Manager
    VLC media player 1.1.10
    WebReg
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    WinZip
    .
    ==== End Of File ===========================
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! Is it safe to assume that your 2 words mean that when you do a search and choose a site that you are taken to a different site instead? Keep in mine that the more information I have from you, the better I can help.

    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • Please tell me if any problems get resolved or if any new problems begin.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Reminder to be patient
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Questions & Comments:
    1. Your security shows as having the Norton Security Suite on the system. Very recently Comcast came out with the [b[Constant Guard Protection Suite[/b] which is also on the system. You should check to see if there is any conflict between these two.

    2. I have some concern about some of the IPs:
    Are you in Russia?
    =================================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    =======================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    ==========================================
    Note: any additional information about what is happening would be appreciated..
  3. SILNative

    SILNative Newcomer, in training Topic Starter

    Thank you for your help.

    The 213.109.66.237 213.109.72.202 address were at one time DNS servers for Comcast. I have since updated my DHCP server to the current ones.

    I don't believe the Constant Guard and the Norton Suite are conflicting with each other. The CG seems to be more of a secure web portal with sites you add to the list.

    You are correct in the re-direction. I have had multiple AV programs and anti malware programs on here and none of them have been able to find or solve this redirection problem. I have also run rootkit scans but they have found nothing either.

