Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

Please help infected with "ib.adnxs.com"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

Please help infected with "ib.adnxs.com"

Unread postby doogs695 » August 27th, 2012, 11:14 am

I keep getting various pop ups while in IE. They are for different products but all share this address "ib.adnxs.com". I have run Malwarebytes, Norton Security Suite, Norton Power Eraser and Norton Bootable recovery Tool and I still have the issue.

I want to thank you guys in advance for any help you might be able to provide in fixxing this issue.
Kevin

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Doogs at 10:57:04 on 2012-08-27
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2064 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://att.net/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.google.com
uURLSearchHooks: H - No File
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO: VideoFileDownload: {625f420e-a4a9-4b40-bc23-716c1c43893a} - C:\Program Files (x86)\OApps\bho.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\2375942554037383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\34C6162796F6E6 : DhcpNameServer = 10.10.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\47D6F62696C656 : DhcpNameServer = 66.94.9.120 66.94.25.120
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F627371353 : DhcpNameServer = 216.199.0.132 216.199.46.11
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F6273773 : DhcpNameServer = 216.199.0.132 216.199.46.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: VideoFileDownload: {625F420E-A4A9-4B40-BC23-716C1C43893A} - C:\Program Files (x86)\OApps\bho.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO-X64: DefaultTabBHO - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB-X64: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [2012-8-21 1385120]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120824.001\IDSviA64.sys [2012-8-24 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 accoca;ActivClient Middleware Service;C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-7-6 188456]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-1-7 868896]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-3 66160]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-23 138272]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-17 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-27 12:58:25 -------- d-----w- C:\Users\Doogs\.smplayer
2012-08-27 06:44:05 -------- d-----w- C:\NBRT
2012-08-27 01:50:19 -------- d-----w- C:\Users\Doogs\AppData\Local\NPE
2012-08-27 01:45:10 -------- d-----w- C:\Users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53:23 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-25 00:53:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-25 00:53:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-25 00:17:13 -------- d-----w- C:\extensions
2012-08-25 00:16:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-08-23 20:08:56 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03:38 9309624 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-08-23 20:03:35 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-23 17:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-23 17:34:06 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:17:21 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-23 17:17:20 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-23 17:17:20 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-23 17:17:20 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-23 17:17:20 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-23 17:17:20 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-23 17:17:20 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-23 17:16:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
2012-08-23 17:12:36 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Symantec
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-23 17:11:31 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-08-23 17:11:29 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-08-23 17:11:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-23 16:36:55 -------- d-----w- C:\Users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-08-23 16:35:06 -------- d-----w- C:\Users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34:37 29288 ------w- C:\Windows\System32\drivers\gidv2.sys
2012-08-23 16:34:21 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll
2012-08-23 16:34:21 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL
2012-08-23 16:34:21 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll
2012-08-23 16:34:21 109064 ------w- C:\Windows\System32\EasyHook64.dll
2012-08-23 16:34:20 206608 ------w- C:\Windows\System32\GIDBIN1.DLL
2012-08-23 16:34:20 102160 ------w- C:\Windows\System32\GIDBIN3.DLL
2012-08-23 16:34:06 -------- d-----w- C:\ProgramData\GID
2012-08-23 16:34:02 -------- d-----w- C:\Program Files (x86)\SFT
2012-08-23 16:33:27 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-08-23 16:33:01 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-08-07 22:32:31 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-07 22:31:42 -------- d-----w- C:\6921b639b95d1e44ce9a
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec
2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:25:51 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:37:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 10:58:38.41 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2011 1:44:15 AM
System Uptime: 8/27/2012 8:55:26 AM (2 hours ago)
.
Motherboard: Gateway | | SJV52_DN
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | Socket S1G4 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 1.059 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP117: 8/24/2012 11:22:20 PM - Removed Google Talk Plugin
.
==== Installed Programs ======================
.
Acrobat.com
ActivClient CAC 6.1 x86
Adobe AIR
Adobe Reader 9.4.5 MUI
Advertising Center
Apple Application Support
Apple Software Update
Backup Manager Basic
BitTorrent
BitTorrentBar Toolbar
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBR Reader
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink PowerDVD 9
D3DX10
DBsign Web Signer
Diablo III
DVDFab 8.0.8.5 (19/03/2011)
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Earth Plug-in
Google Update Helper
GuardedID
Identity Card
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Security Suite
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
System Requirements Lab CYRI
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
Video Web Camera
vShare.tv plugin 1.2
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/26/2012 7:40:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/26/2012 7:40:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/26/2012 7:40:51 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2012 3:07:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/25/2012 12:56:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/25/2012 12:54:30 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/23/2012 4:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.133.47.0).
8/23/2012 4:00:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KEVINM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0624C947-A454-4511-9D13-E61BF7223884}. The master browser is stopping or an election is being forced.
8/23/2012 12:44:31 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.4 did not allow the name to be claimed by this computer.
8/23/2012 12:35:33 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/23/2012 12:20:21 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.5 did not allow the name to be claimed by this computer.
8/23/2012 10:51:55 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
8/23/2012 1:32:35 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-HomeGroup Provider Service/Operational.
8/21/2012 1:56:58 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.66. The computer with the IP address 192.168.1.72 did not allow the name to be claimed by this computer.
.
==== End Of File ===========================
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top
Advertisement
Register to Remove

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » August 29th, 2012, 11:30 am

Hi

Remove P2P software
While looking over your log, I have noticed the following Peer-to-Peer filesharing programs are present on your computer:

BitTorrent and its toolbar

These programs are the #1 source of infected systems. Although the software itself can be clean, the files you download are often infected with malware. Because of this, we do not allow P2P software present on machines we're cleaning anymore..

This means you must remove the above Peer-to-Peer filesharing programs and any others present on your machine. For an fully explanation of our policy, please read the following P2P Program Policy.

Uninstall those and post fresh dds logs when ready.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » August 29th, 2012, 5:30 pm

