Jump to content

Redirects testing my patience and sanity


kram63

Recommended Posts

Having an issue with redirects, have run my Norton, and Malware without any success. Ready to cry...

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7633

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

9/1/2011 9:41:48 PM

mbam-log-2011-09-01 (21-41-48).txt

Scan type: Quick scan

Objects scanned: 179611

Time elapsed: 8 minute(s), 6 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by andy at 21:45:14 on 2011-09-01

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1890 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/

uSearch Bar = Preserve

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-2625u

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe

uRun: [Facebook Update] "C:\Users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide

mRun: [eRecoveryService]

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6F77A4E8-495F-4ED9-B943-36BBB4F85FEA} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO-X64: XFINITY Toolbar - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

BHO-X64: Updater For XFIN_PORTAL - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll

TB-X64: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

mRun-x64: [eRecoveryService]

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]

R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110831.030\IDSviA64.sys [2011-9-1 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-7-18 62536]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-30 366640]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-7-25 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-9-1 120248]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-9-1 126392]

R3 AuviUADFilter;Microtune USB Audio Filter Driver;C:\Windows\system32\DRIVERS\AuviUADFilter64.sys --> C:\Windows\system32\DRIVERS\AuviUADFilter64.sys [?]

R3 AuviUATV;AuviUATV NTSC Capture Device;C:\Windows\system32\DRIVERS\AuviUATV64.sys --> C:\Windows\system32\DRIVERS\AuviUATV64.sys [?]

R3 AuviUDTV;AuviUDTV ATSC Capture Device;C:\Windows\system32\DRIVERS\AuviUDTV64.sys --> C:\Windows\system32\DRIVERS\AuviUDTV64.sys [?]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-30 136824]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 ABP_InstallCheckerService;ABP_InstallCheckerService;C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe --> C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Roaming\Tific

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Local\Tific

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\0200080.00D

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64

2011-09-01 16:53:54 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup

2011-09-01 12:53:05 -------- d-----w- C:\Users\andy\AppData\Local\HTC

2011-09-01 12:53:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Teleca

2011-09-01 12:50:37 -------- d-----w- C:\ProgramData\HTC

2011-09-01 12:50:25 -------- d-----w- C:\ProgramData\Teleca

2011-09-01 12:50:25 -------- d-----w- C:\Program Files (x86)\Common Files\Teleca Shared

2011-09-01 12:46:49 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2011-09-01 12:46:22 -------- d-----w- C:\Program Files (x86)\HTC

2011-08-31 06:33:55 -------- d-----w- C:\Program Files (x86)\Common Files\scanner

2011-08-31 06:33:53 -------- d-----w- C:\Program Files (x86)\comcasttb

2011-08-31 06:33:39 -------- d-----w- C:\Program Files (x86)\CA

2011-08-31 06:33:23 -------- d-----w- C:\Windows\Downloaded Installations

2011-08-31 06:32:21 -------- d-----w- C:\Program Files (x86)\xfin_portal

2011-08-31 06:18:19 -------- d-----w- C:\Users\andy\AppData\Local\ID Vault

2011-08-31 06:18:19 -------- d-----w- C:\ProgramData\IsolatedStorage

2011-08-31 06:17:14 -------- d-----w- C:\Users\andy\AppData\Roaming\ID Vault

2011-08-31 06:16:46 29288 ------w- C:\Windows\System32\drivers\gidv2.sys

2011-08-31 06:16:37 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll

2011-08-31 06:16:37 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL

2011-08-31 06:16:37 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll

2011-08-31 06:16:37 206608 ------w- C:\Windows\System32\GIDBIN1.DLL

2011-08-31 06:16:37 109064 ------w- C:\Windows\System32\EasyHook64.dll

2011-08-31 06:16:37 102160 ------w- C:\Windows\System32\GIDBIN3.DLL

2011-08-31 06:16:27 -------- d-----w- C:\ProgramData\GID

2011-08-31 06:16:16 -------- d-----w- C:\Program Files (x86)\SFT

2011-08-31 06:15:43 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2011-08-31 06:15:08 -------- d-----w- C:\ProgramData\White Sky, Inc

2011-08-31 03:24:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Malwarebytes