    **************
    ESET found nothing

    ***************
    Here is the Combofix log.

    ComboFix 11-06-17.04 - mmcgee 06/18/2011 16:22:27.5.8 - x64
    Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8190.5841 [GMT -5:00]
    Running from: c:\users\mmcgee\Desktop\ComboFix.exe
    AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-18 to 2011-06-18 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-18 13:10 . 2011-05-29 14:11 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
    2011-06-18 13:10 . 2011-06-18 13:10 -------- d-----w- c:\programdata\Malwarebytes
    2011-06-18 13:10 . 2011-06-18 13:10 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-06-15 19:39 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2011-06-15 19:39 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
    2011-06-15 19:39 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2011-06-15 19:39 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2011-06-15 19:39 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2011-06-15 19:39 . 2011-05-28 03:06 3135488 ----a-w- c:\windows\system32\win32k.sys
    2011-06-15 19:39 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
    2011-06-15 19:39 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
    2011-06-15 19:39 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2011-06-15 19:39 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-06-15 19:39 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-06-15 19:38 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
    2011-06-15 19:38 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
    2011-06-12 13:32 . 2011-06-17 03:07 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
    2011-06-12 00:41 . 2011-06-12 03:38 -------- d-----w- c:\users\mmcgee\AppData\Roaming\vlc
    2011-06-11 21:30 . 2011-06-11 21:30 -------- d-----w- c:\users\mmcgee\AppData\Roaming\Malwarebytes
    2011-06-11 21:30 . 2011-05-29 14:11 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-06-11 18:01 . 2011-06-11 18:01 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
    2011-06-11 13:15 . 2011-06-11 13:15 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-06-11 13:14 . 2011-06-11 13:14 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-06-11 13:14 . 2011-06-11 13:14 -------- d-----w- c:\program files (x86)\Java
    2011-06-11 12:40 . 2011-06-11 12:40 -------- d-----w- c:\program files (x86)\AMD APP
    2011-06-11 12:31 . 2011-06-11 12:31 -------- d-----w- C:\ATI
    2011-06-11 12:15 . 2010-08-21 04:59 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2011-06-11 12:15 . 2011-06-11 12:16 -------- d-----w- c:\program files\Symantec
    2011-06-11 12:15 . 2011-06-11 12:16 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
    2011-06-11 12:15 . 2011-06-11 12:15 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-06-11 12:15 . 2010-08-21 04:59 125872 ----a-w- c:\windows\system32\GEARAspi64.dll
    2011-06-11 12:15 . 2010-08-21 04:59 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll
    2011-06-11 12:15 . 2011-06-11 12:19 -------- d-----w- c:\windows\system32\drivers\N360x64
    2011-06-11 12:15 . 2011-06-11 12:15 -------- d-----w- c:\program files (x86)\Norton Security Suite
    2011-06-11 12:15 . 2011-06-11 12:15 -------- d-----w- c:\program files (x86)\NortonInstaller
    2011-06-11 12:13 . 2011-06-11 12:15 -------- d-----w- c:\programdata\Norton
    2011-06-11 12:07 . 2011-06-11 12:07 -------- d-----w- c:\users\mmcgee\AppData\Local\ID Vault
    2011-06-11 12:07 . 2011-06-11 12:07 -------- d-----w- c:\programdata\IsolatedStorage
    2011-06-11 12:06 . 2011-06-11 12:11 -------- d-----w- c:\users\mmcgee\AppData\Roaming\ID Vault
    2011-06-11 12:06 . 2011-03-04 00:04 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
    2011-06-11 12:06 . 2011-03-03 23:57 29288 ------w- c:\windows\system32\drivers\gidv2.sys
    2011-06-11 12:06 . 2011-03-04 00:03 461592 ------w- c:\windows\system32\GIDHOOK64.DLL
    2011-06-11 12:06 . 2011-03-04 00:03 444704 ------w- c:\windows\system32\GIDHookLogon64.dll
    2011-06-11 12:06 . 2011-03-04 00:02 100624 ------w- c:\windows\system32\GIDBIN3.DLL
    2011-06-11 12:06 . 2011-03-04 00:01 205072 ------w- c:\windows\system32\GIDBIN1.DLL
    2011-06-11 12:06 . 2009-06-12 20:32 109064 ------w- c:\windows\system32\EasyHook64.dll
    2011-06-11 12:05 . 2011-06-11 12:06 -------- d-----w- c:\programdata\GID
    2011-06-11 12:05 . 2011-06-11 12:05 -------- d-----w- c:\program files (x86)\SFT
    2011-06-11 12:05 . 2011-06-17 03:13 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
    2011-06-11 12:05 . 2011-06-11 12:05 -------- d-----w- c:\programdata\White Sky, Inc
    2011-06-11 11:07 . 2011-06-11 11:07 -------- d-----w- c:\program files (x86)\Foxit Software
    2011-06-11 11:05 . 2011-06-11 11:05 -------- d-----w- c:\windows\system32\appmgmt
    2011-06-11 05:48 . 2011-06-11 05:48 -------- d-----w- c:\windows\system32\SPReview
    2011-06-11 05:48 . 2011-06-11 05:48 -------- d-----w- c:\windows\system32\EventProviders
    2011-06-11 05:46 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
    2011-06-11 05:46 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
    2011-06-11 05:46 . 2010-11-20 13:26 321024 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-06-11 05:46 . 2010-11-20 12:18 219136 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
    2011-06-11 05:44 . 2010-11-20 13:27 695808 ----a-w- c:\windows\system32\wuapi.dll
    2011-06-11 05:43 . 2010-11-20 13:27 10752 ----a-w- c:\windows\system32\riched32.dll
    2011-06-11 05:42 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
    2011-06-11 05:42 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
    2011-06-11 05:42 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
    2011-06-11 05:42 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
    2011-06-11 05:42 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
    2011-06-11 05:22 . 2011-06-12 21:49 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-06-11 05:05 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
    2011-06-11 05:05 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
    2011-06-11 05:05 . 2011-02-25 06:19 2871808 ----a-w- c:\windows\explorer.exe
    2011-06-11 05:05 . 2011-02-25 05:30 2616320 ----a-w- c:\windows\SysWow64\explorer.exe
    2011-06-11 05:05 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-06-11 05:05 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
    2011-06-11 05:05 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
    2011-06-11 05:05 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2011-06-11 05:05 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2011-06-11 05:03 . 2010-12-17 11:40 715776 ----a-w- c:\windows\system32\kerberos.dll
    2011-06-11 05:03 . 2010-12-17 07:07 542208 ----a-w- c:\windows\SysWow64\kerberos.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-06-11 06:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-06-11 06:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-06-11 04:43 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-05-05 06:28 . 2011-05-05 06:28 59904 ----a-w- c:\windows\SysWow64\OVDecode.dll