Ok it is removed.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Doogs at 17:16:04 on 2012-08-29
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2029 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files (x86)\SFT\GuardedID\x64\GIDD.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
c:\program files (x86)\real\realplayer\RealPlay.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://att.net/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mStart Page = hxxp://www.google.com
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO: VideoFileDownload: {625f420e-a4a9-4b40-bc23-716c1c43893a} - C:\Program Files (x86)\OApps\bho.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe -update activex
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [<NO NAME>]
mRun: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\2375942554037383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\34C6162796F6E6 : DhcpNameServer = 10.10.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\47D6F62696C656 : DhcpNameServer = 66.94.9.120 66.94.25.120
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F627371353 : DhcpNameServer = 216.199.0.132 216.199.46.11
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F6273773 : DhcpNameServer = 216.199.0.132 216.199.46.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: VideoFileDownload: {625F420E-A4A9-4B40-BC23-716C1C43893A} - C:\Program Files (x86)\OApps\bho.dll
BHO-X64: BHO_PROJECT - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO-X64: DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
TB-X64: {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [(Default)]
mRun-x64: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.005\BHDrvx64.sys [2012-8-21 1385120]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120828.001\IDSviA64.sys [2012-8-28 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 accoca;ActivClient Middleware Service;C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-7-6 188456]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-1-7 868896]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-3 66160]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-23 138272]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-17 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-27 12:58:25 -------- d-----w- C:\Users\Doogs\.smplayer
2012-08-27 06:44:05 -------- d-----w- C:\NBRT
2012-08-27 01:50:19 -------- d-----w- C:\Users\Doogs\AppData\Local\NPE
2012-08-27 01:45:10 -------- d-----w- C:\Users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53:23 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-25 00:53:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-25 00:53:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-25 00:17:13 -------- d-----w- C:\extensions
2012-08-25 00:16:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-08-23 20:08:56 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03:38 9309624 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-08-23 20:03:35 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-23 17:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-23 17:34:06 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:17:21 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-23 17:17:20 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-23 17:17:20 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-23 17:17:20 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-23 17:17:20 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-23 17:17:20 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-23 17:17:20 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-23 17:16:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
2012-08-23 17:12:36 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Symantec
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-23 17:11:31 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-08-23 17:11:29 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-08-23 17:11:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-23 16:36:55 -------- d-----w- C:\Users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-08-23 16:35:06 -------- d-----w- C:\Users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34:37 29288 ------w- C:\Windows\System32\drivers\gidv2.sys
2012-08-23 16:34:21 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll
2012-08-23 16:34:21 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL
2012-08-23 16:34:21 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll
2012-08-23 16:34:21 109064 ------w- C:\Windows\System32\EasyHook64.dll
2012-08-23 16:34:20 206608 ------w- C:\Windows\System32\GIDBIN1.DLL
2012-08-23 16:34:20 102160 ------w- C:\Windows\System32\GIDBIN3.DLL
2012-08-23 16:34:06 -------- d-----w- C:\ProgramData\GID
2012-08-23 16:34:02 -------- d-----w- C:\Program Files (x86)\SFT
2012-08-23 16:33:27 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-08-23 16:33:01 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-08-07 22:32:31 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-07 22:31:42 -------- d-----w- C:\6921b639b95d1e44ce9a
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec
2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:25:51 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:37:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 17:17:26.26 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2011 1:44:15 AM
System Uptime: 8/28/2012 6:08:28 AM (35 hours ago)
.
Motherboard: Gateway | | SJV52_DN
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | Socket S1G4 | 1785/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 1.931 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
ActivClient CAC 6.1 x86
Adobe AIR
Adobe Reader 9.4.5 MUI
Advertising Center
Apple Application Support
Apple Software Update
Backup Manager Basic
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBR Reader
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink PowerDVD 9
D3DX10
DBsign Web Signer
Diablo III
DVDFab 8.0.8.5 (19/03/2011)
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Earth Plug-in
Google Update Helper
GuardedID
Identity Card
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Security Suite
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
System Requirements Lab CYRI
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
Video Web Camera
vShare.tv plugin 1.2
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/28/2012 1:22:18 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
8/27/2012 11:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Doogs-pc\Doogs SID (S-1-5-21-3395922177-2533720202-2998458525-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/26/2012 7:40:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/26/2012 7:40:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/26/2012 7:40:51 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2012 3:07:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/25/2012 12:56:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/25/2012 12:54:30 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/23/2012 4:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.133.47.0).
8/23/2012 4:00:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KEVINM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0624C947-A454-4511-9D13-E61BF7223884}. The master browser is stopping or an election is being forced.
8/23/2012 12:44:31 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.4 did not allow the name to be claimed by this computer.
8/23/2012 12:35:33 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/23/2012 12:20:21 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.5 did not allow the name to be claimed by this computer.
8/23/2012 10:51:55 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
8/23/2012 1:32:35 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-HomeGroup Provider Service/Operational.
.
==== End Of File ===========================
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » August 30th, 2012, 5:33 am

Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » August 30th, 2012, 7:14 pm

I ran everything as suggested. I did run into an issue though. I could not locate Norton Anti spyware to disable it. I have Norton Security Suite installed. I disabled everything on its control panel but still received a message stating anti spyware was still active. Hope this will not be an issue. Anyway, here are the results.