2011-08-31 03:23:46 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-31 03:23:44 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-31 03:23:40 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-31 03:23:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-30 18:30:47 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-08-30 16:37:57 -------- d-----w- C:\Users\andy\AppData\Local\ElevatedDiagnostics

2011-08-27 00:45:27 -------- d-----w- C:\Users\andy\AppData\Roaming\Ustream Producer

2011-08-27 00:43:36 -------- d-----w- C:\Program Files (x86)\Ustream

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-23 17:03:54 -------- d-----w- C:\Users\andy\AppData\Local\Facebook

2011-08-11 07:30:58 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-08-11 07:30:58 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-11 01:25:18 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:09 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-08-11 01:25:04 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-08-11 01:24:44 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-10 12:47:06 -------- d-----w- C:\Program Files (x86)\Vuze

2011-08-10 12:46:56 -------- d-----w- C:\Program Files (x86)\Conduit

2011-08-10 12:46:46 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-08-10 12:46:40 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2011-08-09 01:05:39 -------- d-----w- C:\Users\andy\AppData\Roaming\MSPS

2011-08-09 01:05:22 -------- d-----w- C:\ProgramData\MTexturedStyles

2011-08-09 01:05:13 -------- d-----w- C:\Users\andy\AppData\Roaming\MeldaProduction MAutoEqualizer

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Steinberg

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\MeldaProduction

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Common Files\VST3

.

==================== Find3M ====================

.

2011-07-26 02:11:07 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-07-05 14:25:38 66328 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll

2011-07-05 14:24:32 398608 ----a-w- C:\Windows\SysWow64\GIDHook.dll

2011-07-05 14:23:48 102160 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll

2011-07-05 14:23:30 173840 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll

.

============= FINISH: 21:47:54.53 ===============

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the contents of C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

Link to post
Share on other sites

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by andy at 20:02:38 on 2011-09-05

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1902 [GMT -4:00]

.

AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Ati2evxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Ati2evxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe

C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe

C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

C:\Windows\ehome\ehtray.exe

C:\Users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe

C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpy.exe

C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\notepad.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10o_ActiveX.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.facebook.com/

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-2625u

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

uRun: [iSUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [Facebook Update] "C:\Users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [ComcastAntispyClient] "C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" /hide

mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{6F77A4E8-495F-4ED9-B943-36BBB4F85FEA} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - C:\Program Files (x86)\SFT\GuardedID\gidi.exe /v

BHO-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

BHO-X64: XFINITY Toolbar - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\IPS\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Constant Guard Protection Suite (COM): {B84CDBE7-1B46-494B-A188-01D4C52DEB61} - C:\Program Files (x86)\Constant Guard Protection Suite\NativeBHO.dll

BHO-X64: Constant Guard Protection Suite (COM) - No File

BHO-X64: Updater For XFIN_PORTAL: {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - C:\Program Files (x86)\xfin_portal\auxi\comcastAu.dll

BHO-X64: Updater For XFIN_PORTAL - No File

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\coIEPlg.dll

TB-X64: Armada Custom Toolbar: {29c0f5ff-3564-46bc-9f4a-50c73f426486} - C:\Program Files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB-X64: XFINITY Toolbar: {4b9bcce8-a70b-402a-a7e1-db96831ee26f} - C:\Program Files (x86)\xfin_portal\comcastdx.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB-X64: {F29557FD-78AA-40E6-ABA8-9FA219764018} - No File

mRun-x64: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [?]

R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [?]

R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-8-15 1151096]

R1 GIDv2;GIDv2;C:\Windows\system32\drivers\GIDv2.sys --> C:\Windows\system32\drivers\GIDv2.sys [?]

R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110902.030\IDSviA64.sys [2011-9-2 488568]

R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [?]

R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [?]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 21504]

R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]

R2 ETService;Empowering Technology Service;C:\Program Files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-10-30 24576]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]

R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-8-31 62536]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-30 366640]

R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe [2011-7-25 130008]

R2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2011-9-1 120248]

R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2011-9-1 126392]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-8-30 136824]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]

R3 O2MDRDR;O2MDRDR;C:\Windows\system32\DRIVERS\o2mdx64.sys --> C:\Windows\system32\DRIVERS\o2mdx64.sys [?]

