Jump to content

redirects prevalent with toolbar ad-ons


kram63

Recommended Posts

Have noticed several discussions about re-directs. I am being repeatedly re-directed when I launch my browser, instead of my designated homepage (FB) I am redirected to a site called partner12.mydomainadvisor, which I believe is associated with an Ad Revenue site. Facebook is not the only page that is getting redirected and it is becoming more prevalent. In other posts, I've noticed the terms DDS, which I am unfamiliar with along with MBAM, which I figure to be Malwarbytes Anti-Malware software. I would appreciate any guidance and direction in resolving this issue.

Patiently waiting.

Link to post
Share on other sites

Thanks for helping, here is the MBAM and DDS, the DDS is from the other day as I can't even click on the links or get to the bleeping site without the redirect issue.

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7647

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

9/3/2011 9:48:36 PM

mbam-log-2011-09-03 (21-48-36).txt

Scan type: Quick scan

Objects scanned: 180334

Time elapsed: 9 minute(s), 47 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by andy at 21:45:14 on 2011-09-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1890 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/

uSearch Bar = Preserve

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-2625u

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [Facebook Update] "C:\Users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide

mRun: [eRecoveryService]

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6F77A4E8-495F-4ED9-B943-36BBB4F85FEA} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO-X64: XFINITY Toolbar - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

BHO-X64: Updater For XFIN_PORTAL - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

mRun-x64: [eRecoveryService]

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]

R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110831.030\IDSviA64.sys [2011-9-1 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-7-18 62536]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-30 366640]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-7-25 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-9-1 120248]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-9-1 126392]

R3 AuviUADFilter;Microtune USB Audio Filter Driver;C:\Windows\system32\DRIVERS\AuviUADFilter64.sys --> C:\Windows\system32\DRIVERS\AuviUADFilter64.sys [?]

R3 AuviUATV;AuviUATV NTSC Capture Device;C:\Windows\system32\DRIVERS\AuviUATV64.sys --> C:\Windows\system32\DRIVERS\AuviUATV64.sys [?]

R3 AuviUDTV;AuviUDTV ATSC Capture Device;C:\Windows\system32\DRIVERS\AuviUDTV64.sys --> C:\Windows\system32\DRIVERS\AuviUDTV64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-30 136824]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 ABP_InstallCheckerService;ABP_InstallCheckerService;C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe --> C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Roaming\Tific

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Local\Tific

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\0200080.00D

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64

2011-09-01 16:53:54 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup

2011-09-01 12:53:05 -------- d-----w- C:\Users\andy\AppData\Local\HTC

2011-09-01 12:53:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Teleca

2011-09-01 12:50:37 -------- d-----w- C:\ProgramData\HTC

2011-09-01 12:50:25 -------- d-----w- C:\ProgramData\Teleca

2011-09-01 12:50:25 -------- d-----w- C:\Program Files (x86)\Common Files\Teleca Shared

2011-09-01 12:46:49 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2011-09-01 12:46:22 -------- d-----w- C:\Program Files (x86)\HTC

2011-08-31 06:33:55 -------- d-----w- C:\Program Files (x86)\Common Files\scanner

2011-08-31 06:33:53 -------- d-----w- C:\Program Files (x86)\comcasttb

2011-08-31 06:33:39 -------- d-----w- C:\Program Files (x86)\CA

2011-08-31 06:33:23 -------- d-----w- C:\Windows\Downloaded Installations

2011-08-31 06:32:21 -------- d-----w- C:\Program Files (x86)\xfin_portal

2011-08-31 06:18:19 -------- d-----w- C:\Users\andy\AppData\Local\ID Vault

2011-08-31 06:18:19 -------- d-----w- C:\ProgramData\IsolatedStorage

2011-08-31 06:17:14 -------- d-----w- C:\Users\andy\AppData\Roaming\ID Vault

2011-08-31 06:16:46 29288 ------w- C:\Windows\System32\drivers\gidv2.sys

2011-08-31 06:16:37 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll

2011-08-31 06:16:37 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL

2011-08-31 06:16:37 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll

2011-08-31 06:16:37 206608 ------w- C:\Windows\System32\GIDBIN1.DLL

2011-08-31 06:16:37 109064 ------w- C:\Windows\System32\EasyHook64.dll

2011-08-31 06:16:37 102160 ------w- C:\Windows\System32\GIDBIN3.DLL

2011-08-31 06:16:27 -------- d-----w- C:\ProgramData\GID

2011-08-31 06:16:16 -------- d-----w- C:\Program Files (x86)\SFT

2011-08-31 06:15:43 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2011-08-31 06:15:08 -------- d-----w- C:\ProgramData\White Sky, Inc

2011-08-31 03:24:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Malwarebytes

2011-08-31 03:23:46 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-31 03:23:44 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-31 03:23:40 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-31 03:23:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-30 18:30:47 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-08-30 16:37:57 -------- d-----w- C:\Users\andy\AppData\Local\ElevatedDiagnostics

2011-08-27 00:45:27 -------- d-----w- C:\Users\andy\AppData\Roaming\Ustream Producer

2011-08-27 00:43:36 -------- d-----w- C:\Program Files (x86)\Ustream

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-23 17:03:54 -------- d-----w- C:\Users\andy\AppData\Local\Facebook

2011-08-11 07:30:58 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-08-11 07:30:58 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-11 01:25:18 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:09 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-08-11 01:25:04 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-08-11 01:24:44 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-10 12:47:06 -------- d-----w- C:\Program Files (x86)\Vuze

2011-08-10 12:46:56 -------- d-----w- C:\Program Files (x86)\Conduit

2011-08-10 12:46:46 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-08-10 12:46:40 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2011-08-09 01:05:39 -------- d-----w- C:\Users\andy\AppData\Roaming\MSPS

2011-08-09 01:05:22 -------- d-----w- C:\ProgramData\MTexturedStyles

2011-08-09 01:05:13 -------- d-----w- C:\Users\andy\AppData\Roaming\MeldaProduction MAutoEqualizer

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Steinberg

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\MeldaProduction

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Common Files\VST3

.

==================== Find3M ====================

.

2011-07-26 02:11:07 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-07-05 14:25:38 66328 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll

2011-07-05 14:24:32 398608 ----a-w- C:\Windows\SysWow64\GIDHook.dll

2011-07-05 14:23:48 102160 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll

2011-07-05 14:23:30 173840 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll

.

============= FINISH: 21:47:54.53 ===============

Link to post
Share on other sites

  • Staff

Hi,

Hi and welcome to Malwarebytes.

Please see:

HijackThis Forum Policy

We will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.

It's likely why your issue began in the first place.

This goes for Vuze and anything else you may have installed.

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.