ComboFix 12-08-30.05 - Doogs 08/30/2012 18:18:55.2.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2484 [GMT -4:00]
Running from: c:\users\Doogs\Desktop\ComboFix.exe
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\OApps\bhO.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-30 )))))))))))))))))))))))))))))))
.
.
2012-08-30 22:30 . 2012-08-30 22:30 -------- d-----w- c:\users\Mcx1-DOOGS-PC\AppData\Local\temp
2012-08-30 22:30 . 2012-08-30 22:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 12:58 . 2012-08-27 12:58 -------- d-----w- c:\users\Doogs\.smplayer
2012-08-27 06:44 . 2012-08-27 06:44 -------- d-----w- C:\NBRT
2012-08-27 01:50 . 2012-08-27 01:54 -------- d-----w- c:\users\Doogs\AppData\Local\NPE
2012-08-27 01:45 . 2012-08-27 12:56 -------- d-----w- c:\users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-25 00:53 . 2012-08-25 00:53 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-25 00:53 . 2012-08-25 00:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-25 00:17 . 2012-08-25 00:17 -------- d-----w- C:\extensions
2012-08-25 00:16 . 2012-08-30 17:54 -------- d-----w- c:\program files (x86)\OApps
2012-08-23 20:08 . 2012-08-20 05:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Symantec
2012-08-23 17:12 . 2012-08-23 17:12 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-23 17:11 . 2012-08-23 17:24 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-23 16:36 . 2012-08-23 16:41 -------- d-----w- c:\users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36 . 2012-08-23 16:36 -------- d-----w- c:\programdata\IsolatedStorage
2012-08-23 16:35 . 2012-08-30 22:08 -------- d-----w- c:\users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34 . 2011-07-05 14:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-08-23 16:34 . 2011-07-05 14:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-08-23 16:34 . 2011-07-05 14:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-08-23 16:34 . 2011-07-05 14:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-08-23 16:34 . 2009-06-12 20:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-08-23 16:34 . 2011-07-05 14:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-08-23 16:34 . 2011-07-05 14:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\programdata\GID
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\program files (x86)\SFT
2012-08-23 16:33 . 2012-08-23 16:35 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-08-23 16:33 . 2012-08-23 16:33 -------- d-----w- c:\programdata\White Sky, Inc
2012-08-07 22:32 . 2012-08-07 22:32 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 22:31 . 2012-08-07 22:31 -------- d-----w- C:\6921b639b95d1e44ce9a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:01 . 2011-03-13 15:10 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 09:52 . 2012-07-06 09:52 81920 ----a-w- c:\windows\SysWow64\JNIBSI21.dll
2012-07-06 09:52 . 2012-07-06 09:52 21999 ----a-w- c:\windows\SysWow64\xsi.zip
2012-07-06 09:52 . 2012-07-06 09:52 87040 ----a-w- c:\windows\SysWow64\aspcom.dll
2012-07-06 09:52 . 2012-07-06 09:52 321536 ----a-w- c:\windows\SysWow64\asphat32.dll
2012-07-06 09:52 . 2012-07-06 09:52 9728 ----a-w- c:\windows\SysWow64\aijnipiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 225792 ----a-w- c:\windows\SysWow64\aipingui.dll
2012-07-06 09:52 . 2012-07-06 09:52 106496 ----a-w- c:\windows\SysWow64\acwpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 257536 ----a-w- c:\windows\SysWow64\acpkcs201-en6.dll
2012-07-06 09:52 . 2012-07-06 09:52 239104 ----a-w- c:\windows\SysWow64\acpkcs211.dll
2012-07-06 09:52 . 2012-07-06 09:52 50688 ----a-w- c:\windows\SysWow64\acpivapi.dll
2012-07-06 09:52 . 2012-07-06 09:52 237056 ----a-w- c:\windows\SysWow64\acpkcs201.dll
2012-07-06 09:52 . 2012-07-06 09:52 102400 ----a-w- c:\windows\SysWow64\acpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 188416 ----a-w- c:\windows\SysWow64\acpicom.dll
2012-07-06 09:52 . 2012-07-06 09:52 172032 ----a-w- c:\windows\SysWow64\acpimeta.dll
2012-07-06 09:52 . 2012-07-06 09:52 655360 ----a-w- c:\windows\SysWow64\aclibeay.dll
2012-07-06 09:52 . 2012-07-06 09:52 169984 ----a-w- c:\windows\SysWow64\acomx.dll
2012-07-06 09:52 . 2012-07-06 09:52 118784 ----a-w- c:\windows\SysWow64\aclog.dll
2012-07-06 09:52 . 2012-07-06 09:52 423936 ----a-w- c:\windows\SysWow64\acjvscv2.dll
2012-07-06 09:52 . 2012-07-06 09:52 111616 ----a-w- c:\windows\SysWow64\ackpbsc.dll
2012-07-06 09:52 . 2012-07-06 09:52 104960 ----a-w- c:\windows\SysWow64\acjscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 39424 ----a-w- c:\windows\SysWow64\acfscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 370688 ----a-w- c:\windows\SysWow64\acflex8.dll
2012-07-06 09:52 . 2012-07-06 09:52 334848 ----a-w- c:\windows\SysWow64\acjavasc.dll
2012-07-06 09:52 . 2012-07-06 09:52 311296 ----a-w- c:\windows\SysWow64\acjscpiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 297512 ----a-w- c:\windows\SysWow64\acexchex.dll
2012-07-06 09:52 . 2012-07-06 09:52 281600 ----a-w- c:\windows\SysWow64\acflex16.dll
2012-07-06 09:52 . 2012-07-06 09:52 100864 ----a-w- c:\windows\SysWow64\acevtsub.dll
2012-07-06 09:52 . 2012-07-06 09:52 29696 ----a-w- c:\windows\SysWow64\acerrmes.dll
2012-07-06 09:52 . 2012-07-06 09:52 230912 ----a-w- c:\windows\SysWow64\accsp.dll
2012-07-06 09:52 . 2012-07-06 09:52 98304 ----a-w- c:\windows\SysWow64\acbsij.dll
2012-07-06 09:52 . 2012-07-06 09:52 141824 ----a-w- c:\windows\SysWow64\acbsi21.dll
2012-07-06 09:52 . 2012-07-06 09:52 119808 ----a-w- c:\windows\SysWow64\acbsiprov.dll
2012-07-03 19:35 . 2012-05-13 23:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-03 19:35 . 2012-05-13 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-03 19:32 . 2012-05-15 23:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-03 19:32 . 2012-05-15 23:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-03 17:46 . 2012-05-18 20:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 06:37 . 2012-05-15 23:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-14 06:36 . 2012-05-15 23:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-14 06:24 . 2012-05-13 23:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-12 17:53 . 2012-05-13 23:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-09 05:30 . 2012-07-12 20:10 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-12 20:10 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-12 20:10 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-12 20:10 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-12 20:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-28 06:01 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-28 06:01 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-28 06:01 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-28 06:01 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-28 06:01 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-28 06:01 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-28 06:01 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-28 06:00 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-28 06:00 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-12 20:10 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-12 20:10 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-12 20:10 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-12 20:10 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-12 20:10 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-12 20:10 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-12 20:10 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-12 20:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-12 20:10 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"accrdsub"="c:\program files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [2012-07-06 294440]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-08-25 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files (x86)\ActivIdentity\ActivClient\acsagent.exe [2012-7-6 130864]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-3 6530160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-11-12 69376]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120829.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 accoca;ActivClient Middleware Service;c:\program files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-07-06 188456]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-08-03 66160]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-28 7877120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-28 285696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-23 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
2012-08-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.net/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{462be121-2b54-4218-bf00-b9bf8135b23f} - (no file)
BHO-{7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{88C7F2AA-F93F-432C-8F0E-B7D85967A527} - (no file)
WebBrowser-{462BE121-2B54-4218-BF00-B9BF8135B23F} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Completion time: 2012-08-30 18:38:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-30 22:38
.
Pre-Run: 1,052,839,936 bytes free
Post-Run: 1,266,524,160 bytes free
.
- - End Of File - - 51E214B51F0203E01AD75DCCC267C213