R3 O2SDRDR;O2SDRDR;C:\Windows\system32\DRIVERS\o2sdx64.sys --> C:\Windows\system32\DRIVERS\o2sdx64.sys [?]

R3 pnetmdm;PdaNet Modem;C:\Windows\system32\DRIVERS\pnetmdm64.sys --> C:\Windows\system32\DRIVERS\pnetmdm64.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]

S2 ABP_InstallCheckerService;ABP_InstallCheckerService;C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe --> C:\Users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 AuviUADFilter;Microtune USB Audio Filter Driver;C:\Windows\system32\DRIVERS\AuviUADFilter64.sys --> C:\Windows\system32\DRIVERS\AuviUADFilter64.sys [?]

S3 AuviUATV;AuviUATV NTSC Capture Device;C:\Windows\system32\DRIVERS\AuviUATV64.sys --> C:\Windows\system32\DRIVERS\AuviUATV64.sys [?]

S3 AuviUDTV;AuviUDTV ATSC Capture Device;C:\Windows\system32\DRIVERS\AuviUDTV64.sys --> C:\Windows\system32\DRIVERS\AuviUDTV64.sys [?]

S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-8-25 136176]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]

S3 Ph3xIB64;Philips 713x Inbox PCI TV Card;C:\Windows\system32\DRIVERS\Ph3xIB64.sys --> C:\Windows\system32\DRIVERS\Ph3xIB64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-24 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2011-09-05 23:57:19 -------- d-----w- C:\Users\andy\AppData\Local\temp

2011-09-05 13:10:41 518144 ----a-w- C:\Windows\SWREG.exe

2011-09-05 13:10:41 256000 ----a-w- C:\Windows\PEV.exe

2011-09-05 13:10:41 208896 ----a-w- C:\Windows\MBR.exe

2011-09-05 13:10:40 98816 ----a-w- C:\Windows\sed.exe

2011-09-03 00:43:38 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{EFF5A451-FE47-42FE-9D70-D9E95C95049B}\mpengine.dll

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Roaming\Tific

2011-09-01 16:54:26 -------- d-----w- C:\Users\andy\AppData\Local\Tific

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64\0200080.00D

2011-09-01 16:53:57 -------- d-----w- C:\Windows\System32\drivers\NortonPCCheckupx64

2011-09-01 16:53:54 -------- d-----w- C:\Program Files (x86)\Norton PC Checkup

2011-09-01 12:53:05 -------- d-----w- C:\Users\andy\AppData\Local\HTC

2011-09-01 12:53:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Teleca

2011-09-01 12:50:37 -------- d-----w- C:\ProgramData\HTC

2011-09-01 12:50:25 -------- d-----w- C:\ProgramData\Teleca

2011-09-01 12:50:25 -------- d-----w- C:\Program Files (x86)\Common Files\Teleca Shared

2011-09-01 12:46:49 -------- d-----w- C:\Program Files (x86)\Spirent Communications

2011-09-01 12:46:22 -------- d-----w- C:\Program Files (x86)\HTC

2011-08-31 06:33:55 -------- d-----w- C:\Program Files (x86)\Common Files\scanner