    2011-05-05 06:27 . 2011-05-05 06:27 12385280 ----a-w- c:\windows\SysWow64\amdocl.dll
    2011-04-20 03:10 . 2011-04-20 03:10 61952 ----a-w- c:\windows\system32\OVDecode64.dll
    2011-04-20 03:10 . 2011-04-20 03:10 16116224 ----a-w- c:\windows\system32\amdocl64.dll
    2011-04-20 02:44 . 2011-04-20 02:44 9319936 ----a-w- c:\windows\system32\drivers\atikmdag.sys
    2011-04-20 02:30 . 2011-04-20 02:30 22900736 ----a-w- c:\windows\system32\atio6axx.dll
    2011-04-20 02:09 . 2011-04-20 02:09 151552 ----a-w- c:\windows\system32\atiapfxx.exe
    2011-04-20 02:09 . 2011-04-20 07:09 676864 ----a-w- c:\windows\SysWow64\aticfx32.dll
    2011-04-20 02:07 . 2010-10-27 08:54 795648 ----a-w- c:\windows\system32\aticfx64.dll
    2011-04-20 02:07 . 2011-04-20 02:07 17693184 ----a-w- c:\windows\SysWow64\atioglxx.dll
    2011-04-20 02:05 . 2011-04-20 02:05 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
    2011-04-20 02:04 . 2011-04-20 02:04 480256 ----a-w- c:\windows\system32\atieclxx.exe
    2011-04-20 02:04 . 2011-04-20 02:04 203776 ----a-w- c:\windows\system32\atiesrxx.exe
    2011-04-20 02:03 . 2011-04-20 02:03 120320 ----a-w- c:\windows\system32\atitmm64.dll
    2011-04-20 02:02 . 2011-04-20 02:02 423424 ----a-w- c:\windows\system32\atipdl64.dll
    2011-04-20 02:02 . 2011-04-20 02:02 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
    2011-04-20 02:02 . 2011-04-20 02:02 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
    2011-04-20 02:02 . 2011-04-20 02:02 16384 ----a-w- c:\windows\system32\atimuixx.dll
    2011-04-20 02:02 . 2011-04-20 02:02 59392 ----a-w- c:\windows\system32\atiedu64.dll
    2011-04-20 02:02 . 2011-04-20 02:02 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
    2011-04-20 01:59 . 2011-04-20 01:59 4161536 ----a-w- c:\windows\SysWow64\atidxx32.dll
    2011-04-20 01:49 . 2010-10-27 08:38 4951552 ----a-w- c:\windows\system32\atidxx64.dll
    2011-04-20 01:46 . 2011-04-20 01:46 51200 ----a-w- c:\windows\system32\aticalrt64.dll
    2011-04-20 01:46 . 2011-04-20 01:46 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
    2011-04-20 01:46 . 2011-04-20 01:46 44544 ----a-w- c:\windows\system32\aticalcl64.dll
    2011-04-20 01:46 . 2011-04-20 01:46 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
    2011-04-20 01:45 . 2011-04-20 01:45 7768064 ----a-w- c:\windows\system32\aticaldd64.dll
    2011-04-20 01:42 . 2011-04-20 01:42 6389760 ----a-w- c:\windows\SysWow64\aticaldd.dll
    2011-04-20 01:40 . 2011-04-20 01:40 1222656 ----a-w- c:\windows\system32\atiumd6v.dll
    2011-04-20 01:40 . 2011-04-20 01:40 1923584 ----a-w- c:\windows\SysWow64\atiumdmv.dll
    2011-04-20 01:40 . 2011-04-20 01:40 3868672 ----a-w- c:\windows\system32\atiumd6a.dll
    2011-04-20 01:38 . 2011-04-20 06:38 4286464 ----a-w- c:\windows\SysWow64\atiumdag.dll
    2011-04-20 01:31 . 2011-04-20 01:31 5440000 ----a-w- c:\windows\system32\atiumd64.dll
    2011-04-20 01:30 . 2011-04-20 06:30 4056576 ----a-w- c:\windows\SysWow64\atiumdva.dll
    2011-04-20 01:27 . 2010-10-27 08:15 58880 ----a-w- c:\windows\system32\coinst.dll
    2011-04-20 01:23 . 2011-04-20 01:23 366080 ----a-w- c:\windows\system32\atiadlxx.dll
    2011-04-20 01:23 . 2011-04-20 01:23 262144 ----a-w- c:\windows\SysWow64\atiadlxy.dll
    2011-04-20 01:22 . 2011-04-20 01:22 14848 ----a-w- c:\windows\system32\atig6pxx.dll
    2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
    2011-04-20 01:22 . 2011-04-20 01:22 12800 ----a-w- c:\windows\system32\atiglpxx.dll
    2011-04-20 01:22 . 2011-04-20 01:22 39936 ----a-w- c:\windows\system32\atig6txx.dll
    2011-04-20 01:22 . 2011-04-20 01:22 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
    2011-04-20 01:22 . 2011-04-20 01:22 306176 ----a-w- c:\windows\system32\drivers\atikmpag.sys
    2011-04-20 01:21 . 2011-04-20 01:21 40960 ----a-w- c:\windows\system32\atiuxp64.dll
    2011-04-20 01:21 . 2011-04-20 01:21 31232 ----a-w- c:\windows\SysWow64\atiuxpag.dll
    2011-04-20 01:21 . 2011-04-20 01:21 38912 ----a-w- c:\windows\system32\atiu9p64.dll
    2011-04-20 01:21 . 2011-04-20 01:21 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
    2011-04-20 01:20 . 2011-04-20 01:20 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
    2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\atimpc64.dll
    2011-04-20 01:13 . 2011-04-20 01:13 53760 ----a-w- c:\windows\system32\amdpcom64.dll
    2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
    2011-04-20 01:13 . 2011-04-20 01:13 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
    2011-03-22 00:56 . 2011-03-22 00:56 53760 ----a-w- c:\windows\system32\OpenCL.dll
    2011-03-22 00:56 . 2011-03-22 00:56 51712 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-03-21 18:22 . 2011-03-21 18:22 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
    2011-03-21 18:22 . 2011-03-21 18:22 452200 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]
    2011-06-02 19:07 99912 ----a-w- c:\program files (x86)\Constant Guard Protection Suite\NativeBHO.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NetworkIndicator"="c:\program files (x86)\NetworkIndicator\NetworkIndicator.exe" [2010-10-26 344064]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2009-10-19 36864]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
    "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-03 2472048]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2009-11-18 54576]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]
    "GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-03-04 393992]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-6-14 3231816]
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 BlackBox;BlackBox SR2; [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]
    S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110616.003\BHDrvx64.sys [2011-05-19 1143416]
    S1 GIDv2;GIDv2; [x]
    S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110615.001\IDSvia64.sys [2011-06-03 488056]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]
    S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMNETS.SYS [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-06-14 60488]
    S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-06-10 136824]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
    2011-03-04 00:04 433416 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
    .
    .
    --------- x86-64 -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.10.3 68.87.72.134 68.87.77.134 8.8.8.8 8.8.4.4
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
    "ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-06-18 16:29:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-06-18 21:29
    .
    Pre-Run: 945,374,420,992 bytes free
    Post-Run: 945,289,617,408 bytes free
    .
    - - End Of File - - 08CABBCF00CB5C5118A9CD1F39B7E0F2
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    I am wondering then why these entries are in the log:

    TCP: DhcpNameServer = 192.168.10.3 213.109.66.237 213.109.72.202 8.8.8.8 8.8.4.4
    TCP: Interfaces\{6F00833C-010D-4D7B-A211-E8E3D6C01C09} : DhcpNameServer = 192.168.10.3 213.109.66.237 213.109.72.202 8.8.8.8 8.8.4.4

    So Comcast is an ISP in Russia?

    =====================================
    This would be a work computer?

    GID> Group Identifier? Purpose? Work? GuardedID- keystroke encryption? GuardedID keystroke encryption and anti–keylogging software:
  5. SILNative

    SILNative Newcomer, in training Topic Starter

    No it is not a work computer.

    Those entries are DNS servers when this machine gets it's ip address from my DHCP server. The first one is my local DNS server the other 2, that have now been changed, are to Comcast, My ISP and the last pair are public DNS servers in case the first 3 dont respond.

    The Key logging and Key Guard are part of the Constant Guard protection. If I type a password that is for a site protected by CG and it is not a CG site it will warn me I am sending a protected password to a CG unprotected site.
  6. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please observe:
    Your security was all enabled when Combofix was run. This can affect the scan.
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated
    FW: McAfee Firewall *Enabled
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated*
    ================================
    I have a few entries for you to remove, but I am hard pressed to find malware.

    Please give me a more detailed description of the redirect. All browsers being redirected? Is redirect happening from site you choose bu don't get? What types of domains on on the redirects?
  7. SILNative

    SILNative Newcomer, in training Topic Starter

    I respect the amount of effort and time you and the rest of the fellow help crew put in, and have seen some excellent outcomes.

    However seeing that your reply was probably meant for someone else, I obtained help elsewhere.

    Please consider this request closed.
  8. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    The reply was based on the entries I found in your logs.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.