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Doogs at 19:04:42 on 2012-08-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2312 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net/
mStart Page = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\2375942554037383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\34C6162796F6E6 : DhcpNameServer = 10.10.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\47D6F62696C656 : DhcpNameServer = 66.94.9.120 66.94.25.120
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F627371353 : DhcpNameServer = 216.199.0.132 216.199.46.11
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F6273773 : DhcpNameServer = 216.199.0.132 216.199.46.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
BHO-X64: DefaultTabBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120829.001\IDSviA64.sys [2012-8-29 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 accoca;ActivClient Middleware Service;C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-7-6 188456]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-1-7 868896]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-3 66160]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-23 138272]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-17 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-08-30 22:32:09 -------- d-----w- C:\$RECYCLE.BIN
2012-08-30 16:19:43 98816 ----a-w- C:\Windows\sed.exe
2012-08-30 16:19:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-30 16:19:43 256000 ----a-w- C:\Windows\PEV.exe
2012-08-30 16:19:43 208896 ----a-w- C:\Windows\MBR.exe
2012-08-27 12:58:25 -------- d-----w- C:\Users\Doogs\.smplayer
2012-08-27 06:44:05 -------- d-----w- C:\NBRT
2012-08-27 01:50:19 -------- d-----w- C:\Users\Doogs\AppData\Local\NPE
2012-08-27 01:45:10 -------- d-----w- C:\Users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53:23 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-25 00:53:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-25 00:53:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-25 00:17:13 -------- d-----w- C:\extensions
2012-08-25 00:16:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-08-23 20:08:56 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03:38 9309624 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-08-23 20:03:35 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-23 17:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-23 17:34:06 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:17:21 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-23 17:17:20 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-23 17:17:20 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-23 17:17:20 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-23 17:17:20 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-23 17:17:20 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-23 17:17:20 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-23 17:16:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
2012-08-23 17:12:36 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Symantec
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-23 17:11:31 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-08-23 17:11:29 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-08-23 17:11:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-23 16:36:55 -------- d-----w- C:\Users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-08-23 16:35:06 -------- d-----w- C:\Users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34:37 29288 ------w- C:\Windows\System32\drivers\gidv2.sys
2012-08-23 16:34:21 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll
2012-08-23 16:34:21 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL
2012-08-23 16:34:21 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll
2012-08-23 16:34:21 109064 ------w- C:\Windows\System32\EasyHook64.dll
2012-08-23 16:34:20 206608 ------w- C:\Windows\System32\GIDBIN1.DLL
2012-08-23 16:34:20 102160 ------w- C:\Windows\System32\GIDBIN3.DLL
2012-08-23 16:34:06 -------- d-----w- C:\ProgramData\GID
2012-08-23 16:34:02 -------- d-----w- C:\Program Files (x86)\SFT
2012-08-23 16:33:27 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-08-23 16:33:01 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-08-07 22:32:31 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-07 22:31:42 -------- d-----w- C:\6921b639b95d1e44ce9a
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec
2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:25:51 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:37:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:05:54.41 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2011 1:44:15 AM
System Uptime: 8/30/2012 6:31:05 PM (1 hours ago)
.
Motherboard: Gateway | | SJV52_DN
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | Socket S1G4 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 1.27 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
Acrobat.com
ActivClient CAC 6.1 x86
Adobe AIR
Adobe Reader 9.4.5 MUI
Advertising Center
Apple Application Support
Apple Software Update
Backup Manager Basic
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBR Reader
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink PowerDVD 9
D3DX10
DBsign Web Signer
Diablo III
DVDFab 8.0.8.5 (19/03/2011)
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Earth Plug-in
Google Update Helper
GuardedID
Identity Card
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavFit98A
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Security Suite
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
System Requirements Lab CYRI
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
Video Web Camera
vShare.tv plugin 1.2
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
8/30/2012 6:37:46 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/30/2012 6:31:35 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/30/2012 6:30:44 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/30/2012 6:30:29 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/30/2012 6:05:37 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
8/30/2012 1:54:35 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/28/2012 1:22:18 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
8/27/2012 11:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Doogs-pc\Doogs SID (S-1-5-21-3395922177-2533720202-2998458525-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/26/2012 7:40:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/26/2012 7:40:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/26/2012 7:40:51 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2012 3:07:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/25/2012 12:56:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
8/23/2012 4:05:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.133.47.0).
8/23/2012 4:00:48 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer KEVINM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{0624C947-A454-4511-9D13-E61BF7223884}. The master browser is stopping or an election is being forced.
8/23/2012 12:44:31 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.4 did not allow the name to be claimed by this computer.
8/23/2012 12:35:33 PM, Error: Service Control Manager [7030] - The CGPS Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/23/2012 12:20:21 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 10.0.0.3. The computer with the IP address 10.0.0.5 did not allow the name to be claimed by this computer.
8/23/2012 10:51:55 AM, Error: BROWSER [8020] - The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.
8/23/2012 1:32:35 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-HomeGroup Provider Service/Operational.
.
==== End Of File ===========================
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » September 1st, 2012, 3:40 am

Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
DDS::
BHO: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
TB: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File
BHO-X64: {7F6AFBF1-E065-4627-A2FD-810366367D01} - No File
TB-X64: {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - No File



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.4 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


If you don't need Java it's highly recommended that you uninstall it. Let me know if you absolutely need to have it installed.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » September 1st, 2012, 7:44 pm

He are the reports you asked for.