2011-08-31 06:33:53 -------- d-----w- C:\Program Files (x86)\comcasttb

2011-08-31 06:33:39 -------- d-----w- C:\Program Files (x86)\CA

2011-08-31 06:33:23 -------- d-----w- C:\Windows\Downloaded Installations

2011-08-31 06:32:21 -------- d-----w- C:\Program Files (x86)\xfin_portal

2011-08-31 06:18:19 -------- d-----w- C:\Users\andy\AppData\Local\ID Vault

2011-08-31 06:18:19 -------- d-----w- C:\ProgramData\IsolatedStorage

2011-08-31 06:17:14 -------- d-----w- C:\Users\andy\AppData\Roaming\ID Vault

2011-08-31 06:16:46 29288 ------w- C:\Windows\System32\drivers\gidv2.sys

2011-08-31 06:16:37 65816 ------w- C:\Windows\System32\GIDLogonCP64.dll

2011-08-31 06:16:37 467224 ------w- C:\Windows\System32\GIDHOOK64.DLL

2011-08-31 06:16:37 446752 ------w- C:\Windows\System32\GIDHookLogon64.dll

2011-08-31 06:16:37 206608 ------w- C:\Windows\System32\GIDBIN1.DLL

2011-08-31 06:16:37 109064 ------w- C:\Windows\System32\EasyHook64.dll

2011-08-31 06:16:37 102160 ------w- C:\Windows\System32\GIDBIN3.DLL

2011-08-31 06:16:27 -------- d-----w- C:\ProgramData\GID

2011-08-31 06:16:16 -------- d-----w- C:\Program Files (x86)\SFT

2011-08-31 06:15:43 -------- d-----w- C:\Program Files (x86)\Constant Guard Protection Suite

2011-08-31 06:15:08 -------- d-----w- C:\ProgramData\White Sky, Inc

2011-08-31 03:24:03 -------- d-----w- C:\Users\andy\AppData\Roaming\Malwarebytes

2011-08-31 03:23:46 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-31 03:23:44 -------- d-----w- C:\ProgramData\Malwarebytes

2011-08-31 03:23:40 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-08-31 03:23:40 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-08-30 18:30:47 -------- d-----w- C:\Program Files (x86)\Eusing Free Registry Cleaner

2011-08-30 16:37:57 -------- d-----w- C:\Users\andy\AppData\Local\ElevatedDiagnostics

2011-08-27 00:45:27 -------- d-----w- C:\Users\andy\AppData\Roaming\Ustream Producer

2011-08-27 00:43:36 -------- d-----w- C:\Program Files (x86)\Ustream

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-08-27 00:40:02 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2011-08-23 20:27:55 2048 ----a-w- C:\Windows\System32\tzres.dll

2011-08-23 17:03:54 -------- d-----w- C:\Users\andy\AppData\Local\Facebook

2011-08-11 07:30:58 1389056 ----a-w- C:\Windows\System32\wininet.dll

2011-08-11 07:30:58 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll

2011-08-11 01:25:18 451072 ----a-w- C:\Windows\System32\winsrv.dll

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:15 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:25:09 275456 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys

2011-08-11 01:25:04 1427344 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2011-08-11 01:24:44 4699536 ----a-w- C:\Windows\System32\ntoskrnl.exe

2011-08-10 12:47:06 -------- d-----w- C:\Program Files (x86)\Vuze

2011-08-10 12:46:56 -------- d-----w- C:\Program Files (x86)\Conduit

2011-08-10 12:46:46 -------- d-----w- C:\Program Files (x86)\ConduitEngine

2011-08-10 12:46:40 -------- d-----w- C:\Program Files (x86)\Vuze_Remote

2011-08-09 01:05:39 -------- d-----w- C:\Users\andy\AppData\Roaming\MSPS

2011-08-09 01:05:22 -------- d-----w- C:\ProgramData\MTexturedStyles

2011-08-09 01:05:13 -------- d-----w- C:\Users\andy\AppData\Roaming\MeldaProduction MAutoEqualizer

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Steinberg

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\MeldaProduction

2011-08-09 01:05:13 -------- d-----w- C:\Program Files\Common Files\VST3

.

==================== Find3M ====================

.

2011-07-26 02:11:07 174200 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS

2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll

2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll

2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2011-07-05 22:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2011-07-05 14:25:38 66328 ----a-w- C:\Windows\SysWow64\SysEventMenu.dll

2011-07-05 14:24:32 398608 ----a-w- C:\Windows\SysWow64\GIDHook.dll

2011-07-05 14:23:48 102160 ----a-w- C:\Windows\SysWow64\GIDBIN3.dll

2011-07-05 14:23:30 173840 ----a-w- C:\Windows\SysWow64\GIDBIN1.dll

.

============= FINISH: 20:04:38.25 ===============

ComboFix 11-09-05.02 - andy 09/05/2011 9:24.1.2 - x64

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3837.1599 [GMT -4:00]

Running from: c:\users\andy\Downloads\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\andy\Documents\401k.xlr

c:\windows\SysWow64\comct332.ocx

D:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2011-08-05 to 2011-09-05 )))))))))))))))))))))))))))))))

.

.

2011-09-05 18:20 . 2011-09-05 23:45 -------- d-----w- c:\users\andy\AppData\Local\temp

2011-09-05 18:20 . 2011-09-05 18:20 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-09-03 00:43 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EFF5A451-FE47-42FE-9D70-D9E95C95049B}\mpengine.dll

2011-09-01 16:54 . 2011-09-01 16:56 -------- d-----w- c:\users\andy\AppData\Local\Tific

2011-09-01 16:54 . 2011-09-01 16:54 -------- d-----w- c:\users\andy\AppData\Roaming\Tific

2011-09-01 16:53 . 2011-09-01 16:53 -------- d-----w- c:\windows\system32\drivers\NortonPCCheckupx64

2011-09-01 16:53 . 2011-09-01 16:54 -------- d-----w- c:\program files (x86)\Norton PC Checkup

2011-09-01 12:53 . 2011-09-01 12:53 -------- d-----w- c:\users\andy\AppData\Local\HTC

2011-09-01 12:53 . 2011-09-01 12:55 -------- d-----w- c:\users\andy\AppData\Roaming\Teleca

2011-09-01 12:50 . 2011-09-01 12:50 -------- d-----w- c:\programdata\HTC

2011-09-01 12:50 . 2011-09-01 12:50 -------- d-----w- c:\program files (x86)\Common Files\Teleca Shared

2011-09-01 12:50 . 2011-09-01 12:50 -------- d-----w- c:\programdata\Teleca

2011-09-01 12:46 . 2011-09-01 12:46 -------- d-----w- c:\program files (x86)\Spirent Communications

2011-09-01 12:46 . 2011-09-01 12:50 -------- d-----w- c:\program files (x86)\HTC

2011-08-31 06:33 . 2011-08-31 06:33 -------- d-----w- c:\program files (x86)\Common Files\scanner

2011-08-31 06:33 . 2011-08-31 06:33 -------- d-----w- c:\program files (x86)\comcasttb

2011-08-31 06:33 . 2011-08-31 06:33 -------- d-----w- c:\program files (x86)\CA

2011-08-31 06:33 . 2011-09-01 12:41 -------- d-----w- c:\windows\Downloaded Installations

2011-08-31 06:32 . 2011-08-31 06:34 -------- d-----w- c:\program files (x86)\xfin_portal

2011-08-31 06:18 . 2011-08-31 06:19 -------- d-----w- c:\users\andy\AppData\Local\ID Vault

2011-08-31 06:18 . 2011-08-31 06:18 -------- d-----w- c:\programdata\IsolatedStorage

2011-08-31 06:17 . 2011-08-31 06:29 -------- d-----w- c:\users\andy\AppData\Roaming\ID Vault

2011-08-31 06:16 . 2011-07-05 14:18 29288 ------w- c:\windows\system32\drivers\gidv2.sys

2011-08-31 06:16 . 2011-07-05 14:25 65816 ------w- c:\windows\system32\GIDLogonCP64.dll

2011-08-31 06:16 . 2011-07-05 14:25 467224 ------w- c:\windows\system32\GIDHOOK64.DLL

2011-08-31 06:16 . 2011-07-05 14:24 446752 ------w- c:\windows\system32\GIDHookLogon64.dll

2011-08-31 06:16 . 2011-07-05 14:23 102160 ------w- c:\windows\system32\GIDBIN3.DLL

2011-08-31 06:16 . 2011-07-05 14:23 206608 ------w- c:\windows\system32\GIDBIN1.DLL

2011-08-31 06:16 . 2009-06-12 20:32 109064 ------w- c:\windows\system32\EasyHook64.dll

2011-08-31 06:16 . 2011-08-31 06:16 -------- d-----w- c:\programdata\GID

2011-08-31 06:16 . 2011-08-31 06:16 -------- d-----w- c:\program files (x86)\SFT

2011-08-31 06:15 . 2011-09-02 23:49 -------- d-----w- c:\program files (x86)\Constant Guard Protection Suite

2011-08-31 06:15 . 2011-08-31 06:15 -------- d-----w- c:\programdata\White Sky, Inc

2011-08-31 03:24 . 2011-08-31 03:24 -------- d-----w- c:\users\andy\AppData\Roaming\Malwarebytes

2011-08-31 03:23 . 2011-07-06 23:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys

2011-08-31 03:23 . 2011-08-31 03:23 -------- d-----w- c:\programdata\Malwarebytes

2011-08-31 03:23 . 2011-08-31 03:23 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2011-08-31 03:23 . 2011-07-06 23:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-30 18:30 . 2011-08-30 18:41 -------- d-----w- c:\program files (x86)\Eusing Free Registry Cleaner

2011-08-30 16:37 . 2011-08-30 16:37 -------- d-----w- c:\users\andy\AppData\Local\ElevatedDiagnostics

2011-08-27 00:45 . 2011-08-27 02:10 -------- d-----w- c:\users\andy\AppData\Roaming\Ustream Producer

2011-08-27 00:43 . 2011-08-27 00:43 -------- d-----w- c:\program files (x86)\Ustream

2011-08-27 00:40 . 2011-08-27 00:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2011-08-27 00:40 . 2011-08-27 00:40 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2011-08-27 00:40 . 2011-08-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2011-08-27 00:40 . 2011-08-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2011-08-27 00:40 . 2011-08-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2011-08-27 00:40 . 2011-08-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2011-08-27 00:40 . 2011-08-27 00:39 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2011-08-27 00:38 . 2011-08-27 00:39 -------- d-----w- c:\program files (x86)\QuickTime

2011-08-27 00:35 . 2011-08-27 00:35 -------- d-----w- c:\program files (x86)\Common Files\Apple

2011-08-27 00:35 . 2011-08-27 00:35 -------- d-----w- c:\program files (x86)\Apple Software Update

2011-08-25 16:43 . 2011-08-25 16:43 -------- d-----w- c:\program files\Google

2011-08-23 20:27 . 2011-07-11 13:45 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-23 20:27 . 2011-07-11 13:25 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2011-08-23 17:03 . 2011-08-23 17:04 -------- d-----w- c:\users\andy\AppData\Local\Facebook

2011-08-11 07:30 . 2011-07-22 05:36 1389056 ----a-w- c:\windows\system32\wininet.dll

2011-08-11 07:30 . 2011-07-22 02:48 1126912 ----a-w- c:\windows\SysWow64\wininet.dll

2011-08-11 01:25 . 2011-06-17 16:16 451072 ----a-w- c:\windows\system32\winsrv.dll

2011-08-11 01:25 . 2011-06-06 10:59 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-11 01:25 . 2011-06-06 10:59 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat

2011-08-11 01:25 . 2011-07-06 15:49 275456 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

2011-08-11 01:25 . 2011-06-17 20:14 1427344 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-11 01:24 . 2011-06-20 08:45 4699536 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-10 12:47 . 2011-08-10 12:48 -------- d-----w- c:\program files (x86)\Vuze

2011-08-10 12:46 . 2011-08-10 12:46 -------- d-----w- c:\program files (x86)\Conduit

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\users\andy\AppData\Roaming\MSPS

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\programdata\MTexturedStyles

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\users\andy\AppData\Roaming\MeldaProduction MAutoEqualizer

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\program files\Steinberg

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\program files\MeldaProduction

2011-08-09 01:05 . 2011-08-09 01:05 -------- d-----w- c:\program files\Common Files\VST3

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-07-26 02:11 . 2010-05-05 00:00 174200 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS

2011-07-05 22:37 . 2011-07-05 22:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2011-07-05 22:37 . 2011-07-05 22:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2011-07-05 14:25 . 2011-07-05 14:25 66328 ----a-w- c:\windows\SysWow64\SysEventMenu.dll

2011-07-05 14:24 . 2011-07-05 14:24 398608 ----a-w- c:\windows\SysWow64\GIDHook.dll

2011-07-05 14:23 . 2011-07-05 14:23 102160 ----a-w- c:\windows\SysWow64\GIDBIN3.dll

2011-07-05 14:23 . 2011-07-05 14:23 173840 ----a-w- c:\windows\SysWow64\GIDBIN1.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]

2011-07-18 21:58 99912 ----a-w- c:\program files (x86)\Constant Guard Protection Suite\NativeBHO.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{29c0f5ff-3564-46bc-9f4a-50c73f426486}"= "c:\program files (x86)\armadacustomtoolbar\armadacustomtoolbarX.dll" [2011-04-12 87512]

"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files (x86)\Vuze_Remote\prxtbVuze.dll" [2011-01-17 175912]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{29c0f5ff-3564-46bc-9f4a-50c73f426486}]

.