ComboFix 12-08-31.08 - Doogs 09/01/2012 10:21:09.3.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.2202 [GMT -4:00]
Running from: c:\users\Doogs\Desktop\ComboFix.exe
Command switches used :: c:\users\Doogs\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-01 to 2012-09-01 )))))))))))))))))))))))))))))))
.
.
2012-09-01 14:33 . 2012-09-01 14:33 -------- d-----w- c:\users\Mcx1-DOOGS-PC\AppData\Local\temp
2012-09-01 14:33 . 2012-09-01 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-27 12:58 . 2012-08-27 12:58 -------- d-----w- c:\users\Doogs\.smplayer
2012-08-27 06:44 . 2012-08-27 06:44 -------- d-----w- C:\NBRT
2012-08-27 01:50 . 2012-08-27 01:54 -------- d-----w- c:\users\Doogs\AppData\Local\NPE
2012-08-27 01:45 . 2012-08-27 12:56 -------- d-----w- c:\users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-25 00:53 . 2012-08-25 00:53 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-25 00:53 . 2012-08-25 00:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-25 00:17 . 2012-08-25 00:17 -------- d-----w- C:\extensions
2012-08-25 00:16 . 2012-08-30 17:54 -------- d-----w- c:\program files (x86)\OApps
2012-08-23 20:08 . 2012-08-20 05:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Symantec
2012-08-23 17:12 . 2012-08-23 17:12 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-23 17:11 . 2012-08-23 17:24 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-23 16:36 . 2012-08-23 16:41 -------- d-----w- c:\users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36 . 2012-08-23 16:36 -------- d-----w- c:\programdata\IsolatedStorage
2012-08-23 16:35 . 2012-08-30 22:33 -------- d-----w- c:\users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34 . 2011-07-05 14:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-08-23 16:34 . 2011-07-05 14:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-08-23 16:34 . 2011-07-05 14:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-08-23 16:34 . 2011-07-05 14:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-08-23 16:34 . 2009-06-12 20:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-08-23 16:34 . 2011-07-05 14:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-08-23 16:34 . 2011-07-05 14:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\programdata\GID
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\program files (x86)\SFT
2012-08-23 16:33 . 2012-08-23 16:35 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-08-23 16:33 . 2012-08-23 16:33 -------- d-----w- c:\programdata\White Sky, Inc
2012-08-07 22:32 . 2012-08-07 22:32 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 22:31 . 2012-08-07 22:31 -------- d-----w- C:\6921b639b95d1e44ce9a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:01 . 2011-03-13 15:10 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 09:52 . 2012-07-06 09:52 81920 ----a-w- c:\windows\SysWow64\JNIBSI21.dll
2012-07-06 09:52 . 2012-07-06 09:52 21999 ----a-w- c:\windows\SysWow64\xsi.zip
2012-07-06 09:52 . 2012-07-06 09:52 87040 ----a-w- c:\windows\SysWow64\aspcom.dll
2012-07-06 09:52 . 2012-07-06 09:52 321536 ----a-w- c:\windows\SysWow64\asphat32.dll
2012-07-06 09:52 . 2012-07-06 09:52 9728 ----a-w- c:\windows\SysWow64\aijnipiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 225792 ----a-w- c:\windows\SysWow64\aipingui.dll
2012-07-06 09:52 . 2012-07-06 09:52 106496 ----a-w- c:\windows\SysWow64\acwpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 257536 ----a-w- c:\windows\SysWow64\acpkcs201-en6.dll
2012-07-06 09:52 . 2012-07-06 09:52 239104 ----a-w- c:\windows\SysWow64\acpkcs211.dll
2012-07-06 09:52 . 2012-07-06 09:52 50688 ----a-w- c:\windows\SysWow64\acpivapi.dll
2012-07-06 09:52 . 2012-07-06 09:52 237056 ----a-w- c:\windows\SysWow64\acpkcs201.dll
2012-07-06 09:52 . 2012-07-06 09:52 102400 ----a-w- c:\windows\SysWow64\acpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 188416 ----a-w- c:\windows\SysWow64\acpicom.dll
2012-07-06 09:52 . 2012-07-06 09:52 172032 ----a-w- c:\windows\SysWow64\acpimeta.dll
2012-07-06 09:52 . 2012-07-06 09:52 655360 ----a-w- c:\windows\SysWow64\aclibeay.dll
2012-07-06 09:52 . 2012-07-06 09:52 169984 ----a-w- c:\windows\SysWow64\acomx.dll
2012-07-06 09:52 . 2012-07-06 09:52 118784 ----a-w- c:\windows\SysWow64\aclog.dll
2012-07-06 09:52 . 2012-07-06 09:52 423936 ----a-w- c:\windows\SysWow64\acjvscv2.dll
2012-07-06 09:52 . 2012-07-06 09:52 111616 ----a-w- c:\windows\SysWow64\ackpbsc.dll
2012-07-06 09:52 . 2012-07-06 09:52 104960 ----a-w- c:\windows\SysWow64\acjscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 39424 ----a-w- c:\windows\SysWow64\acfscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 370688 ----a-w- c:\windows\SysWow64\acflex8.dll
2012-07-06 09:52 . 2012-07-06 09:52 334848 ----a-w- c:\windows\SysWow64\acjavasc.dll
2012-07-06 09:52 . 2012-07-06 09:52 311296 ----a-w- c:\windows\SysWow64\acjscpiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 297512 ----a-w- c:\windows\SysWow64\acexchex.dll
2012-07-06 09:52 . 2012-07-06 09:52 281600 ----a-w- c:\windows\SysWow64\acflex16.dll
2012-07-06 09:52 . 2012-07-06 09:52 100864 ----a-w- c:\windows\SysWow64\acevtsub.dll
2012-07-06 09:52 . 2012-07-06 09:52 29696 ----a-w- c:\windows\SysWow64\acerrmes.dll
2012-07-06 09:52 . 2012-07-06 09:52 230912 ----a-w- c:\windows\SysWow64\accsp.dll
2012-07-06 09:52 . 2012-07-06 09:52 98304 ----a-w- c:\windows\SysWow64\acbsij.dll
2012-07-06 09:52 . 2012-07-06 09:52 141824 ----a-w- c:\windows\SysWow64\acbsi21.dll
2012-07-06 09:52 . 2012-07-06 09:52 119808 ----a-w- c:\windows\SysWow64\acbsiprov.dll
2012-07-03 19:35 . 2012-05-13 23:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-03 19:35 . 2012-05-13 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-03 19:32 . 2012-05-15 23:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-03 19:32 . 2012-05-15 23:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-03 17:46 . 2012-05-18 20:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 06:37 . 2012-05-15 23:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-14 06:36 . 2012-05-15 23:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-14 06:24 . 2012-05-13 23:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-12 17:53 . 2012-05-13 23:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-09 05:30 . 2012-07-12 20:10 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-12 20:10 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-12 20:10 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-12 20:10 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-12 20:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-30_22.32.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-01 14:34 . 2012-09-01 14:34 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-30 22:30 . 2012-08-30 22:30 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2009-07-14 04:54 . 2012-09-01 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-01 14:35 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 11:44 . 2012-08-30 22:33 47532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-30 22:33 48428 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-07 06:45 . 2012-08-30 22:33 13346 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3395922177-2533720202-2998458525-1000_UserData.bin
+ 2011-01-07 15:47 . 2012-09-01 14:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-07 15:47 . 2012-08-30 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-07 15:47 . 2012-08-30 22:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-01-07 15:47 . 2012-09-01 14:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-01 14:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-30 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 06:48 . 2012-09-01 14:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-07 06:48 . 2012-09-01 14:37 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:48 . 2012-09-01 14:37 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-07 06:50 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 06:50 . 2012-09-01 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 06:50 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:50 . 2012-09-01 15:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-09-01 14:34 . 2012-09-01 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 22:31 . 2012-08-30 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 22:31 . 2012-08-30 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-01 14:34 . 2012-09-01 14:34 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-01 14:35 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-07 14:37 . 2012-09-01 04:51 337644 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-08-30 22:07 624864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 14:39 624864 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-09-01 14:39 106950 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-30 22:07 106950 c:\windows\system32\perfc009.dat
- 2011-03-20 22:29 . 2012-08-30 22:30 443976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-20 22:29 . 2012-09-01 14:34 443976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 05:01 . 2012-08-30 22:30 256692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-09-01 14:34 256692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-08-30 22:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-01 14:48 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"accrdsub"="c:\program files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [2012-07-06 294440]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-08-25 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files (x86)\ActivIdentity\ActivClient\acsagent.exe [2012-7-6 130864]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-3 6530160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-11-12 69376]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120831.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 accoca;ActivClient Middleware Service;c:\program files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-07-06 188456]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-08-03 66160]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-28 7877120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-28 285696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-23 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
2012-09-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.net/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Completion time: 2012-09-01 11:11:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-01 15:11
ComboFix2.txt 2012-08-30 22:38
.
Pre-Run: 995,360,768 bytes free
Post-Run: 949,788,672 bytes free
.
- - End Of File - - E90F3C39231B29A6AA66A02CAC80D290


ESET:

C:\Qoobox\Quarantine\C\Program Files (x86)\OApps\bhO.dll.vir a variant of Win32/Adware.Facetheme.D application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo application
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe a variant of Win32/Toolbar.Zugo application