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"Facebook Update"="c:\users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-08-23 137536]

"ComcastAntispyClient"="c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntispy.exe" [2009-08-19 1589208]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-04-08 231592]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files (x86)\Constant Guard Protection Suite\IDVault.exe [2011-8-31 3507784]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

R2 ABP_InstallCheckerService;ABP_InstallCheckerService;c:\users\andy\AppData\Local\Temp\nseD434.tmp\ABP_InstallChecker.exe [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 136176]

R3 AuviUADFilter;Microtune USB Audio Filter Driver;c:\windows\system32\DRIVERS\AuviUADFilter64.sys [x]

R3 AuviUATV;AuviUATV NTSC Capture Device;c:\windows\system32\DRIVERS\AuviUATV64.sys [x]

R3 AuviUDTV;AuviUDTV ATSC Capture Device;c:\windows\system32\DRIVERS\AuviUDTV64.sys [x]

R3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;c:\windows\system32\drivers\BVRPMPR5a64.SYS [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 136176]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Ph3xIB64;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360x64\0501000.01D\SYMDS64.SYS [x]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360x64\0501000.01D\SYMEFA64.SYS [x]

S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20110812.001\BHDrvx64.sys [2011-07-23 1151096]

S1 GIDv2;GIDv2; [x]

S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20110902.030\IDSvia64.sys [2011-08-23 488568]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360x64\0501000.01D\Ironx64.SYS [x]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360x64\0501000.01D\SYMTDIV.SYS [x]

S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]

S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]

S2 ETService;Empowering Technology Service;c:\program files\GATEWAY\Gateway Recovery Management\Service\ETService.exe [2008-06-11 24576]

S2 IDVaultSvc;CGPS Service;c:\program files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2011-08-31 62536]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 N360;Norton Security Suite;c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe [2011-04-17 130008]

S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\SymcPCCULaunchSvc.exe [2010-11-23 120248]

S2 PCCUJobMgr;Common Client Job Manager Service;c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe [2009-08-24 126392]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-08-20 136824]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]

S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [x]

S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [x]

S3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]

S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Akamai REG_MULTI_SZ Akamai

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-07-05 14:26 435976 ----a-w- c:\program files (x86)\SFT\GuardedID\GIDI.exe

.

Contents of the 'Scheduled Tasks' folder

.

2011-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238327785-1955334240-766275804-1000Core.job

- c:\users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 17:03]

.

2011-09-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2238327785-1955334240-766275804-1000UA.job

- c:\users\andy\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-08-23 17:03]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 16:42]

.

2011-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-25 16:42]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 1021488]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.facebook.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=2&o=vp64&d=1008&m=m-2625u

mLocal Page = c:\windows\system32\blank.htm

TCP: DhcpNameServer = 192.168.1.1

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe

Wow6432Node-HKLM-Run-eRecoveryService - (no file)

SafeBoot-mcmscsvc

SafeBoot-MCODS

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{F29557FD-78AA-40E6-ABA8-9FA219764018} - (no file)

AddRemove-{2460923D-1AA6-47FE-A375-76308780D20F} - c:\program files (x86)\InstallShield Installation Information\{2460923D-1AA6-47FE-A375-76308780D20F}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"

--

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCCUJobMgr]

"ImagePath"="\"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\ccSvcHst.exe\" /s \"PCCUJobMgr\" /m \"c:\program files (x86)\Norton PC Checkup\Engine\2.0.8.13\diMaster.dll\" /prefetch:1"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\08\03\0a\0c0\14 "

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe

c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

c:\windows\SysWOW64\DllHost.exe

.

**************************************************************************

.

Completion time: 2011-09-05 19:57:11 - machine was rebooted

ComboFix-quarantined-files.txt 2011-09-05 23:57

.

Pre-Run: 7,206,408,192 bytes free

Post-Run: 7,022,661,632 bytes free

.

- - End Of File - - 0EA458EFD4A98BD7A226C19C03AC8797

Here are the logs, I didn't attach zipfile as suggested by combofix, you didn't indicate it was required. Let me know if it is necessary. Thanks again.

Link to post
Share on other sites

  • Staff

What attachment are you referring to??

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

Results of screen317's Security Check version 0.99.18

Windows Vista (UAC is enabled)

Out of date service pack!!

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

ESET Online Scanner v3

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

Java 6 Update 18

Out of date Java installed!

Adobe Flash Player 10.3.181.14

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

Malwarebytes' Anti-Malware mbamservice.exe

Malwarebytes' Anti-Malware mbamgui.exe

system32 OnlineCmdLineScanner.exe -?-

``````````End of Log````````````

The redirect issue APPEARS to have stopped...not sure if we did it or not, if we did, THANK YOU!

Link to post
Share on other sites

I was wrong, the redirect issue still exists, when I launched my browser it immediately went to the redirect site. Additionally, should I remove all the downloads and scanners from my desktop WHEN we resolve this? Also, in anticipation of you suggesting it, I downloaded Defogger and disabled that also, should I have done that? and when will it be appropriate to enable it?

Link to post
Share on other sites

additonal notes:

I have updated my Java. As well as two Windows updates that were recommended.

Prior to this issue I had both IE and Firefox on my system, have since uninstalled Firefox thinking it slowed my system. Redirect issue arrived weeks after Firefox removal.

I am redirected when I attempt to go to Microsoft, Symantec, Google, Bing, FB etc... I use Ask.com to search Malware and these other sites and then follow the links to access the pages.

When I click on links you provide in posts, I get generic page saying "unable to load/find page" "diagnose connection"

I have System Restore, I suspect using this to remedy will not resolve issue.

I also think that if I uninstall IE and reinstall updated version it also will not have positive results.

Patiently waiting for direction.

Thank You for your help and assistance.

Link to post
Share on other sites

  • Staff

Hi,

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Link to post
Share on other sites

Hi,

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Ok, going to try this now, I will let you know the results in about 15 minutes. Thanks again.

Link to post
Share on other sites

Hi,

1. Very important: First disconnect your computers from the Internet.

2. Router Reset: Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into the small hole labeled Reset located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 30 seconds).

3. Reset the IP/DNS settings of your Internet connection on each computer connected:

  • Go to Start -> Control Panel -> Double click on Network Connections.
  • Right click on your default connection (usually Local Area Connection or Wireless Network Connection) and select Properties.
  • Select the General tab.
  • Double click on Internet Protocol (TCP/IP).
    • Under General tab:
      • Select "Obtain an IP address automatically".
      • Select "Obtain DNS server address automatically".

    [*]Click OK twice to save the settings.

    [*]Reboot if you had to change any setting.

4. Flush the DNS cache:

  • Click the Start logo in the bottom left corner of the screen
  • Click on Run
  • In the command window copy/paste the following:
    ipconfig /flushdns


  • Then hit enter.
  • Exit the command window.

5. Reconnect: Once you have followed all the above steps you can reconnect your computer to the internet.

Chris:

Thank you very much for all your time and help, it has been 18 hours and the issue is gone. There remains the matter of the downloads used to remedy, and I also disabled CD emulators with the Defogger, what steps should I do to complete this process? Do you have any further recommendations for keeping my system safe from these particular types of situations?

Is there a method of showing my appreciation for the help by contributing to the forum/group?

Thanks again,

Mark

Link to post
Share on other sites

  • Staff

Hi,

Great news!

Let's clean up what we've done.

Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstall

This uninstalls all of ComboFix's components.

Delete SecurityCheck.

After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program(s) (if present):

ESET Online Scanner v3

Java™ 6 Update 18

Adobe Reader

Adobe Flash Player 10.3.181.14

Restart your computer.

Get the latest version of Java, Adobe Reader, and Adobe Flash Player.

Next, it is absolutely essential that you upgrade to Windows Vista Service Pack 2. What you currently have has vulnerabilities that leave you wide open for re-infection. To upgrade, please click Start, type in Windows Update, click Windows Update, then download all available critical updates, including Service Pack 2 and Internet Explorer 9.

Let me know how that goes and if there were any issues updating.

We would much rather you purchase the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place!

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.