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385
Run by Doogs at 19:06:42 on 2012-09-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1921 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe
C:\Program Files (x86)\SFT\GuardedID\GIDD.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ActivIdentity\ActivClient\acevents.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11a_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://att.net/
mStart Page = hxxp://www.google.com
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ACTIVC~1.LNK - C:\Program Files (x86)\ActivIdentity\ActivClient\acsagent.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.co ... .5.1.0.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\2375942554037383 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\255637964656E63656F594E6E6 : DhcpNameServer = 4.2.2.1
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\34C6162796F6E6 : DhcpNameServer = 10.10.10.1 8.8.8.8 8.8.4.4
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\47D6F62696C656 : DhcpNameServer = 66.94.9.120 66.94.25.120
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F627371353 : DhcpNameServer = 216.199.0.132 216.199.46.11
TCP: Interfaces\{0624C947-A454-4511-9D13-E61BF7223884}\8686F6E6F6273773 : DhcpNameServer = 216.199.0.132 216.199.46.11
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.1.730.1\NativeBHO.dll
BHO-X64: Constant Guard Protection Suite (COM) - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\coIEPlg.dll
mRun-x64: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [accrdsub] "C:\Program Files (x86)\ActivIdentity\ActivClient\accrdsub.exe"
mRun-x64: [GIDDesktop] C:\Program Files (x86)\SFT\GuardedID\gidd.exe /s
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-6-18 1161376]
R1 ccSet_N360;Norton Security Suite Settings Manager;C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys --> C:\Windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [?]
R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120831.001\IDSviA64.sys [2012-8-31 512672]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS --> C:\Windows\system32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 accoca;ActivClient Middleware Service;C:\Program Files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-7-6 188456]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-2-26 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-1-7 868896]
R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-8-3 66160]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\6.3.0.14\ccsvchst.exe [2012-8-23 138272]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-6-28 255744]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-8-13 3064000]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-9-17 243232]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-23 138912]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-5-3 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 S3XXx64;SCR3xx USB SmartCardReader64;C:\Windows\system32\DRIVERS\S3XXx64.sys --> C:\Windows\system32\DRIVERS\S3XXx64.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2012-09-01 19:35:23 -------- d-----w- C:\Program Files (x86)\ESET
2012-09-01 19:31:02 -------- d-----w- C:\Program Files (x86)\Foxit Software
2012-09-01 15:07:43 -------- d-----w- C:\$RECYCLE.BIN
2012-08-30 16:19:43 98816 ----a-w- C:\Windows\sed.exe
2012-08-30 16:19:43 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-30 16:19:43 256000 ----a-w- C:\Windows\PEV.exe
2012-08-30 16:19:43 208896 ----a-w- C:\Windows\MBR.exe
2012-08-27 12:58:25 -------- d-----w- C:\Users\Doogs\.smplayer
2012-08-27 06:44:05 -------- d-----w- C:\NBRT
2012-08-27 01:50:19 -------- d-----w- C:\Users\Doogs\AppData\Local\NPE
2012-08-27 01:45:10 -------- d-----w- C:\Users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53:23 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2012-08-25 00:53:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2012-08-25 00:53:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-08-25 00:17:13 -------- d-----w- C:\extensions
2012-08-25 00:16:29 -------- d-----w- C:\Program Files (x86)\OApps
2012-08-23 20:08:56 9309624 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03:38 9309624 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll
2012-08-23 20:03:35 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-08-23 17:34:51 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2012-08-23 17:34:06 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:17:21 405624 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symnets.sys
2012-08-23 17:17:20 737952 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtsp64.sys
2012-08-23 17:17:20 451192 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\symds64.sys
2012-08-23 17:17:20 37536 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\srtspx64.sys
2012-08-23 17:17:20 190072 ----a-r- C:\Windows\System32\drivers\N360x64\0603000.00E\ironx64.sys
2012-08-23 17:17:20 167072 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\ccsetx64.sys
2012-08-23 17:17:20 1129120 ----a-w- C:\Windows\System32\drivers\N360x64\0603000.00E\symefa64.sys
2012-08-23 17:16:52 -------- d-----w- C:\Windows\System32\drivers\N360x64\0603000.00E
2012-08-23 17:12:36 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Symantec
2012-08-23 17:12:36 -------- d-----w- C:\Program Files\Common Files\Symantec Shared
2012-08-23 17:11:31 -------- d-----w- C:\Windows\System32\drivers\N360x64
2012-08-23 17:11:29 -------- d-----w- C:\Program Files (x86)\Norton Security Suite
2012-08-23 17:11:22 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2012-08-23 16:36:55 -------- d-----w- C:\Users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36:55 -------- d-----w- C:\ProgramData\IsolatedStorage
2012-08-23 16:35:06 -------- d-----w- C:\Users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34:37 29288 ------w- C:\Windows\System32\drivers\gidv2.sys
2012-08-23 16:34:21 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll
2012-08-23 16:34:21 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL
2012-08-23 16:34:21 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll
2012-08-23 16:34:21 109064 ------w- C:\Windows\System32\EasyHook64.dll
2012-08-23 16:34:20 206608 ------w- C:\Windows\System32\GIDBIN1.DLL
2012-08-23 16:34:20 102160 ------w- C:\Windows\System32\GIDBIN3.DLL
2012-08-23 16:34:06 -------- d-----w- C:\ProgramData\GID
2012-08-23 16:34:02 -------- d-----w- C:\Program Files (x86)\SFT
2012-08-23 16:33:27 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite
2012-08-23 16:33:01 -------- d-----w- C:\ProgramData\White Sky, Inc
2012-08-07 22:32:31 -------- d-----w- C:\Windows\System32\EventProviders
2012-08-07 22:31:42 -------- d-----w- C:\6921b639b95d1e44ce9a
.
==================== Find3M ====================
.
2012-07-18 17:31:12 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-07-04 22:01:38 58880 ----a-w- C:\Windows\System32\browcli.dll
2012-07-04 22:01:38 136704 ----a-w- C:\Windows\System32\browser.dll
2012-07-04 21:23:55 41472 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-27 07:03:25 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-06-27 06:59:12 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2012-06-27 06:03:21 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-27 06:01:19 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2012-06-27 05:41:43 482816 ----a-w- C:\Windows\System32\html.iec
2012-06-27 04:58:58 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-27 04:53:25 386048 ----a-w- C:\Windows\SysWow64\html.iec
2012-06-27 04:19:51 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-16 05:25:51 609792 ----a-w- C:\Windows\System32\vbscript.dll
2012-06-16 04:37:51 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
.
============= FINISH: 19:08:08.84 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 3/7/2011 1:44:15 AM
System Uptime: 9/1/2012 10:34:36 AM (9 hours ago)
.
Motherboard: Gateway | | SJV52_DN
Processor: AMD Phenom(tm) II N830 Triple-Core Processor | Socket S1G4 | 798/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 1.818 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP122: 9/1/2012 3:27:05 PM - Removed MSXML 4.0 SP2 (KB973688)
.
==== Installed Programs ======================
.
Acrobat.com
ActivClient CAC 6.1 x86
Adobe AIR
Advertising Center
Apple Application Support
Apple Software Update
Backup Manager Basic
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CBR Reader
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
Constant Guard Protection Suite
CyberLink PowerDVD 9
D3DX10
DBsign Web Signer
Diablo III
DVDFab 8.0.8.5 (19/03/2011)
ESET Online Scanner v3
Foxit Reader
Gateway InfoCentre
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Earth Plug-in
Google Update Helper
GuardedID
Identity Card
ImagXpress
Internet TV for Windows Media Center
Java Auto Updater
Java(TM) 6 Update 26
Junk Mail filter update
Launch Manager
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010
Microsoft Office Click-to-Run 2010
Microsoft Office Starter 2010 - English
Microsoft Office XP Professional with FrontPage
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
NavFit98A
Nero 9 Essentials
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero Express Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
Nero StartSmart OEM
NeroExpress
neroxml
Norton Security Suite
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
Realtek HDMI Audio Driver for ATI
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RealUpgrade 1.1
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Skype Click to Call
Skype™ 5.10
System Requirements Lab CYRI
Times Reader
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Veetle TV 0.9.18
Video Web Camera
vShare.tv plugin 1.2
Welcome Center
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Xvid Video Codec
Yahoo! Detect
.
==== Event Viewer Messages From Past Week ========
.
9/1/2012 10:35:02 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
9/1/2012 10:34:15 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
9/1/2012 10:33:43 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
9/1/2012 10:13:24 AM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).
8/31/2012 7:08:04 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
8/30/2012 1:54:35 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/28/2012 1:22:18 AM, Error: volsnap [35] - The shadow copies of volume C: were aborted because the shadow copy storage failed to grow.
8/27/2012 11:14:14 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user Doogs-pc\Doogs SID (S-1-5-21-3395922177-2533720202-2998458525-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
8/26/2012 7:40:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
8/26/2012 7:40:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
8/26/2012 7:40:51 PM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/25/2012 3:07:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
8/25/2012 12:56:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/25/2012 12:55:51 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
.
==== End Of File ===========================
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » September 2nd, 2012, 8:03 am

Hi,

Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Image

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log. Is the original problem still present?
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » September 2nd, 2012, 8:16 pm

Hi,
It seems the original problem has been taken care of. Here is the log you asked for.

Once again. Thanks for your help,
Kevin

ComboFix 12-08-31.08 - Doogs 09/02/2012 10:31:35.4.3 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3835.1922 [GMT -4:00]
Running from: c:\users\Doogs\Desktop\ComboFix.exe
Command switches used :: c:\users\Doogs\Desktop\CFScript.txt
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe"
"c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5\updater-startnow-200-2.5-d[1].exe"
"c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA\updater-startnow-200-2.5-d[1].exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-02 15:52 . 2012-09-02 15:52 -------- d-----w- c:\users\Mcx1-DOOGS-PC\AppData\Local\temp
2012-09-02 15:52 . 2012-09-02 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-01 23:49 . 2012-09-01 23:49 -------- d-----w- c:\users\Doogs\AppData\Roaming\Foxit Software
2012-09-01 19:35 . 2012-09-01 19:35 -------- d-----w- c:\program files (x86)\ESET
2012-09-01 19:31 . 2012-09-01 19:31 -------- d-----w- c:\program files (x86)\Foxit Software
2012-08-27 12:58 . 2012-08-27 12:58 -------- d-----w- c:\users\Doogs\.smplayer
2012-08-27 06:44 . 2012-08-27 06:44 -------- d-----w- C:\NBRT
2012-08-27 01:50 . 2012-08-27 01:54 -------- d-----w- c:\users\Doogs\AppData\Local\NPE
2012-08-27 01:45 . 2012-08-27 12:56 -------- d-----w- c:\users\Doogs\AppData\Local\LogMeIn Rescue Applet
2012-08-25 00:53 . 2012-08-25 00:53 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2012-08-25 00:53 . 2012-08-25 00:53 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-08-25 00:53 . 2012-08-25 00:53 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-08-25 00:17 . 2012-08-25 00:17 -------- d-----w- C:\extensions
2012-08-25 00:16 . 2012-08-30 17:54 -------- d-----w- c:\program files (x86)\OApps
2012-08-23 20:08 . 2012-08-20 05:53 9309624 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DC06A156-673B-4409-AF7A-8E068FCDF0C9}\mpengine.dll
2012-08-23 20:03 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-08-23 17:34 . 2012-08-23 17:34 -------- d-----w- C:\N360_BACKUP
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Symantec
2012-08-23 17:12 . 2012-08-23 17:12 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-08-23 17:12 . 2012-08-23 17:12 -------- d-----w- c:\program files\Common Files\Symantec Shared
2012-08-23 17:11 . 2012-08-23 17:24 -------- d-----w- c:\windows\system32\drivers\N360x64
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\Norton Security Suite
2012-08-23 17:11 . 2012-08-23 17:11 -------- d-----w- c:\program files (x86)\NortonInstaller
2012-08-23 16:36 . 2012-08-23 16:41 -------- d-----w- c:\users\Doogs\AppData\Local\ID Vault
2012-08-23 16:36 . 2012-08-23 16:36 -------- d-----w- c:\programdata\IsolatedStorage
2012-08-23 16:35 . 2012-09-01 15:08 -------- d-----w- c:\users\Doogs\AppData\Roaming\ID Vault
2012-08-23 16:34 . 2011-07-05 14:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys
2012-08-23 16:34 . 2011-07-05 14:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll
2012-08-23 16:34 . 2011-07-05 14:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL
2012-08-23 16:34 . 2011-07-05 14:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll
2012-08-23 16:34 . 2009-06-12 20:32 109064 ------w- c:\windows\system32\EasyHook64.dll
2012-08-23 16:34 . 2011-07-05 14:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL
2012-08-23 16:34 . 2011-07-05 14:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\programdata\GID
2012-08-23 16:34 . 2012-08-23 16:34 -------- d-----w- c:\program files (x86)\SFT
2012-08-23 16:33 . 2012-08-23 16:35 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite
2012-08-23 16:33 . 2012-08-23 16:33 -------- d-----w- c:\programdata\White Sky, Inc
2012-08-07 22:32 . 2012-08-07 22:32 -------- d-----w- c:\windows\system32\EventProviders
2012-08-07 22:31 . 2012-08-07 22:31 -------- d-----w- C:\6921b639b95d1e44ce9a
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-16 07:01 . 2011-03-13 15:10 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 09:52 . 2012-07-06 09:52 81920 ----a-w- c:\windows\SysWow64\JNIBSI21.dll
2012-07-06 09:52 . 2012-07-06 09:52 21999 ----a-w- c:\windows\SysWow64\xsi.zip
2012-07-06 09:52 . 2012-07-06 09:52 87040 ----a-w- c:\windows\SysWow64\aspcom.dll
2012-07-06 09:52 . 2012-07-06 09:52 321536 ----a-w- c:\windows\SysWow64\asphat32.dll
2012-07-06 09:52 . 2012-07-06 09:52 9728 ----a-w- c:\windows\SysWow64\aijnipiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 225792 ----a-w- c:\windows\SysWow64\aipingui.dll
2012-07-06 09:52 . 2012-07-06 09:52 106496 ----a-w- c:\windows\SysWow64\acwpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 257536 ----a-w- c:\windows\SysWow64\acpkcs201-en6.dll
2012-07-06 09:52 . 2012-07-06 09:52 239104 ----a-w- c:\windows\SysWow64\acpkcs211.dll
2012-07-06 09:52 . 2012-07-06 09:52 50688 ----a-w- c:\windows\SysWow64\acpivapi.dll
2012-07-06 09:52 . 2012-07-06 09:52 237056 ----a-w- c:\windows\SysWow64\acpkcs201.dll
2012-07-06 09:52 . 2012-07-06 09:52 102400 ----a-w- c:\windows\SysWow64\acpipint.dll
2012-07-06 09:52 . 2012-07-06 09:52 188416 ----a-w- c:\windows\SysWow64\acpicom.dll
2012-07-06 09:52 . 2012-07-06 09:52 172032 ----a-w- c:\windows\SysWow64\acpimeta.dll
2012-07-06 09:52 . 2012-07-06 09:52 655360 ----a-w- c:\windows\SysWow64\aclibeay.dll
2012-07-06 09:52 . 2012-07-06 09:52 169984 ----a-w- c:\windows\SysWow64\acomx.dll
2012-07-06 09:52 . 2012-07-06 09:52 118784 ----a-w- c:\windows\SysWow64\aclog.dll
2012-07-06 09:52 . 2012-07-06 09:52 423936 ----a-w- c:\windows\SysWow64\acjvscv2.dll
2012-07-06 09:52 . 2012-07-06 09:52 111616 ----a-w- c:\windows\SysWow64\ackpbsc.dll
2012-07-06 09:52 . 2012-07-06 09:52 104960 ----a-w- c:\windows\SysWow64\acjscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 39424 ----a-w- c:\windows\SysWow64\acfscrfs.dll
2012-07-06 09:52 . 2012-07-06 09:52 370688 ----a-w- c:\windows\SysWow64\acflex8.dll
2012-07-06 09:52 . 2012-07-06 09:52 334848 ----a-w- c:\windows\SysWow64\acjavasc.dll
2012-07-06 09:52 . 2012-07-06 09:52 311296 ----a-w- c:\windows\SysWow64\acjscpiv.dll
2012-07-06 09:52 . 2012-07-06 09:52 297512 ----a-w- c:\windows\SysWow64\acexchex.dll
2012-07-06 09:52 . 2012-07-06 09:52 281600 ----a-w- c:\windows\SysWow64\acflex16.dll
2012-07-06 09:52 . 2012-07-06 09:52 100864 ----a-w- c:\windows\SysWow64\acevtsub.dll
2012-07-06 09:52 . 2012-07-06 09:52 29696 ----a-w- c:\windows\SysWow64\acerrmes.dll
2012-07-06 09:52 . 2012-07-06 09:52 230912 ----a-w- c:\windows\SysWow64\accsp.dll
2012-07-06 09:52 . 2012-07-06 09:52 98304 ----a-w- c:\windows\SysWow64\acbsij.dll
2012-07-06 09:52 . 2012-07-06 09:52 141824 ----a-w- c:\windows\SysWow64\acbsi21.dll
2012-07-06 09:52 . 2012-07-06 09:52 119808 ----a-w- c:\windows\SysWow64\acbsiprov.dll
2012-07-03 19:35 . 2012-05-13 23:43 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2012-07-03 19:35 . 2012-05-13 23:42 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-07-03 19:32 . 2012-05-15 23:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-07-03 19:32 . 2012-05-15 23:28 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-07-03 17:46 . 2012-05-18 20:49 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-14 06:37 . 2012-05-15 23:29 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-06-14 06:36 . 2012-05-15 23:28 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-06-14 06:24 . 2012-05-13 23:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-06-12 17:53 . 2012-05-13 23:42 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-09 05:30 . 2012-07-12 20:10 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-12 20:10 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-12 20:10 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-12 20:10 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-12 20:10 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-30_22.32.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-09-02 15:53 . 2012-09-02 15:53 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-08-30 22:30 . 2012-08-30 22:30 13585 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-09-02 22:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-02 22:32 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-17 11:44 . 2012-08-30 22:33 47532 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-09-01 15:09 48484 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-07 06:45 . 2012-09-01 15:09 13488 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3395922177-2533720202-2998458525-1000_UserData.bin
- 2011-01-07 15:47 . 2012-08-30 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-07 15:47 . 2012-09-02 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-07 15:47 . 2012-09-02 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-01-07 15:47 . 2012-08-30 22:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-30 22:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-02 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:48 . 2012-09-02 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-09-02 15:56 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-07 06:48 . 2012-09-02 15:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-07 06:48 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:48 . 2012-09-02 15:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-07 06:50 . 2012-09-03 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-03-07 06:50 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-07 06:50 . 2012-09-03 00:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-03-07 06:50 . 2012-08-30 22:32 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-08-30 22:31 . 2012-08-30 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-09-02 15:54 . 2012-09-02 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-30 22:31 . 2012-08-30 22:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-09-02 15:54 . 2012-09-02 15:54 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 04:54 . 2012-08-30 22:31 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-09-02 22:32 212992 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-03-07 14:37 . 2012-09-02 14:17 337930 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-09-02 15:58 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-30 22:07 624864 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-30 22:07 106950 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-09-02 15:58 106950 c:\windows\system32\perfc009.dat
+ 2011-03-20 22:29 . 2012-09-02 15:53 443976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-03-20 22:29 . 2012-08-30 22:30 443976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-09-02 15:53 256692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-30 22:30 256692 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:45 . 2012-08-16 07:28 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-09-02 15:56 3801160 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 02:34 . 2012-08-30 22:15 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2012-09-02 16:54 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2010-06-28 258304]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-28 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-10 975952]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"accrdsub"="c:\program files (x86)\ActivIdentity\ActivClient\accrdsub.exe" [2012-07-06 294440]
"GIDDesktop"="c:\program files (x86)\SFT\GuardedID\gidd.exe" [2011-07-05 395528]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-08-25 296096]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ActivClient Agent.lnk - c:\program files (x86)\ActivIdentity\ActivClient\acsagent.exe [2012-7-6 130864]
Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2012-8-3 6530160]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 S3XXx64;SCR3xx USB SmartCardReader64;c:\windows\system32\DRIVERS\S3XXx64.sys [2010-11-12 69376]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-09 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 GREGService;GREGService;c:\program files (x86)\Gateway\Registration\GREGsvc.exe [2010-01-08 23584]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0603000.00E\SYMDS64.SYS [2011-08-16 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0603000.00E\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\BASHDefs\20120823.007\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_N360;Norton Security Suite Settings Manager;c:\windows\system32\drivers\N360x64\0603000.00E\ccSetx64.sys [2012-06-07 167072]
S1 GIDv2;GIDv2; [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.0.0.145\Definitions\IPSDefs\20120831.001\IDSvia64.sys [2012-08-22 512672]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0603000.00E\Ironx64.SYS [2011-11-17 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\N360x64\0603000.00E\SYMNETS.SYS [2011-11-17 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 accoca;ActivClient Middleware Service;c:\program files (x86)\ActivIdentity\ActivClient\accoca.exe [2012-07-06 188456]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-28 203264]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-10 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2012-08-03 66160]
S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe [2012-06-16 138272]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
S2 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-28 7877120]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-28 285696]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-09-24 116752]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-23 138912]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-04-13 135560]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-04-28 38528]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]
2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-04 02:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Gateway\Gateway Power Management\ePowerTray.exe" [2010-06-11 861216]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://att.net/
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\N360]
"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\6.3.0.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\ActivIdentity\ActivClient\acevents.exe
.
**************************************************************************
.
Completion time: 2012-09-02 20:09:54 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 00:09
ComboFix2.txt 2012-09-01 15:11
ComboFix3.txt 2012-08-30 22:38
.
Pre-Run: 1,867,046,912 bytes free
Post-Run: 1,812,467,712 bytes free
.
- - End Of File - - 7FBEEA0BF7BF61B85C79D67140C8E34C
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » September 3rd, 2012, 1:02 am

Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.


Now lets uninstall ComboFix:
  • Click START then RUN
  • Now copy-paste Combofix /uninstall in the runbox and click OK


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade 8)
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » September 4th, 2012, 8:43 pm

Hi,
I finished up the steps from your last post a you instructed. As for the current state of my computer, the only issue I seem to be having now is I frequently get IE not responding on web pages and after a minute or two it works again. I restarted the computer and opened a few different pages with the same reult. It seems like the pages take longer to fully load as well.
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » September 5th, 2012, 1:24 am

Hi,

Does it occur like that on every web page?

How much free space do you have on your hard drive there? If the space amount is low compared to the whole capacity then it's recommended to free up some. Also, defragging the hard drive is recommended.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby doogs695 » September 7th, 2012, 8:50 pm

It is happening on most pages. I am maxed out on hd space. I will move some of the stuff over to an external and see if that helps.

Thanks again
doogs695
Active Member
 
Posts: 9
Joined: August 27th, 2012, 10:49 am
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby Blade81 » September 8th, 2012, 4:38 pm

Hi,

If that doesn't help you may try to uninstall Constant Guard Security Suite. It may be behind odd browser behaviour.
User avatar
Blade81
Admin/Teacher
Admin/Teacher
 
Posts: 5245
Joined: July 17th, 2006, 3:36 am
Location: Finland
Top

Re: Please help infected with "ib.adnxs.com"

Unread postby deltalima » September 19th, 2012, 2:41 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Top
Advertisement
Register to Remove
Topic locked
  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 139 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index